How To: Remotely enable Remote Desktop!

9 10 2006

Remotely enable Remote Desktop [via] spion’s blog

To start Spion created this kick ass app Remote Desktop Connector!
Here are the Specs:

1. Field is in the format of “Friendly Name, Host”
2. You can start typing in the field for autofind.
3. Escape will clear the field when it has the focus.
4. Enter will connect using RDP and the port specified in the Ports section.
5. Add: Adds a new host to the saved list.
6. Delete: Deletes a host from the saved list.
7. Update: Updates the selected host in the list with whatever you have in the Host textbox.

1. Smart Sizing: Allows you to resize the Remote Desktop Window on the fly without getting scroll bars, in other words it scales the screen for you in real time.
2. Console: When enabled connects you to the console of a Windows 2003 server instead of a virutal session.
3. Session Bar: Adds or removes the session bar at the top of the Full Screen Remote Desktop session.
4. KB Remote: When enabled sends windows hotkeys to whatever you are connected to instead of the local computer you are connecting from. ie windows-e

Pretty self explanitory.

1. RDP: Enter the port number that you have listening. Default is 3389.
2. Telnet: Use to select the telnet port you want to connect on when the Telnet button is pressed.

1. Ping: Pings the host that is listed in the Host section.
2. Cmd: Opens a command prompt.
3. Telnet: Telnets to the host listed in the Host section on the port secified in the Ports section.
4. Nslookup: Opens an nslookup window.
5. VPN: Opens the selector for VPNs setup in DUN.
6. RDP: Connects to the Host specified in the Host section on the RDP port specified in the Ports section.


Nice one spion:

There are many ways to go about this but this is the most straight forward in a default domain / default SBS domain environment.1. Log onto the domain controller as administrator.
2. Open computer management (right-click my computer and manage)
3. Right-click Computer Management and select Connect to another computer.
4. Enter your target machine.
5. After it connects browse to services and stop the “Windows Firewall/Internet Connection Sharing” service.
6. Open regedit.
7. Goto File/Connect Network Registry
8. Enter your target machine.
9. Within Regedit browse to:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server
10. Change fDenyTSConnections to 0
11. Open remote desktop and connect to your target machine as either someone in the domain administrators group, someone in the local administrators group, or someone in the remote desktop users group on the local machine.

The only problem I see here is the privilege level you have to have in order to even use the hack at all. Many hacks are susceptible to the privilege conundrum. How does one log on to the DOMAIN CONTROLLER as an admin?

More on this later.

Hmmm, how can I use this for the sake of commedy…



One response

2 02 2010
Robert Shumake

There is obviously a lot to learn. There are some good points here.

Robert Shumake

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: