Remotely enable Remote Desktop in Windows 7/8/8.1

Step 1: Open ports in the Windows firewall

There is no native way to change the settings of a remote Windows firewall. However, you can use PsExec from SysInternals to disable it or change some rules.

If you download the app and drop it into your c:\ drive, you can run this command and get command line access for that remote box.

c:\psexec \\remote_machine_name cmd

Once you have that command line open, you can run this command to disable the firewall:

netsh advfirewall set currentprofile state off

Alternatively you can run this command to allow only Remote Desktop while still leaving the rest of the firewall as is:

netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes

Step 2: Start the Remote Registry service

Load up the Services MMC (Control Panel > Administrative Tools > Services), right click on “Services (Local)” and choose “Connect to another computer”. Enter the name of your remote machine and connect to it. You should now be able to find the “Remote Registry” service and start it.

Depending on your environment, this may already be running, but I have found it generally isn’t on fresh computers.

Step 3: Change a registry setting to enable Remote Desktop

It’s time to make use of the Remote Registry and actually enable RDP. Load up regedit and go to File > Connect Network Registry. Enter the name of your remote computer and connect to it. Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server. Change the value of “fDenyTSConnections” to “0”.

Step 4: Start the Remote Desktop service

Go back to the Services MMC you used in Step 2. Find the service “Remote Desktop Services” and start it (or restart if it is already running).

Step 5: Connect

By this point you should be able to connect to a remote desktop session on your remote computer. Remember that only administrative users can connect to an out-of-the-box Remote Desktop setup. If you have got this far and still can’t connect, it is worth checking your firewall rules to ensure nothing is being blocked.

 

Taken from: http://mediarealm.com.au/articles/2013/03/remotely-enable-remote-desktop-in-windows-7/

Advertisements

Mikrotik – Basic universal firewall script

This is a basic script I always use when setting up Mikrotik firewalls from scratch.

/ip firewall address-list add address=10.0.0.0/24 disabled=no list=support

/ip firewall address-list

add address=0.0.0.0/8 comment=”Self-Identification [RFC 3330]” disabled=no list=bogons
add address=10.0.0.0/8 comment=”Private[RFC 1918] – CLASS A # Check if you need this subnet before enable it” disabled=yes list=bogons
add address=127.0.0.0/16 comment=”Loopback [RFC 3330]” disabled=no list=bogons
add address=169.254.0.0/16 comment=”Link Local [RFC 3330]” disabled=no list=bogons
add address=172.16.0.0/12 comment=”Private[RFC 1918] – CLASS B # Check if you need this subnet before enable it” disabled=yes list=bogons
add address=192.168.0.0/16 comment=”Private[RFC 1918] – CLASS C # Check if you need this subnet before enable it” disabled=yes list=bogons
add address=192.0.2.0/24 comment=”Reserved – IANA – TestNet1″ disabled=no list=bogons
add address=192.88.99.0/24 comment=”6to4 Relay Anycast [RFC 3068]” disabled=no list=bogons
add address=198.18.0.0/15 comment=”NIDB Testing” disabled=no list=bogons
add address=198.51.100.0/24 comment=”Reserved – IANA – TestNet2″ disabled=no list=bogons
add address=203.0.113.0/24 comment=”Reserved – IANA – TestNet3″ disabled=no list=bogons
add address=224.0.0.0/4 comment=”MC, Class D, IANA # Check if you need this subnet before enable it” disabled=yes list=bogons
/ip firewall filter

add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment=”Add Syn Flood IP to the list” connection-limit=30,32 disabled=no protocol=tcp tcp-flags=syn
add action=drop chain=input comment=”Drop to syn flood list” disabled=no src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment=”Port Scanner Detect” disabled=no protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment=”Drop to port scan list” disabled=no src-address-list=Port_Scanner
add action=jump chain=input comment=”Jump for icmp input flow” disabled=no jump-target=ICMP protocol=icmp
add action=drop chain=input comment=”Block all access to the winbox – except to support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT ADDRESS LIST” disabled=yes dst-port=8291 protocol=tcp src-address-list=!support
add action=jump chain=forward comment=”Jump for icmp forward flow” disabled=no jump-target=ICMP protocol=icmp
add action=drop chain=forward comment=”Drop to bogon list” disabled=no dst-address-list=bogons
add action=add-src-to-address-list address-list=spammers address-list-timeout=3h chain=forward comment=”Add Spammers to the list for 3 hours” connection-limit=30,32 disabled=no dst-port=25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment=”Avoid spammers action” disabled=no dst-port=25,587 protocol=tcp src-address-list=spammers
add action=accept chain=input comment=”Accept DNS – UDP” disabled=no port=53 protocol=udp
add action=accept chain=input comment=”Accept DNS – TCP” disabled=no port=53 protocol=tcp
add action=accept chain=input comment=”Accept to established connections” connection-state=established disabled=no
add action=accept chain=input comment=”Accept to related connections” connection-state=related disabled=no
add action=accept chain=input comment=”Full access to SUPPORT address list” disabled=no src-address-list=support
add action=drop chain=input comment=”Drop anything else! # DO NOT ENABLE THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED” disabled=yes
add action=accept chain=ICMP comment=”Echo request – Avoiding Ping Flood” disabled=no icmp-options=8:0 limit=1,5 protocol=icmp
add action=accept chain=ICMP comment=”Echo reply” disabled=no icmp-options=0:0 protocol=icmp
add action=accept chain=ICMP comment=”Time Exceeded” disabled=no icmp-options=11:0 protocol=icmp
add action=accept chain=ICMP comment=”Destination unreachable” disabled=no icmp-options=3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD disabled=no icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment=”Drop to the other ICMPs” disabled=no protocol=icmp
add action=jump chain=output comment=”Jump for icmp output” disabled=no jump-target=ICMP protocol=icmp

 

 

Taken from : http://wiki.mikrotik.com/wiki/Basic_universal_firewall_script