In many organizations, IT administrators are expected to manage remote servers and machines from just about anywhere. Many administrators utilize Remote Desktop Connection to access offsite servers and desktops. If a machine was shipped to a remote location and RDP was not enabled, someone would need to have physical access to log on to the Windows OS in order to turn on RDP. However, what happens if that machine cannot physically be accessed? This article explains how to modify the registry key of a server to gain RDP access to a machine. This fix will work on Windows XP, Windows 7, Windows 8/8.1, Server 2003/2003R2, Server 2008/2008R2 and 2012/2012R2.

Modifying Windows Registry to Enable RDP

In the example listed below, I am trying to access 172.16.1.234. When trying to enable a remote desktop connection to the machine, I receive an error message. My first instinct is that the machine may be powered off, so I do a quick ping check to see if the network I am on is able to see the machine.

I know the machine is physically powered on and that the network adapter works because I am able to ping the machine and get a response.

Since I have verified the machine is on, my next step is to open up regedit to check the registry key and see if RDP has been enabled.

Once regedit has opened, I need to try to connect to registry of the remote machine. To do this, click on File and select Connect Network Registry.

In my case, since I know the machine has not been joined to the domain yet and therefore will not check in with DNS, I will use the IP address to access the machine. If the machine was on the domain, I could utilize the FQDN.

Next, navigate to:

> HKEY_LOCAL MACHINE > SYSTEM > CurrentControlSet > Terminal Server

On the right hand side, find the fDenyTSConnections. The default value is set to 1. This means that remote desktop access is not available.

To enable remote desktop access, set the value of fDenyTSConnections to 0.

Once the fDenyTSConnections value has been changed to 0, the change will take effect immediately.

If I try to access 172.16.1.234, I now have access to the machine.