Rawns (20th October 2009)
Right, after some digging through some truly baffling policy templates, the key you're looking for appears to be a DWORD value called Shadow at:
Values:Code:HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services
0: No remote control allowed
1: Full Control with user's permission
2: Full Control without user's permission
3: View session with user's permission
4: View session without user's permission
But if you set this with a script, the policy engine is going to come along and change it during a user session anyway, so I still think you're wasting your time.
Rawns (20th October 2009)
I love reverse-engineering at lunchtime
What client does this work on? i have tryed XP clients and it logs the user off when i login.
Edit: good point. Rawns, you are still wasting your time.
Coz i know theres a way to watch a PC boot and see the desktop from 2003 r2 server..
never realy looked in to it just seen it at my mates old job..
dam powdarrmonkey you watching my laptop.. lol that was fast.
next yrs project shoot teachers..
might have to do TS for access at home and ease of use in school for teachers...
Have you considered using Powershell scripting? It is capable of manipulating GPOs easily, without directly needing to manipulate registry settings.
The way I'd be doing it would be to create a GPO in a domain, export it/back it up, and then via PowerShell import it into all the disparate domains.
Powdarrmonkey, you were right. Seems to work on servers but no luck with workstations. Back to the drawing board.
I've previously automated (and still do coz it ain't broke) mass GPO editing with a bit of JScript wrapped around a free utility called GPScript.exe which comes as part of a collection: batch tools.zip. It takes a text file as input and applies the changes therein, to a registry.pol file. YMMV but I've given that util a bit of exercise and it has always worked for me.
My script is about a) finding the right GPO to point GPScript at (I'm dealing with servers where certain GPO names are consistent), b) Updates the GPO version in the right places afterwards.
You can download Microsoft spreadsheets that are lists of standard Windows ADM[X] policy settings, with their descriptions, exact registry keys etc. Very quick and easy to search for things, but I once got bitten by a couple of mistakes in one so verify before production use.
 There are some other useful utils in there.
PS: The only way I've made this thread work is to RDP (or something) to domain X server as an Admin , then within that session Remote Assist to domain X workstation. Unsolicited RA from Admins needs to be configured in a GPO for the workstations first though.
Last edited by PiqueABoo; 21st October 2009 at 12:16 AM.
WHen your RDPing to a user if your taking control of the session you'll be connecting as them, I thought RDP on XP was only set up for members of the admin group.
I guess you could test that by loging onto one as an admin then seeing if you can RDP to it from antoter machine.
There are currently 1 users browsing this thread. (0 members and 1 guests)