Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Terminal Services (TS) Remote Configuration Primer Part 1
Published Sep 07 2018 05:43 PM 768 Views
First published on CloudBlogs on Oct, 03 2006

How to enable/disable TS connections remotely

Hello, my name is Soo Kuan Teo, I work on the Terminal Services Team. I would like to take this opportunity to begin sharing configuration features in TS.

TS is about remotability. It allows users and administrators to access their computer resources remotely, just as if those computer resources are available locally. TS has a WMI provider with a rich set of class templates that allows TS to be configured remotely or locally.

Please note that in Win2k3/XP, the TS WMI provider is grouped in root/cimv2 namespace. In Vista, it is grouped in root/cimv2/TerminalServices namespace. WMI security impersonation level wbemImpersonationLevelImpersonate and security authentication level wbemAuthenticationLevelPktPrivacy settings are also required for Vista. Please visit here for more info on Terminal Services WMI provider. Here is a good place to start if you want to learn more about WMI in general.

To check the TS Connections setting, you can use the read-only property AllowTSConnections in class template Win32_TerminalServiceSetting

To change the TS Connections setting, you can use the Method SetAllowTSConnections in class template Win32_TerminalServiceSetting .

There are several ways to use TS WMI, the easy way is through scripting. For example, in vbs ,

First we get the wbemService object:

Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!rootcimv2TerminalServices")

Then we get the instance of class template Win32_TerminalServiceSetting

Set objSet=Service.ExecQuery("select * from  Win32_TerminalServiceSetting”)

Now we can use the instance of Win32_TerminalServiceSetting to query/set setting:

for each obj in objSet
wscript.echo "Remote Desktop is " & obj.AllowTSConnections
' toggle setting
obj.SetAllowTSConnections 1-obj.AllowTSConnections
obj.refresh_
wscript.echo "New Remote Desktop setting is " & obj.AllowTSConnections

next

The complete vbs script for changing TS connections locally is:

Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!rootcimv2TerminalServices")

set objSet=Service.ExecQuery("select * from  Win32_TerminalServiceSetting")

for each obj in objSet

wscript.echo "Remote Desktop is " & obj.AllowTSConnections
' toggle setting
obj.SetAllowTSConnections 1-obj.AllowTSConnections
obj.refresh_
wscript.echo "New Remote Desktop setting is " & obj.AllowTSConnections
next

Similarly, we can use the wmi moniker feature to simplify the remote case:

Set Service = GetObject("WinMgmts:{impersonationLevel=impersonate, authenticationLevel=PktPrivacy}" _
& "!\RemoteServerrootcimv2/TerminalServices")

set objSet=Service.ExecQuery("select * from  Win32_TerminalServiceSetting")
for each obj in objSet
wscript.echo "Remote Desktop is " & obj.AllowTSConnections
' toggle setting
obj.SetAllowTSConnections 1-obj.AllowTSConnections
obj.refresh_
wscript.echo "New Remote Desktop setting is " & obj.AllowTSConnections
next

I also  attached a sample script that  allows you to use different Admin user credentials than the user account that runs the script. Please run cscript LHEnableRemoteDesktop.vbs /? for more info.
The attached sample script works in Vista only. If you want to make it work in Win2k3/XP, all you need to update is its namespace from " root/cimv2/TerminalServices " to " root/cimv2 ".

Another easier way to access WMI providers is through the use of WMIC
To query TS Connections setting:

wmic RDToggle get AllowTSConnections

To set Terminal Services connections setting:

wmic RDToggle where servername=”ServerName" call SetAllowTSConnections 1

We can use the WMIC global switches for the remote case:

To query the TS connections setting:

wmic /node:"RemoteServer" /user:"domainAdminUser" /password:"password" RDToggle where servername="RemoteServer" get AllowTSConnections

To enable Terminal Services connections:

wmic /node:"RemoteServer" /user:"domainAdminUser" /password:"password" RDToggle where servername="RemoteServer" call SetAllowTSConnections 1

As a side note, in general for WMI to work properly, you need to:
For Vista and win2k3/XP, set Windows Firewall exceptions for Windows Management Instrumentation (WMI)

For Vista, run script and wmic in elevated command shell

Next: Configure the TS session limit remotely

DISCLAIMER: This posting is provided "AS IS" with no warranties, and confers no rights.  Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

EnableRemoteDesktop.zip

Version history
Last update:
‎Sep 07 2018 05:43 PM