Life of a techno-guru
Script to enable RDP
Today I developed a script that enables RDP on a remote computer. Unfortunately the script was not designed to take alternate credentials when making the connection to WMI, although I may do that at some point. Here's the story on how I came up with it:
This morning, I was planning on installing Exchange onto a test Windows Server at home to experiment with some settings. I popped the CD for Exchange into the drive of the machine, and left for work thinking I was all set to go. Well, the problem is that I installed Windows at the last minute before going to bed last night, so I didn't configure any options, namely, to enable remote desktop connections. So then I get to work, find out that I can't connect to it, and figure that I will simply edit the registry as usual using regedit from one of my other machines. Boy was I wrong; for some reason, regedit wasn't properly taking alternate credentials, so I had no way to connect into the machine. I attempted connecting to the administrative share of the machine, and was successful, so I knew I could at least copy files to it, and also that I had the userID/password right. So then I decide that the only way I'm gonna get on that box is to do something through the command line. As far as I know, there's no way to import a section of the registry with a command-line (although I'm sure there is), but what I do know is that cscript is a command-line interpreter for WSH. So I went ahead and wrote out this script, ran into a couple of problems, fixed 'em, then used psexec from Sysinternals to execute the script using cscript from the command-line. The nice thing about psexec, is that it allows you to submit alternate credentials, and it worked flawlessly. So all in all, it was a bit more effort than was really necessary, but I had no other choice except to be physically in front of the machine. It pays off to know how to script in Windows (and *nix I'm sure), because if you find yourself in a pinch, you've always got a way to get yourself unstuck. So without further to do, here's the script:
NOTE: If you use a utility such as psexec or something else to execute it on a remote machine, to enable it on that machine, simply pass a "." as the argument, which is a substitute for "localhost" basically.
'Author: Trevor Sullivan
'Date: March 30th, 2006
'Purpose: enable remote desktop from a script. This script
'can be used with psexec or other remote command line
'utilities to enable RDP.
'Usage: [cscript | wscript] enableRDP.vbs
set args = Wscript.Arguments
if args.count <> 0 then
wscript.echo "Usage: [cscript] enableRDP.vbs "
strNS = "root\default"
strcls = "stdRegProv"
strConn = "winmgmts:\\" & pcname & "\" & strNS &amp; ":" & strcls
set objWMI = GetObject(strConn)
result = objWMI.SetDWORDValue(,"SYSTEM\CurrentControlSet\Control\Terminal Server","fDenyTSConnections","0")
Starbucks Coffee Break Day
Well, today I stopped into Starbucks before work as usual, and I was kindly told that today, March 15th was the first day that Starbucks is going to host free coffee between the hours of 10am and 12pm! It sounds like a great promotion for them, and I'll bet Starbucks shops nationwide will be packed with people between those hours.
L2TP Tunneling in Windows Server 2003
Well, I'm looking for a method of replacing a Cisco VPN implementation with the built-in Windows Server 2003 Routing and Remote Access service, which provides a secure VPN tunnel end-point. As far as I know, PPTP tunnels are insecure and generally not recommended, so I'm looking for information on how to implement the L2T protocol. From my research so far, I've learned that you must use certificate authentication and encryption; the problem with this, is that I haven't had a lot of experience using digital certificates in Windows (or any o/s for that matter). Once I get some additional information about this, I'll write up a small guide for other system administrators out there that need to get a secure, and more easily managable VPN solution in place. A lot of you out there may ask why I'd like to replace a Cisco PIX VPN solution with a Windows RRAS solution. Well, the primary reason is that Windows is plenty secure when configured properly, and because using Windows authentication for VPN purges the need to manage two separate user databases.
My life of learning various things about technology including network administration, development, and 3D design