Overcoming firewall obstacles
March 25, 2013 / Support Centre/
Windows 7 doesn’t allow Remote Desktop connections by default – this has to be enabled by the user (or set via group policy). What happens if you’re in a bind and need quick remote access to a desktop? If you’re in a domain environment you may just be in luck. There are four steps needed to remotely enable RDP connections.
- Open ports in the Windows firewall
- Start the Remote Registry service
- Change a registry setting to enable Remote Desktop
- Start the Remote Desktop service
For this guide I assume you are on the same LAN as the remote computer you want to access (you may already have RDP’ed into a server on that LAN), and you are logged in as a Windows user with administrative privileges for the remote computer you are wishing to access.
This isn’t likely to work work if you are on the other side of an agressive firewall.
Note: If you have access to the computer, you can follow the standard procedure for enabling Remote Desktop.
Step 1: Open ports in the Windows firewall
There is no native way to change the settings of a remote Windows firewall. However, you can use PsExec from SysInternals to disable it or change some rules.
If you download the app and drop it into your c:\ drive, you can run this command and get command line access for that remote box.
c:\psexec \\remote_machine_name cmd
Once you have that command line open, you can run this command to disable the firewall:
netsh advfirewall set currentprofile state off
Alternatively you can run this command to allow only Remote Desktop while still leaving the rest of the firewall as is:
netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes
Step 2: Start the Remote Registry service
Load up the Services MMC (Control Panel > Administrative Tools > Services), right click on “Services (Local)” and choose “Connect to another computer”. Enter the name of your remote machine and connect to it. You should now be able to find the “Remote Registry” service and start it.
Depending on your environment, this may already be running, but I have found it generally isn’t on fresh computers.
Step 3: Change a registry setting to enable Remote Desktop
It’s time to make use of the Remote Registry and actually enable RDP. Load up regedit and go to File > Connect Network Registry. Enter the name of your remote computer and connect to it. Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server. Change the value of “fDenyTSConnections” to “0”.
Step 4: Start the Remote Desktop service
Go back to the Services MMC you used in Step 2. Find the service “Remote Desktop Services” and start it (or restart if it is already running).
Step 5: Connect
By this point you should be able to connect to a remote desktop session on your remote computer. Remember that only administrative users can connect to an out-of-the-box Remote Desktop setup. If you have got this far and still can’t connect, it is worth checking your firewall rules to ensure nothing is being blocked.
Get the Broadcast Technology Newsletter
Sign up for the email newsletter about media and technology. Sent irregularly. No spam.