cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Malbanese
Engaged Sweeper III

I am looking for a way to report on which computers in my domain have Remote Desktop enabled.

I am doing a network security audit and it would be great to have this information

THanks,

Michael
1 ACCEPTED SOLUTION
Hemoco
Lansweeper Alumni
You can check whether TermService (Remote Desktop Services) is started on the machines. An example report can be seen below.

Select tblComputers.Computername, tblComputers.ComputerUnique,
tblComputers.Domain, tblServices.Caption, tblServices.Name,
tblServices.Pathname, tblServices.Started, tblServices.Startmode,
tblServices.Startname, tblServices.State
From tblComputers Inner Join
tblServices On tblComputers.Computername = tblServices.Computername
Where tblServices.Name = 'termservice'
Order By tblComputers.ComputerUnique

To use the specified report, do the following:
• Open the Lansweeper configuration console and select Reports & Alerts\Report Builder. Hit the “New” button.
• Copy the SQL code provided and paste it at the bottom of the newly created report, replacing the default SQL code.
• Click somewhere near tblComputers so the new code applies.
• Give the report a “View name” and a “Report name” and hit the “Save” button.
• Double-click on the report in the report list to see its results and export options.

View solution in original post

6 REPLIES 6
Jpatterson
Engaged Sweeper II
I tried this and it seems that the table naming has changed since 2012 and I am not versed in SQL nor familiar with the table contents as of today. So I think I figured out another was to "cob" this query together.

1. Go to the scanning tab and select "File & Registry Scanning"

2. Click "Add Registry Scan"

3. set the rootkey drop down to "HKEY_LOCAL_MACHINE

4. set regpath to SYSTEM\CurRentControlSet\Control\Terminal Server

5. set regvalue to fDenyTSConnections

6. scan all assets

7. once the can is complete return to the File & Registry page from the scanning tab and click the report link to the right of the new regestry scann you just added

The pc's with remote desktop locally enabled will return a value of 0 those that are not locally enabled will return a 1.

Feedback on this would be greatly appreciated.

Thanks-
Awesome... Thank you so much.. I created a report using this registry scan. I'll be adding username and other user info to this but here is the basic code:


Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
Case tblRegistry.Value
When '0' Then 'Enabled'
When '1' Then 'Disabled'
Else 'Unknown/Custom'
End As Status,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID,
tblAssetGroups
Where tblAssetCustom.State = 1 And tblRegistry.Valuename = 'fDenyTSConnections'
Order By tblAssets.AssetName





Jpatterson wrote:
I tried this and it seems that the table naming has changed since 2012 and I am not versed in SQL nor familiar with the table contents as of today. So I think I figured out another was to "cob" this query together.

1. Go to the scanning tab and select "File & Registry Scanning"

2. Click "Add Registry Scan"

3. set the rootkey drop down to "HKEY_LOCAL_MACHINE

4. set regpath to SYSTEM\CurRentControlSet\Control\Terminal Server

5. set regvalue to fDenyTSConnections

6. scan all assets

7. once the can is complete return to the File & Registry page from the scanning tab and click the report link to the right of the new regestry scann you just added

The pc's with remote desktop locally enabled will return a value of 0 those that are not locally enabled will return a 1.

Feedback on this would be greatly appreciated.

Thanks-
harringg
Champion Sweeper
Thanks for posting that question (and solution). I was looking to do something similar, but find ones not enabled. I modified the code to show machines with RDS disabled and the last date an active scan was done and it's listed below.

 SELECT TOP 1000000 tblcomputers.computername,
tblcomputers.computerunique,
tblcomputers.domain,
tblservices.caption,
tblservices.name,
tblservices.pathname,
tblservices.started,
tblservices.startmode,
tblservices.startname,
tblservices.state,
tblcomputers.lastactivescan
FROM tblcomputers
INNER JOIN tblservices
ON tblcomputers.computername = tblservices.computername
WHERE tblservices.name = 'termservice'
AND tblservices.started = 'false'
ORDER BY tblcomputers.computerunique
Kept getting an error on yours, so I created a different one based off the registry scan from the comment below.


harringg wrote:
Thanks for posting that question (and solution). I was looking to do something similar, but find ones not enabled. I modified the code to show machines with RDS disabled and the last date an active scan was done and it's listed below.

 SELECT TOP 1000000 tblcomputers.computername,
tblcomputers.computerunique,
tblcomputers.domain,
tblservices.caption,
tblservices.name,
tblservices.pathname,
tblservices.started,
tblservices.startmode,
tblservices.startname,
tblservices.state,
tblcomputers.lastactivescan
FROM tblcomputers
INNER JOIN tblservices
ON tblcomputers.computername = tblservices.computername
WHERE tblservices.name = 'termservice'
AND tblservices.started = 'false'
ORDER BY tblcomputers.computerunique


Malbanese
Engaged Sweeper III
Perfect.

Thanks so much!
Hemoco
Lansweeper Alumni
You can check whether TermService (Remote Desktop Services) is started on the machines. An example report can be seen below.

Select tblComputers.Computername, tblComputers.ComputerUnique,
tblComputers.Domain, tblServices.Caption, tblServices.Name,
tblServices.Pathname, tblServices.Started, tblServices.Startmode,
tblServices.Startname, tblServices.State
From tblComputers Inner Join
tblServices On tblComputers.Computername = tblServices.Computername
Where tblServices.Name = 'termservice'
Order By tblComputers.ComputerUnique

To use the specified report, do the following:
• Open the Lansweeper configuration console and select Reports & Alerts\Report Builder. Hit the “New” button.
• Copy the SQL code provided and paste it at the bottom of the newly created report, replacing the default SQL code.
• Click somewhere near tblComputers so the new code applies.
• Give the report a “View name” and a “Report name” and hit the “Save” button.
• Double-click on the report in the report list to see its results and export options.