Remotely enable the 3389 Terminal Service

The administrator privilege of a host was obtained, but we were disappointed to find that the host did not install the 3389 Terminal Service component,
Is it a bit sad? Don't worry. Let's explore how to enable 3389 remotely.

First, we should know about the 3389 Terminal Service and the system in which it runs. I personally know that most of the Terminal Services in M $.
Products can run, such as: winnt4/win2000server/win2000ADV-server/win2000ds/XP and so on.
However, winnt4 needs to be purchased separately. The 2000 Professional Edition cannot remotely install the terminal service. At least I have never succeeded.
In the following exploration, we use win2000server and Advanced Server as examples (currently most used ).

Start now.

Assume that we have obtained the Administrator account and password of a host.
HOST: 192.168.0.1
Account: Administrator
Password 7788
2000 system installation in c: \ winnt

We can see from the above introduction that the 2000 Professional Edition cannot remotely install the terminal service, so we should first
To determine whether the host is a professional edition or Server Edition, you can proceed to the next step.

We can use the account opened by the other party to determine:

C: \> letmein \ 192.168.0.1-all-d
Stating connecting to server...
Server local time is: 2002-1-13 10:19:22
Start get all users form server...
--------------------------
Total = 5
--------------------------
Num0 = Administrator ()
Num1 = guest ()
Num2 = iusr_servername (Internet Guest account)
Num3 = iwam_servername (start the IIS process account)
Num4 = TsInternetUser (TsInternetUser)
--------------------------
Total = 5
--------------------------

Generally, the three accounts num2/3/4 are enabled by default on 2000server.
2000 Professional Edition does not open these accounts by default.

We can also scan the ports opened by the other party for further confirmation:
Use scanning software such as superscan3.exe to scan the port opened by the other party
Determine whether or not the other party has enabled ports opened by or and other 2000server by default.

Of course, we can also use some tools, such as cmdinfo.zip.
You can obtain the version, system path, source disk path, pack version, and installation time of the local or remote NT/2 k host.
Series information, a graphical interface, a command line.
The returned information gives you a clear understanding of the host information of the other party.

There are other methods to determine, such as determining the services opened by the other party,
The accuracy of the above judgment is still relatively high, and nothing else will be explained one by one.

If you find that the other host does not have the three accounts, the default port is not opened,
Or the information returned by raise info is the 2000 Professional Edition. You have to discard the 3389 installation plan.

Now we are going to the next step:
Determine whether Terminal Services are installed?

You may want to ask: Why do you need to judge? No port 3389 found during my scan?
Here we need to explain, if the terminal service component is installed, which of the following situations may not be able to scan port 3389?
1. The terminal service termservice is disabled in "Administrative Tools" >>> "services.
2. the RDP protocol required for terminal service connection is disabled in "Management Tools"> "terminal service configuration.
3. The default connection port 3389 of the terminal service is manually changed. For details about how to change it, see modify the default port 3389 of the terminal service)
4. The network adapter bound to the terminal service is not from the Internet.
5. Firewall and port filtering.
6 ...... (and what I did not expect)
In fact, the most common problems we encounter are the above five situations.

Determine whether the component is installed.

Connect to the remote host first, map the remote host C disk to the local Z Disk
Net use Z: \ 192.168.0.1 \ C $ "7788"/User: "Administrator"
The command is successfully completed.

Then go to the Z disk and check
Z: \ Documents ents and Settings \ All Users \ Start Menu \Program\ Management tools>
Is there a shortcut file for "Terminal Service Manager" and "terminal service configuration "?
If a service component has been installed, otherwise, no (98% people may intentionally delete the component)
We can also use the commands provided by the terminal service to further verify after telnet to the other host.

After the judgment is completed, the other party does not seem to have installed the terminal service components. You can proceed to the next step:
Telnet to the target host and prepare to install the service components.

Here, I strongly recommend that you log on to the Telnet server that comes with 2000,
There is echo, and it is not prone to errors. I personally feel that it is a lot higher than a success rate. (haha ~, Personal Understanding !)
Even if it is not enabled, it will be finished after it is opened.
This method has been described in detail in the fastest login to Win2k Telnet Service written by. Abu,
In addition, this method (create an account with the same name and password on the local machine) makes it a reality to quickly implement telnet login.

Suppose we have enabled port 23 of the other party,
Telnet 192.168.0.1
Enter user name/Password
* ===================================================== ======================================
Welcome to the Microsoft Telnet server.
* ===================================================== ======================================
C: \>
\ Successfully enters !!!!

After entering, check whether the terminal components are installed again:
C: \> query user
This tool needs to install Terminal Services.

This further determines that the component is not installed. If the following code is returned:
Username sessionname ID state idle time Logon Time
> W1 console 0 running. 2002-1-12
\ The component may have been installed.

Good! You can start the installation.
---------------------------------------------------
C: \> dir c: \ sysoc. inf/S // check the location of the INF file
C: \ winnt \ INF directory

2000-01-10 3,770 sysoc. inf
1 file, 3,770 bytes
-----------------------------------------------------
C: \> dir c: \ sysocmgr. */S // check the component Installer
C: \ winnt \ system32 directory

2000-01-10 42,768 sysocmgr.exe
1 file, 42,768 bytes
-----------------------------------------------------
C: \> echo [components]> C: \ Wawa
C: \> echo tsenable = on> C: \ Wawa
// This is the setup of unattended installation parameters
C: \> type C: \ Wawa
[Components]
Tsenable = on
// Check the parameter file
------------------------------------------------------
C: \> sysocmgr/I: C: \ winnt \ INF \ sysoc. inf/u: C: \ Wawa/Q
-----------------------------------------------------
This is the command for installing components.
The above command does not add the/R parameter, and the host is automatically restarted after installation.
If the/R parameter is added, the host will not be restarted.

If everything works, the host will be offline in a few minutes. When it returns,
3389 the terminal service has been enabled. You can connect to it.

Questions and suggestions:

A does not use/r during installation, and sometimes the host will not be restarted. You need to manually restart a, but when using the iisreset/reboot command
On the screen, a dialog box appears, indicating who caused the startup, how many seconds from the restart.

B can try again if it fails once, which is useful in practice.

C. when entering the sysocmgr command to start installation, do not enter the command parameter wrong. A large dialog box will appear on the other side, which is the help of sysocmgr and is very conspicuous,
And you must be sure that there will be no response on your screen, and you will not know the error, so there will be B's suggestion.