- Different ways of gaining remote computer access - Thu, Sep 8 2022
- Get AD user group membership with Get-ADPrincipalGroupMembership - Fri, Aug 5 2022
- Snapshot management in vSphere - Tue, Nov 2 2021
Remote Desktop
RDP is probably one of the most common methods used by Windows admins. It's built into Windows, and you start it by typing "Remote Desktop" in Start > Search.
Enter the Fully Qualified Domain Name of the other computer (or the computer's IP address) and your username, and click Connect. You are prompted to enter your password. If you have the proper rights for remote access, you are in.
If you can't connect, make sure RDP is enabled in the system settings of the remote computer.
Also, is the service stopped? Run the Services app, and make sure it's running.
If it is running, check whether the destination computer's Windows Firewall is running.
If it's running on the destination computer, turn it off. Don't worry; we aren't going to leave it off. Attempt to reconnect, and if it works, you confirmed the firewall was the issue. On the target computer, turn the firewall back on, and navigate to Windows Defender Firewall with Advanced Security.
Find Remote Desktop – User Mode (TCP-In) in the new window that appears, choose it, and enable it from the right panel by choosing Enable Rule.
However, using RDP has some severe drawbacks:
- Microsoft's standard licensing (ignoring CAL licenses here because they are rarely used) is restricted to only two simultaneous users. This can be two remote users, or one remote user and one local user. When dealing with a workstation, only one user can work on the computer at a time.
- When you log into a desktop, the user is unable to do anything.
- Because only two admins are able to log in, it is difficult for multiple people to examine a machine at once for potential issues.
VMware Remote Console
VMware vSphere Remote Console is another common remote access tool for environments working with VMware. It's pretty easy to use; simply find the server you want to connect to, and launch the console.
While this method is great for virtual systems, it has some severe restrictions:
- The VMware console is only available for virtual systems hosted on VMware systems. This excludes all physical servers, and all physical laptops and desktops.
- VMware console actions can be a security issue, as any actions done by a consoled-in user are not documented in the Windows logs as being done by that user but rather by whoever is logged in to the system. As a result, access to vSphere is typically restricted to VMware administrators, and sometimes system administrators with restricted privileges.
Microsoft Management Console
The other option we have is Microsoft Management Console (MMC), which is built into Windows. It allows an admin to manage Windows using a variety of administrative tools via snapins or utilities. These tools are located in the folder C:\Windows\System32\ or its subfolders, or can be accessed via the control panel.
While these tools are great for managing a Windows desktop or server, a support person who is in the local administrators group of the destination machine or a sysadmin who has administrator rights on the server can view, remotely manage, and modify the administrative tools of a remote computer.
With Connect to another computer, a window will pop up (see screenshot below). Simply enter the FQDN, hostname, or IP address of the destination computer, and you will be able to view that system's currently running services. You can also start, stop, or view the settings of any of those services.
You can do the same thing with the Event Viewer, including connecting to the remote computer as a different user than the one with which you are logged.
If you are unable to connect to a remote computer, ensure that the following services are running on the remote computer:
- Remote Procedure Call (RPC)
- RPC Endpoint Mapper
- DCOM Server Process Launcher
The connection might be blocked by the Windows Firewall. To add a rule to allow access, run the following commands from an elevated command prompt. Make sure you use the IP and subnet masks that suit your system.
netsh advfirewall firewall add rule name="RPC endpoint mapper" dir=in action=allow protocol=TCP localport=135 profile=Domain,Private remoteip=172.16.1.0/16,LocalSubnet netsh advfirewall firewall add rule name="File and Printer Sharing (NB-Datagram-In)" dir=in action=allow protocol=TCP localport=445 profile=Domain,Private remoteip=172.16.1.0/16,LocalSubnet netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Datagram-In)" new enable=yes profile=Domain,Private remoteip=172.16.1.0/16,LocalSubnet netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
You can also use this method to access the registry of a remote computer.
From here, connect to the remote system by entering its hostname, FQDN, or IP address.
If you are in the administrators group and are getting an Access Denied message, the most likely cause is that Remote Registry is disabled, either in the registry, Windows services, or via Group Policy.
The easiest way to confirm that it's being blocked by GPO is to do a GPresult /H <insert filename here> from an elevated command prompt and see whether there are any settings under Remote Registry. The path is Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Remote Registry.
If you want to look at the registry while on the remote computer, the registry keys can be found at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RemoteRegistry \DisableIdleStop. If it's set to 1, the remote registry is disabled. Setting it to 0 should enable it.
You can also check Windows Services and start the remote registry service.
SMB shares
Another method for remote computer access is accessing administrative shares on the remote system with SMB shares.
If you open Computer Management on a Windows desktop, you will see several options, including shared folders. If you select Shares, you will see several default shares.

The default Windows shares if you created additional shares they are also listed in Computer Management
To access these shares from your local computer, simply open File Explorer, and use the following syntax: \\<IP address or FQDN of remote machine\<share name>. In the example below, I am connected to the C drive of the computer located at 192.168.1.65, and I have full access to any and all files, all from my local desktop.
Note that all MMC and SMB share accesses are logged in the Windows security log. Remote access requires administrator rights on the remote machine. Below is an example log for C$.
PowerShell remoting
For any Windows admin, PowerShell is a key tool to help automate many of the tasks you do. Of course, you can also use PowerShell to access a remote computer.
To do so, PowerShell remoting must be enabled. To test whether PowerShell remote is enabled, run the following command on the target machine from an elevated command prompt:
Test-WsMan <RemoteCOMPUTERName>.
The error below occurs when you try to test the connection, and PSremoting isn't enabled.
To enable PowerShell remoting in PowerShell 7, run this command:
Enable-PSRemoting -force
If you now test again, access to the remote computer via PowerShell should work.
With PowerShell, we can start a remote session to a single machine using this command:
Enter-PSSession <server name>
Once you are connected, any commands that you type at the prompt run on the remote computer, and the results are displayed on the local computer.
Another important cmdlet using PowerShell remoting is Invoke-Command, which has the following syntax:
Invoke-Command -computer name <computername1>,<computername2> -scriptblock {<insert all commands here>}
Any returned output is displayed on the local computer. Any time I need to query multiple remote computers or make changes to multiple machines, this is the cmdlet I use.
For example, if I wanted to retrieve the values of the run key on RemoteComputer, I could run this command:
Invoke-Command -Computer RemoteComputer -scriptblock { Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\run }
However, Enter-PSsession and Invoke-Command are not the only ways to connect to a remote computer via PowerShell, because many cmdlets have built-in remote capabilities. For example, if I wanted to view the 100 most recent PowerShell logs from a remote computer using PowerShell 7, I could run this command:
Get-WinEvent -ComputerName "192.168.1.65" -LogName PowerShellCore/Operational -MaxEvents 100
The screenshot below shows the corresponding event in the Event Viewer.
The primary advantage of using the CLI over the GUI is that you can filter and sort by using a pipe| followed by Where-Object -property <insert criteria>, such as event ID, message contents, and age. Here is how I could find the PowerShell logs from today:
Get-WinEvent -ComputerName "192.168.1.65" -LogName PowerShellCore/Operational | Where-Object { $_.TimeCreated -ge ((Get-Date) - (New-TimeSpan -Day 1)) }
If I want to filter down further to search only those logs that contain the phrase IPC, I can do this:
Get-WinEvent -ComputerName "192.168.1.65" -LogName "PowerShellCore/Operational" | Where-Object { $_.TimeCreated -ge ((Get-Date) - (New-TimeSpan -Day 1)) } |Where-Object -property Message -like "*IPC*"
If I want to see which logs I can access on a remote computer and return the list as a table, I can run this command:
Get-WinEvent -ComputerName "192.168.1.65" -ListLog * | Select-Object LogName, RecordCount, IsClassicLog, IsEnabled, LogMode, LogType | Format-Table -AutoSize
PsExec
The last way to access a remote is to use PsExec. PsExec has been part of Microsoft's Sysinternals tool suite for over a decade, and requires nothing to be installed on the remote machine for it to work.
There are only three requirements to use PsExec on a remote machine: the user needs to be a member of the administrator group, both the local and remote computers must have File and Print Sharing enabled, and the Admin$ share (default setting) must be defined on the remote system.
For example, if you want to open the registry editor on 192.168.1.65, you can use the following command:
psexec64 -i \\192.168.1.65 c:\windows\regedit
with the following results:
Opening regedit on a remote computer using PsExec
If you want to see which account was used to run this command, you can use the whomai command.
If you need to specify different credentials, run this:
psexec \\<remote computer> -u remote\administrator -p adminpass ipconfig
With this command, you can remotely start or stop a service:
psexec64 \\192.168.1.65 net start spooler
One thing to keep in mind: some antivirus programs falsely identify PsExec as a dangerous file. This happens because malware has been known to use PsExec to transfer viruses. Thus, you can ignore these warnings because you know for sure that the application you are using is a Microsoft tool and that you are not malware. 😉
Subscribe to 4sysops newsletter!
Conclusion
This article only skims the surface of what you can do with these tools, and I only covered the most common ways to gain remote computer access. One thing to remember is that you will need to be a member of the administrators group to use all the remote tools covered in this article.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
You might also consider to use Windows Admin Center for this purpose.
Thanks Wolfgang for the note.
1)
I liked Windows Admin Center as it gives everything on the same platform. A quick and nice way to monitor updates on a remote machine, RDP, PS-remote-ing and also SMB. It uses TLS too. Windows Admin Center seems to have a module (to be subscribed) for accessing Windows servers on Azure.
2)
With the rise of Ransomware, RDP and PowerShell based remote-ing is always under scrutiny by security teams.
3)
Anyone have successfully implemented a 2FA with the RDP? I would be interested in that. I tried a 2FA using JumpCloud that was not possible, although it worked perfect on the host’s terminal. Absence of an MFA option in the Windows machines scares me most. Sometime I wonder why Microsoft is ignoring that.
@ratan, actually I read about 2FA for RDP using Duo but never actually tried it myself. You can read about it here:
https://duo.com/docs/rdp
Wolfgang, thanks for the suggestion. I’ve never used Windows Admin Center, but it looks like the Microsoft version of VMware’s Vcenter, and would likely be a great tool to manage servers. The biggest limitation I see is that you can’t use it to manage non-server endpoints. Still a great option for a SysAdmin.
I do think it’s a great option, and will see if I can add a new section for two other free tools that can be helpful in remote access of endpoints.
A solution we’ve used here for years is DameWare Remote Access, as well as LogMeIn – though that’s getting ridiculously expensive.
Steve, you’re 100% correct. There are many commercial solutions that do provide remote access. Teamviewer is another one that I used with great success. For this article, I tried to restrict the solutions to either the built-in applications, or those provided for free by Microsoft.
Thanks for this descriptive article. About Windows Admin Center I can say that is an helpful tool for managing Windows servers.