Windows 2000 Terminal Server : Modify RDP-tcp permissions via script

March 19, 2008 – 12:55 pm

I was recently asked how to modify the rdp permissions on a large number of Windows 2000 SP4 servers running in Remote Admin mode.  Well, normally Id make use of WMI and make the changes using Win32_TSPermissionsSetting class.  Unfortunatly this class is not available in Windows 2000. 

To get around this issue in Windows 2000 try the following:

  1. Create a domain group and manually assign the permissions to the RDP-Tcp connection on a single server
  2. Export the following reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\Security (REG_BINARY)
  3. You can now import this reg key on any number of servers across your enterprise.  Since the change was not made using the API you may have to reboot the server

  1. 4 Responses to “Windows 2000 Terminal Server : Modify RDP-tcp permissions via script”

  2. But how do you manually assign the permissions on RDP-TCP?

    By Carlos on Apr 10, 2008

  3. Right click on the connection object in Terminal Services Configuration. Setting under the security tab.

    By admin on Apr 10, 2008

  4. it’s posible to do it without Terminal Services Configuration?
    I found this http://support.microsoft.com/kb/259129 but i do not know how to manage the acl

    By Carlos on Apr 12, 2008

  5. I think you are missing the point of this post. You either manage the acls via Terminal Services Configuration GUI or you script it. If the OS is Windows 2003 you use the WMI class outlined in kb259129. If its Windows 2000 you use the method I outlined. Terminal Services is not installed on a Windows 2000 box by default, you have to add it through Windows components.

    By admin on Apr 12, 2008

Sorry, comments for this entry are closed at this time.

Gavin’s Technology Weblog is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob