by Srini
The Run command for Windows Remote desktop application is Mstsc.
Just open Run
from start menu and type mstsc
in the text box next to open and press enter. 
This command mstsc
can be used from command line too.
A system running Windows 7 / Windows 10 allows only one remote desktop connection at a time, means only one remote user can work on it any time. A computer running Windows server edition can support remote sessions for multiple users at the same time.
Every time we connect to the server it opens a new user session. To avoid this we can open a connection to the console. This allows us to login back to the same user session if we already have one. To do this we need to add / console switch to the mstsc command.
Mstsc / console
This command can be run from command prompt or from Run window.
Run command for opening remote desktop session in full screen mode
Add / f switch to the command.
Mstsc / f
Run command for specifying the remote computer name from the command itself
Use / v switch in this case.
Mstsc / v: computername
Run command to specify remote desktop connection settings using a rdp file
mstsc RDP_filenameA RDP file can be created using the ' Save as'Button in the General tab in mstsc (Remote desktop connection client) window.
These commands work on XP, Vista, Windows 7 and Server 2003/2008 operating systems.
Run command for Remote desktop manager
There is no Run command for opening remote desktop connection manager directly. It is usually installed in the path C: \\ Program Files \\ Remote Desktop Connection Manager \\ RDCman.exe. By specifying this complete path we can launch connection manager.
There was a task to perform some operation using the command line on another computer, by itself go to the user to run command line and driving in commands is not our method, we need to start the command line of the remote computer without getting up from the chair and perform the necessary actions in the command line. Of course, such an action can be performed using remote connection programs, but this is not always convenient and requires you and the user to have a similar program ( client-server). The procedure for connecting to the command line of another computer can be performed quite simply using the command PSEXEC.
PsExec is a command line utility with the ability to interactively invoke the command line interface on remote windows systems and remotely run various commands.
This utility can only be installed on the administrator's computer. To install, you need to download it, here is the link to microsoft official site ... After downloading the archive, you need to unzip it, find the PsExec.exe file in the unzipped folder. Click on it twice, a window with a license agreement will appear, click " Agree".
Let's analyze the command syntax:
psexec [\\\\ computer [, computer2 [, ...] | @file] [- u user [-p password]] [- ns] [- l] [- s | -e] [- x] [- i [session]] [- c [-f | -v]] [-w directory] [- d] [-<приоритет>] [- a n, n, ...] program [arguments]
a computerInstructs PsExec to run the application on the specified computer or computers. If no computer name is specified, then PsExec will launch the application on the local system, but if an asterisk (\\\\ *) is specified for the computer name, then PsExec will launch the application on all computers in the current domain.
@fileInstructs PsExec to run the application on all computers listed in the specified text file.
-aThe processors on which the application can be run are separated by commas, and the processors are numbered starting from 1. For example, to run the application on processors two and four, enter "-a 2,4"
-cThe specified program is copied to the remote system for execution. If this parameter is not specified, then the application must be in system folder remote system.
-dIndicates not to wait for the application to complete. This parameter should only be used when running non-interactive applications.
-eThe specified account profile is not loaded.
-fThe specified program is copied to the remote system, even if the file already exists on the remote system.
-iThe program being launched accesses the desktop of the specified session on the remote system. If no session is specified, then the process is executed in the console session.
-lWhen the process starts, the user is granted limited rights (the rights of the Administrators group are revoked and the user is granted only the rights assigned to the Users group). In Windows Vista, the process starts with a low security level.
-nAllows you to set the delay in connecting to remote computers (in seconds).
-pAllows you to specify an optional password for the username. If this parameter is omitted, you will be prompted to enter a password, and the password will not be displayed on the screen.
-sThe remote process is started from the system account.
-uAllows you to specify an optional username for logging into the remote system.
-vThe specified file is copied to the remote system instead of the existing one only if its version number is higher or is newer.
-wAllows you to specify the working directory for the process (the path inside the remote system).
-xDisplays the user interface on the Winlogon desktop (local system only).
-a priority (priority) Allows you to set different priorities for the process: -low (low), -belownormal (below average), -abovenormal (above average), -high (high), or -realtime (real time).
programThe name of the program to run.
argumentsArguments passed (note that file paths must be specified as local paths on the target system).
Examples of team work PSEXEC:
1) In order to start the command line of another computer, you must enter
psexec \\\\<имя компьюетра> cmd
eg:
psexec \\\\ WIN782 cmd
after that you can enter the commands you need.
2) In order to run any program (in this example test.exe) on the remote computer, you must run the command, (this command copies the test.exe program to the remote system and runs it interactively).
psexec \\\\<имя компьютера> -c test.exe
eg:
psexec \\\\WIN782-c test.exe
3) If such a program is already installed on the remote system and is not in the system directory, specify the full path to this program
psexec \\\\ WIN782 c: \\ temp \\ test.exe
Greetings, dear readers, and again Denis Trishkin is in touch.
I recently came across a question like "Remote Desktop" (RDP Windows 7). This tool allows you to operate your computer using a different device. So, for example, the user can perform all required functions on a PC located in the office. Agree, in some situations such an opportunity is convenient. But at the same time, you first need to debug everything correctly.
In order to enable rdp, you need to do a few things:
Establishing a connection( )
To establish a connection via rdp, you first need to know its IP address. To do this, on the desired device, go to the command line (open "" and write " cmd»).
In the window that appears, indicate "". A list will open in which you need to find a string with the IPv4 parameter. The numbers that are indicated opposite are the data we need.
After that, on the computer from which we plan to connect, run the rdp client or "". To do this, go to " Start"And then go to" Standard».
to enlarge
A window will open where the equipment address (IPv4) is set. Then press "".
If everything is indicated, as it should be, a menu will appear in which you need to enter your username and password to establish communication.
Before that, there is a choice of " Parameters", Where various rdp settings are provided:
Update( )
It is important to understand that when permanent work with this tool, you need it to perform all its functions 100%. Otherwise, users may simply not achieve their goals.
For correct functioning, all settings must be specified correctly. But in some cases this is not enough. It is also worth installing all upcoming rdp updates from Microsoft on time. This can be done not only in the appropriate center provided in the operating system itself, but also on official page developer.
Changing the RDP port( )
For a standard connection to a remote computer, port 3389 is used. In this case, interaction occurs through TCP protocol... Therefore it is used without udp.
To increase the security of the connection, there is the possibility of changing rDP port... Changing the value will reduce the risk of intrusion into the system in case of automated password guessing.
For the procedure, you must use the registry editor:
No connection( )
Sometimes users may face a situation where rdp doesn't work. It is important to note that, judging by the statistics, the user still manages to get to the server, but some network tools do not let him go further. There are several effective ways to solve this problem.
All editions of Windows, starting from XP, have a standard RDP client that is used to connect to the Remote Desktop Service. In this article I want to describe in detail the capabilities of this program.
The RDP client is used to connect to a terminal server using the Remote Desktop Protocol, or via Remote Desktop. You can also read about installing the server using the terminal on this site.
You can start the program "" from the menu " Start» — « All programs» — « Standard» — « Remote Desktop Connection", Or by running the command mstsc.exe(to do this, press the key combination WIN + R and enter the name of the command in the appeared window " Execute"). Accordingly, the executable file itself mstsc.exelocated in the directory C: \\ Windows \\ System32... For convenience, you can put a shortcut to the worker with the specified settings.
In the window that appears, you need to enter the ip-address or the name of the server to which you want to connect.
When connected, you will be prompted to enter your credentials. After entering, you will be taken to your server desktop.
To change the parameters, click on the link " Show options»In the main window of the program.
In the menu that appears, you can configure the parameters you need, which will be used when connecting.
On the second tab “ Screen»Configures the size of the connected remote desktop and the color depth for the remote session. You can also remove the connection panel that is completely moving out from above, but I do not advise you to do this, since close the connection via Alt + F4 will not work if the settings are set to use the keyboard shortcut " on a remote computer", And the connection can be closed only through the" Task Manager ".
On the tab “ Local resources "Sound transmission is configured - recording and playback. To configure, you must click the " Options».
It also configures " Using keyboard shortcuts", Which I wrote about above.
On this tab, you can configure enabling or disabling the "Printers" and "Clipboard", which will be used during a remote session, by clearing or, conversely, setting the flag of those parameters that you need.
And if you press the button " More details", Then it will be possible to put the connection" Smart cards ", if, of course, you have a Smart card with credentials, you can also connect any disk or DVD and CD-ROM of the local computer from which the connection is made.
On the tab “ Programs»You can configure the launch of the program that will be automatically launched when the user logs on to the remote desktop. The user's working directory is also configured here.
On the next tab “ Interaction", You can specify the connection speed with terminal server and specify those parameters that are needed or not needed to improve performance. Although in our time of high-speed Internet these settings are no longer relevant, so you can safely leave auto-detection.
On the tab “ Additionally"Server authentication is configured.
You can also configure a Remote Desktop Gateway connection by clicking the " Options».
To save all the set parameters, go to the " Are common"And save the settings as an RDP connection shortcut in any place convenient for you and with any name.
Through the shortcut obtained in this way, you will connect to the remote desktop with the previously made and saved settings.
Did this article help you?
Windows has always been associated with graphical interface, and for a long time win-admins considered it a blessing not to remember the console commands. But with the increasing possibilities, using the GUI did not seem so easy anymore. Settings have to be looked for among the numerous nested dialog boxes. Attempts to optimize everything, swap positions and add new wizards only added to the confusion. Server Core appeared, instead of one server, you have to manage dozens of them, often performing the same type of operations. As a result, the admins returned to the console.
Basic operations
In fact, the development of console utilities has not stood still all this time. The list of commands has not changed much: net, netdom, whoami, slmgr.vbs activation script, sc service control program, network utilities for configuring and diagnosing ipconfig, netsh, netstat / nbtstat, arp / getmac, ping, tracert, nslookup and many others. After the announcement of PowerShell, official information appeared that the usual utilities will no longer develop, they will be replaced by cmdlets.
Such a fate befell the console version of the ServerManagerCmd.exe server manager and the OCSetup.exe component installation utility, which, having appeared in Win2008, disappeared already in Win2012. The Install-WindowsFeature and Add-WindowsFeature cmdlets are now used to install features from the console. Console utilities are still more familiar than cmdlets, but the result obtained using PowerShell allows you to select more parameters, filter them, and process them in scripts. And most importantly, now the necessary data can be obtained not only from the local, but also from the remote system, and in a convenient form. All this suggests that you need to be ready for change.
In the latest OS revisions, the shortcut to launch cmd.exe was hidden away in the menu. True, there is no special need to use it, since all traditional console commands can be entered directly in the PowerShell console (although there are nuances), which has an undoubted advantage - auto-completion (by Tab). Gradually, the corresponding cmdlets appear to replace the good old utilities, which produce a similar result. Let's try to figure out all the operations in order, consider typical tasks using console commands and PowerShell.
Immediately after installation, the operating system is given a randomly generated name. To rename the system and connect it to the domain, use the netdom utility:
\u003e netdom renamecomputer Win01 / newname: SRV01\u003e netdom join SRV01 /Domain:example.org / OU: ou \u003d ouname, dc \u003d example, dc \u003d org / UserD: DomainAdmin / PasswordD: password
The same operations with PowerShell look even clearer.
PS\u003e Rename-Computer –NewName SRV01 PS\u003e Add-Computer -domainname example.org -OUPath "OU \u003d ouname \u003d example, DC \u003d org"
After installing the system or component, you may need to configure the service startup mode. There are two commands in the console for this:
\u003e Sc config winrm start \u003d auto\u003e Net start winrm
But there are several cmdlets for managing the launch of services: Get-Service, Start-Service, Set-Service, Stop-Service, Resume-Service. Their purpose speaks for itself.
PS\u003e Set-Service -name winrm -status Running -StartupType Automatic
Sconfig.cmd
Win administrators don't like to memorize commands; the system contains a convenient shell for most console commands Sconfig.cmd. It was originally developed for Server Core, but in Win2012R2 it is also available in the complete installation server. Sconfig does not require knowledge of all the keys and allows, moving through 15 points, quickly make basic settings or execute some commands: add a server to a domain or working group, change the computer name, add a local administrator, configure remote control via WinRM and Remote Desktop, configure the network, Windows Update, time and date, restart and shutdown the computer. It should be remembered that the script uses standard console utilities and if they disappear in the next release, then most likely there will be no Sconfig either.
But mounting network drives is not so simple. Traditionally, this operation is performed using net use:
\u003e net use E: \\\\ SRV01 \\ users / Persistent: Yes
Its counterpart is the New-PSDrive cmdlet (from PowerShell Drive), but there is a problem here that is not obvious to many and raises a bunch of questions.
PS\u003e New-PSDrive –Name E –PSProvider FileSystem –Root \\\\ SRV01 \\ users
With the New-PSDrive, a so-called powerShell diskwhich is only available in the current console session and only in PowerShell. That is, you cannot connect to such a disk using Explorer, WMI, .NET Framework, net use. It's not obvious, but the documentation clearly states it. It's just that few people read it.
To use the drive permanently, you must export the session in which the drive was added, or store the New-PSDrive command in the PowerShell profile, or use the New-Object cmdlet initially:
PS\u003e $ net \u003d New-Object -ComObject WScript.Network PS\u003e $ net.MapNetworkDrive ("E:", "\\\\ SRV01 \\ users")
And only PowerShell 4.0 introduced the –Persist parameter, which allows you to mount PS drives permanently.
PS\u003e New-PSDrive –Name E –PSProvider FileSystem –Root \\\\ SRV01 \\ users –Persist
The Windows console offers two utilities for working with disks and partitions: diskpart and fsutil. They are not very convenient and informative, and therefore are not popular and are often replaced with alternative designs. Let's get statistics for the section.
\u003e fsutil fsinfo statistics C:
Get-Command disk"Will issue several cmdlets, but in our example they are not very helpful, and you still have to go to WMI to get information about free space:
PS\u003e Get-WmiObject Win32_LogicalDisk -ComputerName SRV01 -Filter "DeviceID \u003d" C: "" | Select-Object Size, FreeSpace
Access to files in Win is traditionally regulated by two utilities - takeown and icacls (there is also cacls, but it is deprecated), which do their job well. For example, to make the current account (must be a member of the admin group) the owner of the directory, just enter:
\u003e takeown / f c: \\ temp pue
The icacls utility allows you to manage access control lists. For example, let's save the ACL to a file and restore it:
\u003e icacls c: \\ temp \\ * / save acl.txt / T\u003e icacls c: \\ temp \\ / restore acl.txt
The same operation looks simpler with PowerShell:
PS\u003e Get-Acl c: \\ temp | Set-Acl -Path c: \\ temp
Managing BYOD with PowerShell
One of the most big problemsthat you encounter when working with the BYOD model is the lack of user device control. In Win2012R2, this is fueled by the Device Registration Service (DRS), during registration, a certificate is installed on the device, and a new device object is created in AD.
This object establishes a connection between the user and the device, creating something like two-factor authentication... Users gain access to corporate resources that were not available when they were working outside the domain network. To work, you need the Active Directory Federation Services (AD FS) role and the DRS service itself (installed using the Install-AdfsFarm cmdlet). Now we initialize the service and start registering user devices.
PS\u003e Initialize-ADDeviceRegistration -ServiceAccountName example \\ adfsfarm PS\u003e Enable-AdfsDeviceRegistration
In the AD FS Management console, go to Authentication Policies, select Edit Global Primary Authentication and enable Enable Device Authentication. Now, using the Get-AdfsDeviceRegistration cmdlet, we can view and confirm devices ().
Network settings
The set of console network utilities is quite well known to administrators, because they have to be used quite often, both during installation and for diagnostics. Configure the network interface using the netsh interface. For example, let's look at the list and set the IP and DNS server for one of the available ones:
\u003e netsh interface ipv4 show interfaces\u003e netsh interface ipv4 set address name \u003d "1" source \u003d static address \u003d 192.168.1.10 mask \u003d 255.255.255.0 gateway \u003d 192.168.1.1. \u003e netsh interface ipv4 add dnsserver name \u003d "Local" address \u003d 8.8.8.8 index \u003d 1 
Use the New-NetIPAddress and Set-NetIPAddress cmdlets to set and change network interface parameters using PowerShell 3.0 and above.
PS\u003e Get-NetIPInterface PS\u003e Set-NetIPAddress –InterfaceAlias \u200b\u200bEthernet –IPv4Address 192.168.1.10 –PrefixLength 24 –DefaultGateway 192.168.1.1 PS\u003e Set-DNSClientServerAddress –InterfaceAlias \u200b\u200bEthernet -ServerAddresses "192.168.1.8", "8.8.8.8"
Moreover, New-NetIPAddress allows you to set multiple IPs for one interface. Instead of InterfaceAlias, you can use the InterfaceIndex, which you can easily find in the Get-NetIPInterface output.
The route command has been replaced by a set of cmdlets that are very simple and straightforward to use.
PS\u003e Get-NetRoute PS\u003e New-NetRoute -DestinationPrefix "0.0.0.0/0" -NextHop "10.10.10.1" -InterfaceAlias \u200b\u200bEthernet 
The two cmdlets Test-Connection and Test-NetConnection (abbreviated as tnc) are analogous to ping. The first is very simple and resembles a regular ping, the second allows you to check the availability of a specific port or system from different PCs. For example, let's see which PCs in the group have RDP enabled, and check the connection to example.org from two systems:
PS\u003e Test-NetConnection -ComputerName example.org -source localhost, SRV02 PS\u003e (Get-ADComputer -LDAPFilter "(name \u003d office *)"). DNSHostName | Test-NetConnection -Port 3389
But sometimes you have to remember multiple cmdlets instead of one command. So, the state of network interfaces can traditionally be found using ipconfig. Before Win2012 / 8, you had to go directly to WMI to do the same with PowerShell. For example, we need MAC and IP addresses:
PS\u003e Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled \u003d TRUE | Select MACAddress, IPAddress
The patch variable
As commands, Win can accept any file with the extension exe, bat, cmd, com, js, msc and vbs, which is located in the current directory or registered in the PATH variable. It is very easy to view the PATH value. To do this, enter "echo% PATH%" or use the command set (set\u003e filename.txt). In the PowerShell console - "echo $ Env: PATH" or "Get-ChildItem Env:". To change, just add the desired directory:
\u003e set PATH \u003d% PATH%; C: \\ example
or use the GUI (My Computer -\u003e System Properties -\u003e Advanced -\u003e Environment Variables -\u003e Path). You can change the value using PowerShell by setting SetEnvironmentVariable:
PS\u003e :: SetEnvironmentVariable ("path", "$ env: Path; C: \\ example", "Machine")
And only in PowerShell 3.0 a simple analogue of ipconfig appeared, more precisely, several. For example, the Get-NetIPAddress cmdlet produces detailed information about interfaces, and Get-NetIPConfiguration (gip alias) allows you to get information about network settings: IP interface, gateway and DNS. By adding additional parameters, for example –Detailed, we get more data.
Having filtered their output, we can replace "ARP -a" with the outputting MAC address table and GETMAC with the outputting MAC address network adapters local or remote computer. There are already ready-made scripts. For example, Ping MultipleServer WithTraceroute.ps1 (goo.gl/0iLeyg) allows you to test connectivity to multiple servers and launch tracert analog to unresponsive systems.
WFAS management
Customization windows firewall in the enhanced security mode WFAS (Windows Firewall with Advanced Security) is traditionally performed using netsh advfirewall, which appeared in the OS starting with Win2k8 / Vista and has remained practically unchanged since then. The advfirewall context allows seven commands (export, import, dump, reset, set, show, and help) and four subcontexts (consec, firewall, mainmode, and monitor). You can view the details using the help key or '/?', And there are plenty of examples available on the web. For instance, set command allows you to configure profiles, show - view the status. We look at the default settings, activate the profiles and set the blocking by default for the Domain.
\u003e netsh advfirewall show allprofiles\u003e netsh advfirewall set allprofiles state on\u003e netsh advfirewall set domainprofile firewallpolicy blockinbound
Official information says that in the next releases netsh may disappear, and you should use PowerShell cmdlets, which also allow you to control even more functions. NetSecurity cmdlets are only available in PS 3.0, to use them in Win2012 / 8, you must import the Import-Module NetSecurity. Using Get-Command firewall we get a list of 27 cmdlets (the complete list of the module cmdlets is goo.gl/Aj9Mg4). The situation is simplified by the fact that the names of the cmdlets overlap with the netsh commands.
Now the same example, but using PS tools:
PS\u003e Get-NetFirewallProfile PS\u003e Set-NetFirewallProfile -All -Enabled True PS\u003e Set-NetFirewallProfile –Name Domain –DefaultInboundAction Block
As you can see, the cmdlets look even simpler. Instead of the All parameter, you can specify a specific profile: –Profile Domain, Public, Private.
Other functions are also available. For example, we can exclude an Ethernet interface from the Public profile.
PS\u003e Set-NetFirewallProfile -name Public -DisabledInterfaceAliases Ethernet
To return the settings to their original state, it is enough to install NotConfigured instead of Ethernet. Additional parameters on the Set-NetFirewallProfile cmdlet allow you to configure logging, add IP, port, protocol, and more. All manipulations with rules are performed using seven cmdlets: New | Set | Copy | Enable | Disable | Remove | Rename-NetFirewallRule. To view the established rules, we use the Get-NetFirewallRule cmdlet; using filters, we can easily select the ones we need. For example, blockers and everything related to IE:
PS\u003e Get-NetFirewallRule -Enabled true -Action block PS\u003e Get-NetFirewallRule -DisplayName “* IE *”
Let's create a rule to block outgoing connections for IE in two profiles.
PS\u003e New-NetFirewallRule -Program “C: \\ Program Files \\ Internet Explorer \\ iexplore.exe” -Action Block -Profile Domain, Private -DisplayName “Block IE” -Description “Block IE” -Direction Outbound
Now we can add the protocol, port and IP of the remote and local systems to the rule.
PS\u003e Set-NetFirewallRule -DisplayName “Block IE” -Protocol TCP -RemotePort 80 -RemoteAddress “10.10.10.1-10.10.10.10” -LocalAddress “192.168.1.10”
When creating or modifying, we can group rules using the -Group parameter, and subsequently manage not one rule, but all members of the group using -DisplayGroup. To disable the rule, use
PS\u003e Disable-NetFirewallRule -DisplayName “Block IE”
Conclusion
It is quite obvious that in the future, the admin will more and more have to configure settings not using the GUI, but using the command line tools. It is faster, automates almost all tasks, and is easy to manage with a large number of servers.
INFO
You can view a list of cmdlet parameters using Show-Command, for example Show-Command Get-NetFirewallRule.
