Scripting Question

Trying to enable RDP via scripted installations? Please Advise.

08/12/2016 1236 views
Trying to run a VBS script through online kscript

const HKEY_LOCAL_MACHINE = &H80000002
strComputer = ""

Set StdOut = WScript.StdOut

On Error Resume Next

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ 
strComputer & "\root\default:StdRegProv")
If Err.Number <> 0 Then
  WScript.Echo "An error has occurred. You may have mistyped the computer name." 
End If

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"
strValueName = "fDenyTSConnections"

oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

If dwValue = 1 Then

    dwValue = 0
    oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue 
  End If

Script works if run locally as admin through command prompt, however it fails when running it through scripted install. Any tips?
0 Comments   [ + ] Show comments


Community Chosen Answer

My idea would be this, configure a machine the way you want it.  Then export the registry keys you need so you have a nice little ".reg" file with your settings in it.  BUT, you'll need to run regedit.exe in with elevated privileges in the script.  So use this elevation tool:  http://www.winability.com/elevate/

Add the reg file and the Elevate executable as dependencies in your script.  Then the script would look like this:

  • Launch a program...
  • Directory:  $(KACE_DEPENDENCY_DIR)
  • File:  Elevate_x64.exe
  • Parameters:  "C:\Windows\regedit.exe" -s "$(KACE_DEPENDENCY_DIR)\sample.reg"

The -s is for silent mode, so you can inject registry keys using this method with no user interaction or impact.

Answered 08/22/2016 by: looshus
Senior Yellow Belt

All Answers

I typically used a batch file as my first post install task. Here is the command:
Reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
Answered 08/12/2016 by: krhodes@clarknexsen.com
Senior White Belt

  • Will this BAT work as a scripted install too?
    • Standby
      • I just tried it, however it failed. When i run it locally it works fine, however when I try to use Kace1000 to push it. It fails :/
  • Attempted both running as local system and a local admin account through kace1000 and it is still failing.
    • Create a post install task and drag it over to the scripted install. You don't need to employ the K1000 for this.
      • What do you mean by post install? I'm trying to roll this out to 200+ machines that are already up and running
      • Ah, I apologize.. I saw scripted install and assumed K2000.. Any reason this can't be a logon script, then?
      • Yeah I particularly don't work on the AD and our guy that does unfortunately is not cooperative. However one way or another this needs to get done.
This is the batch script we use in our scripted installations:
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication  /t REG_DWORD /d 0 /f

Answered 08/15/2016 by: chucksteel
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ