Remotely enable Remote Desktop

If an off-site server needs to be accessed via Remote Desktop Connection (RDC) client immediately, yet the Remote Desktop is not enabled on the server, it is a royal pain in the ass. Luckily it’s possible to remotely enable and turn of the Remote Desktop service on a remote PC or server by remotely editing its registry.

  1. Login to the workstation with administrator credentials.
  2. Run Registry Editor (regedit).
  3. Click File
  4. Select the Connect Network Registry in the pull down menu.
  5. Enter the name of the required computer and press OK
  6. A node for the remote computer network registry will be displayed in the Registry Editor with HKEY_LOCAL_MACHINE (HKLM) and HKEY_USERS (HKU) hives.
  7. Navigate to the following registry key for the remote computer: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
  8. In the right pane, locate a REG_DWORD value named fDenyTSConnection. Double-click on fDenyTSConnection and change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled).
  9. Reboot the remote machine by issuing the following command:  shutdown -m \\hostname -r

Installing Trend Micro trial

On a clean, patched Windows 2003 box, perform the following steps:1. run setup.exe - 'next' - 'accept' - 'next' 2. 'evaluation without...' - 'next' 3. 'do not prescan...' - 'next' 4. 'custom install..' - 'next' - 'next' - 'next' - 'next' - 'next' - 'next' 5. uncheck 'enable ssl' - 'next' - 'next' - 'next' 6. enter a password (all boxes) - 'next' 7. 'no, I don't...' - 'next' - 'next' - 'next' 8. port number: 22222 - 'next' - 'next' 9. --wait for ages-- 10. 'finish' - the web portal will now load 11. install IE addons as required 12. go to 'Updates' - 'Manual' - 'Update now' - 'OK' 13. on each server on the network, unload the client agent (right click the icon in the taskbar) 14. on each server on the network, run the client agent (start - all programs - trend... - client-server security agent) 15. go to 'Security settings' - click either 'Servers' or 'Desktops' to see the clients appear

that's it!

Recovering from a buggered Windows XP

When everything is stuffed (virus you can't remove, corrupted registry, system restore doesn't work) your only option is to recover Windows the long way. The full guide from Microsoft is here, but below are the important points. Note that I use a BartPE CD to make steps 1 and 3 quicker - using copy and paste is easier than stuffing around with (and potentially stuffing up) the command line... commands. 1. From a non-Windows environment (ie a live CD), delete the registry hives from c:\windows\system32\config\ - system, software, sam, security and default. Copy the ones from c:\windows\repair\

2. Reboot into safe mode, ensure hidden files are visible, and replace the owner of the 'System Volume Information' folder. Copy the registry files from one of the folders within 'SVI' into a temp folder within c:\windows\system32\config\. Rename them to be the normal names (ie rename _REGISTRY_MACHINE_SECURITY to SECURITY)

3. Reboot into the live cd environment again. Replace the existing registry hives with the shiny new ones in the temp folder

4. Reboot into regular Windows - run a System Restore and you are done.

What we did and why we did it Windows (and all of the software on your computer) knows how it is supposed to behave because of what is stored in the registry - when you install a piece of software, the installation process adds info to the registry that explains what to do, when. If the newly installed software breaks Windows (either accidentally or on purpose), we want to go back to how the system was before the installation.

This is what System Restore effectively does - it restores the registry hives to the exact state they were at the point in time on the label - killing the new program (because it doesn't know how to 'act'), but not removing any data (the folder will still be in c:\program files\).

If System Restore fails (such as a messy malware infection that won't allow SR to run at all), or if the registry is so buggered Windows won't even start, we can use the default ones that come with a fresh installation of Windows. As you might have guessed, these hives have absolutely no idea what has happened since the computer was turned on for the first time; therefore if we stopped at this point, none of our softwate would work. The final few steps get the registry back to where it was before the 'incident' - usually a couple of days will do it - so your system is back up and running.

GFI MailArchiver vs Outlook 2007

Outlook 2007 has issues with displaying a web page as the default view of a folder - unfortunately this is what GFI MailArchiver's Outlook plug-in uses to provide the search interface to the archive. A registry change is required to make it work as advertised - create a new text file and enter the following:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security] "NonDefaultStoreScript"=dword:00000001

Rename the text file with a .reg extension, double-click it and you are done. The search folder should now appear as it should:

Exchange resources - Auto Accept Agent

For resources such as meeting rooms that needs to be 'invited' to a meeting (or otherwise booked), it is a pain to have to constantly log into an Exchange mailbox to accept/reject invitations - especially if you are tasked with managing a heap of them. Microsoft have a tool to take the hassle out of this, though it is a bit of a convoluted process - see here for more info on the Exchange Auto Accept Agent.