[absentmind]

I wrote this to enable Remote Desktop on XP machines & add the domain admin account to the Remote Desktop User Group. However I'm not sure where I'm going wrong with it. When I test it, I get this error:

Quote:

Line: 21
Char: 1
Error: The trust relationship between the primary domain and the trusted domain failed.
Code: 800706FC
Source: (null)

Code:

wbemImpersonationLevelImpersonate = 3
wbemAuthenticationLevelPktPrivacy = 6

strComputer = InputBox ("Target Computer", "Enable Remote Desktop", 
    default, 100, 100)
strUser = InputBox ("Username (DOMAIN\Administrator)",
    "Enable Remote Desktop", default, 100, 100)
strPass = InputBox ("Password", "Enable Remote Desktop",
    default, 100, 100)
strNameSpace = "root\cimv2" 
strClass = "Win32_TerminalServiceSetting"
Const ENABLE_CONNECTIONS = 1
Const DISABLE_CONNECTIONS = 0

Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objService = objLocator.ConnectServer _
    (strComputer, strNameSpace, strUser, strPass)

objService.Security_.ImpersonationLevel = wbemImpersonationLevelImpersonate
objservice.Security_.AuthenticationLevel = wbemAuthenticationLevelPktPrivacy

Set objGroup = GetObject("WinNT://" & strComputer & "/Remote Desktop Users")
Set objUser = GetObject("WinNT://" & strUser & "")
objGroup.Add(objUser.ADsPath)

Set colClass = objSWbemServices.ExecQuery("Select * from " & strClass)
For Each objTing in colClass
   errAngivelse = objTing.SetAllowTSConnections(ENABLE_CONNECTIONS)
Next

If errAngivelse = 0 THEN
   Call MsgBox ("Succesfully enabled on " & strComputer & ".    ", 64,
        "Enable Remote Desktop")
Else
   Call MsgBox ("Could not enable on " & strComputer & ".    ", 64,
        "Enable Remote Desktop")
End If

[Squashman]

Why aren't you just enabling Remote Desktop thru a policy. Seems like the easiest way to do it.

[absentmind]

My Network Admin & I don't get along

[absentmind]

OK I got it working, just thought I'd share... have to be logged in as the domain admin to make it work. Won't work accross trusted domains either. Remember to change the lcladmin & lcladminpass

Code:

Const wbemImpersonationLevelImpersonate = 3
Const wbemAuthenticationLevelPktPrivacy = 6
Const ENABLE_CONNECTIONS = 1
Const DISABLE_CONNECTIONS = 0

strComputer = InputBox
           ("Target Computer", "Enable Remote Desktop", default, 100, 100)
    If strComputer="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If
strDomain = InputBox ("Domain", "Enable Remote Desktop", default, 100, 100)
    If strDomain="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If
strUser = InputBox ("Username", "Enable Remote Desktop", default, 100, 100)
    If strUser="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If
strPass = InputBox ("Password", "Enable Remote Desktop", default, 100, 100)
    If strPass="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If

strNameSpace = "root\cimv2" 
strClass = "Win32_TerminalServiceSetting"

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer _
    (strComputer, strNameSpace, strUser, strPass)

objSWbemServices.Security_.ImpersonationLevel =
    wbemImpersonationLevelImpersonate
objSWbemServices.Security_.AuthenticationLevel =
    wbemAuthenticationLevelPktPrivacy

Set objGroup = GetObject("WinNT://" & strComputer & "/Remote Desktop Users")
Set objNTProvider = GetObject("WinNT:")
Set objUser = objNTProvider.OpenDSObject
   ("WinNT://" &strDomain& "/" &strUser& "",lcladmin,lcladminpass,1)
objGroup.Add(objUser.ADsPath)

Set colClass = objSWbemServices.ExecQuery("Select * from " & strClass)
For Each objTing in colClass
   errAngivelse = objTing.SetAllowTSConnections(ENABLE_CONNECTIONS)
Next

If errAngivelse = 0 THEN
   Call MsgBox ("Succesfully enabled on " & strComputer & ".    "
        , 64, "Enable Remote Desktop")
Else
   Call MsgBox ("Could not enable on " & strComputer & ".    "
        , 64, "Enable Remote Desktop")
End If

[Squashman]

This still makes no sense to me. If you have the domain admin password, then just set a policy and if you are doing this against your domain admins wishes then you shouldn't have domain admin access.

[absentmind]

Global & Group Policy changes in my company would have to go through weeks of workflow submition, meetings, etc.

In the meantime my users need support and this is what I was authorized to use since it's on a case by case basis.

[Squashman]

OMG. They need to get a grip.

[StumpedTechy]

absentmind.... I have to ask which part of this script is the portion you use to enable remote desktop on the PC. We set each as we roll it out but there usually may be one or 2 that we miss. We don't want to set a GPO but we want to be able to set it if someone has "forgotten" to set it.

If you look at my script below - Its lower on the thread list - I just set one up to allow us to remote desktop in after adding the user in as admin and then removing it from the admin group after we log in as the user. This would be the BEST addition to my script (with your permission of course).

Squashman that beats my company where anything more than a vbs script has to hit the director and sit on his desk for 6 months before it gets addressed. I am still waiting on about 3 projects I placed on his desk 5 months ago.

[Squashman]

If you remotely connect to the registry, you can just change the registry to enable Remote Desktop.

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

Change the value of fDenyTSConnection to a Zero.

[StumpedTechy]

To be bluntly honest with you I have never known how to run a *.reg file on another PC remotely when the users are not Admin. I don't see any command within regedit to allow importing of a reg file to a remote computer. LOL geeze I feel like a dolt.... I found it right after looking for it. Right in the regedit connect to another computer. Ugh I need help.

[Mithrilhall]

Regedit-->File-->Connect Network Registry...

[absentmind]

Quote:

Originally Posted by StumpedTechy

absentmind.... I have to ask which part of this script is the portion you use to enable remote desktop on the PC. We set each as we roll it out but there usually may be one or 2 that we miss. We don't want to set a GPO but we want to be able to set it if someone has "forgotten" to set it.

If you look at my script below - Its lower on the thread list - I just set one up to allow us to remote desktop in after adding the user in as admin and then removing it from the admin group after we log in as the user. This would be the BEST addition to my script (with your permission of course).

Squashman that beats my company where anything more than a vbs script has to hit the director and sit on his desk for 6 months before it gets addressed. I am still waiting on about 3 projects I placed on his desk 5 months ago.

Omit this part... all it does is add you to the Remote Desktop User group... which I realized I don't even need since I'm using domain admin account now.

Code:

Set objGroup = GetObject("WinNT://" & strComputer & "/Remote Desktop Users")
Set objNTProvider = GetObject("WinNT:")
Set objUser = objNTProvider.OpenDSObject
   ("WinNT://" &strDomain& "/" &strUser& "",lcladmin,lcladminpass,1)
objGroup.Add(objUser.ADsPath)

You'd have to integrate this code with your own by changing the variables to match yours... strUser would be changed to strUID, etc. You could also hardcode your domain if you're not working with multiple.

I'll put some notes in the script to identify their functions.

Code:

'---Declarations---
Const wbemImpersonationLevelImpersonate = 3
Const wbemAuthenticationLevelPktPrivacy = 6
Const ENABLE_CONNECTIONS = 1
Const DISABLE_CONNECTIONS = 0
strNameSpace = "root\cimv2" 
strClass = "Win32_TerminalServiceSetting"

'---Data Input---
strComputer = InputBox
           ("Target Computer", "Enable Remote Desktop", default, 100, 100)
    If strComputer="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If
strDomain = InputBox ("Domain", "Enable Remote Desktop", default, 100, 100)
    If strDomain="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If
strUser = InputBox ("Username", "Enable Remote Desktop", default, 100, 100)
    If strUser="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If
strPass = InputBox ("Password", "Enable Remote Desktop", default, 100, 100)
    If strPass="" Then
        WScript.Echo "Terminated due to missing parameter."
        WScript.Quit
    End If

'---Connect to remote computer with Domain Admin Credentials---
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer _
    (strComputer, strNameSpace, strUser, strPass)

objSWbemServices.Security_.ImpersonationLevel =
    wbemImpersonationLevelImpersonate
objSWbemServices.Security_.AuthenticationLevel =
    wbemAuthenticationLevelPktPrivacy

'---Enable Remote Desktop---
Set colClass = objSWbemServices.ExecQuery("Select * from " & strClass)
For Each objTing in colClass
   errAngivelse = objTing.SetAllowTSConnections(ENABLE_CONNECTIONS)
Next

If errAngivelse = 0 THEN
   Call MsgBox ("Succesfully enabled on " & strComputer & ".    "
        , 64, "Enable Remote Desktop")
Else
   Call MsgBox ("Could not enable on " & strComputer & ".    "
        , 64, "Enable Remote Desktop")
End If

[StumpedTechy]

Thanks this helps alot. I'll have to play around with integration this week. I was going to do it as Squashman said but then I thought more about it last night and realized it would be nice if this script just "verified" this is enabled so I don't have to have others use another tool to do this. Keeping 1 script to run the gambit should be okay since we all have domain admin rights.

BTW Scripting just amazes my boss so anything I can give him in a script form he drools over for a month and makes my life happier/easier.

[BigC]

i have been looking for a script like this for the place i work

when i try to compile it i just get errors

[absentmind]

I've never actually tried compiling it. I only run it in vbs form.