Windows 7, how to configure/allow remote cmd access to specific PC/IP address from the local network?

In Windows 7, how do I configure/allow remote command prompt access to specific PC or IP address from the local network?

LE:

PsList gave me: "Access is denied."

Firewalls are on both PCs, off. RPC and Remote Registry services are started on the target PC. Both are running Windows 7, and the target PC has password protected account.

The PCs are in the same network, behind a router. The ping is working between the PCs.

Do I need to set Workgroups, Domains, etc.?

What else could I do?

Nick

Posted 2014-02-22T20:39:55.260

Reputation: 173

Tasklist and PsList, but I could not manage to login, and nor have I set the required filtering, in order to give access only to specific PC/IP. – Nick – 2014-02-22T21:12:27.637

Did you enter your user/pass in the command arguments so it would authorize access? – Collin Grady – 2014-02-22T22:20:20.653

No, I have entered it after I received a prompt for password. – Nick – 2014-02-23T06:54:14.140

Answers

To achieve your desired goal, you need to take two distince steps.

First, enable the Remote Desktop Protocol. Unfortunately there is no simple way to do this, so I will describe the path through the GUI. Open the control panel -> System and Security -> System -> Remote Settings -> Remote tab. Select any of the "Allow connections from...". If you like, limit it to certain users. Otherwise only administrator accounts will have access.

Microsoft offers a more involved how-to, Tip: Configure Remote Desktop Access on Windows 7 Systems.

Next, configure your firewall. Fortunately you can configure it through the command line interface. Open a command line interface with administrator rights and enter:

netsh advfirewall firewall add rule name = "Remote Desktop" Dir = in action = allow protocol = TCP localport = 3389 remoteip=192.168.0.111/24

Of course, replace the remoteip with the right one. You can read more about netsh in How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista.

bjanssen

Posted 2014-02-22T20:39:55.260

Reputation: 2 289

He is clearly referring to the sysinternals command line tools, not RDP. – rjt – 2014-06-30T07:52:33.037

1My bad. I can't edit my comment, so disregard it. – bjanssen – 2014-06-30T19:21:03.027

I've tested the following: Firewall on target PC off, RPC and RR services on. Remote settings->"Allow connections from computers running any version of Remote Desktop". I have not specified a certain user here. I have not fiddled with Workgroups. The PCs are in the same network, behind a router. The ping is working between the PCs. Result: Access is denied. – Nick – 2014-02-22T21:42:51.693

@Nick: I'm not quite sure to which service you are refering by writing "RR" and the two RPC services are on "autmatic" or "manual", so will be startet if needed. If your MS Windows is in a default state, the provided directions should be sufficient to enable remote desktop protocol. If you have tinkered with running services before, I'd suggest reseting them to default state. – bjanssen – 2014-02-23T11:15:50.747

@Nick: Furthermore, please post how you try to access the remote machine. – bjanssen – 2014-02-23T11:18:54.577

pstlist \Workstation -u MyUser OR tasklist /s Workstation /u MyUser OR tasklist /s <IP> /u MyUser and I always received Access is denied. RR is Remote Registry. – Nick – 2014-02-23T20:57:21.220

First, try connecting with a user account that exists on the remote machine AND has administrator privileges there. Second, try to establish a direct rdp-connection with the mstsc.exe command. – bjanssen – 2014-02-24T06:51:20.367

Both machines should have the same exact account and password to keep it simple. Enabling RDP would help make sure the username and password works, but port 3389 has nothing to do with SysInternals tools.

If windows file and printer sharing are installed on the remote machine, you will probably have everything needed networking wise. Always append **/accepteula** to every SysInternals utility everytime you run it, otherwise pslist will hang waiting for you to press OK when you cannot.

pslist.exe /accepteula -u COMPUTERNAME\localUserOnRemoteMachine \\RemoteMachine

pslist.exe /accepteula -u DomainName\DomainUser \\RemoteMachine

You may be running up against UAC or the fact that Windows treats any machine on your LAN as it would another machine on the internet and block any programs from running from intranet machines. Since it does not sound like you are on a ActiveDirectory Domain, i bet a username is not in sync.

psexec.exe gives better error information.

rjt

Posted 2014-02-22T20:39:55.260

Reputation: 878