How to add a user to Terminal Services RDP permissions by using WMI

Article translations Article translations
Article ID: 290720 - View products that this article applies to.
This article was previously published under Q290720
Expand all | Collapse all

On This Page

SUMMARY

This article describes three methods to add users or groups to Terminal Services Remote Desktop Protocol (RDP) permissions, two of which use Windows Management Instrumentation (WMI). One method is through the graphical user interface (GUI), and the other two methods use WMI by using a script and the WMI command line utility, wmic.

MORE INFORMATION

To add users or groups to Terminal Services RDP permissions, use one of the following methods:

Using the GUI

  1. Open Terminal Services Configuration.
  2. In the Connections folder, right-click RDP-Tcp.
  3. Click Properties.
  4. On the Permissions tab, click Add, and then add the desired users and groups.
Note You cannot use the GUI to configure permissions to log on to the console session with RDP. To change permissions for the console session (session zero), you must use the WMI methods below, and specify Console instead of RDP-Tcp for the terminal name.

Using WMI in a script

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. Create a script by using the following code sample:
set RDPObj = GetObject("winmgmts:{impersonationLevel=impersonate}!Win32_TSPermissionsSetting.TerminalName='RDP-Tcp'")
RDPobj.AddAccount "Domain\User", X
				
Where "Domain\User", X:
  • Domain\User: Target domain and account (user or group) to which permissions are to be granted. For local accounts, replace Domain\User with only User, where User is a local account on the computer on which you are running the command.
  • X: The type of access to be granted:
    0 = WINSTATION_GUEST_ACCESS
    1 = WINSTATION_USER_ACCESS
    2 = WINSTATION_ALL_ACCESS
To change permissions for the console session, change the terminal name to Console instead of to RDP-Tcp.
set RDPObj = GetObject("winmgmts:{impersonationLevel=impersonate}!Win32_TSPermissionsSetting.TerminalName='Console'")RDPobj.AddAccount "Domain\User", X
To revert the permissions back to the default permissions, specify the relevant terminal name. Then, call the RestoreDefaults method.
set RDPObj = GetObject("winmgmts:{impersonationLevel=impersonate}!Win32_TSPermissionsSetting.TerminalName='Console'")RDPobj.RestoreDefaults

Using the WMI command-line utility: WMIC

  1. At a command prompt, type wmic. Note: If it is not in the path, add %SystemRoot%\System32\Wbem\, or change to that directory and run wmic.
  2. At the wmic:root\cli> prompt, type the following command:
    PATH WIN32_TSPermissionsSetting.TerminalName="RDP-TCP" call AddAccount "Domain\user",X
    Where "Domain\User", X:
    • Domain\User: Target domain and account (user or group) to which permissions are to be granted. For local accounts, replace Domain\User with only User, where User is a local account on the computer on which you are running the command.
    • X: The type of access to be granted:
      0 = WINSTATION_GUEST_ACCESS
      1 = WINSTATION_USER_ACCESS
      2 = WINSTATION_ALL_ACCESS
    To change permissions for the console session, change the terminal name to Console instead of to RDP-Tcp.
    PATH WIN32_TSPermissionsSetting.TerminalName="Console" call AddAccount "Domain\user",X
    To revert the permissions back to the default permissions, specify the relevant terminal name. Then, call the RestoreDefaults method.
    PATH WIN32_TSPermissionsSetting.TerminalName="Console" call RestoreDefaults
  3. The following information is an example of the text that you will see after you run wmic and input the command:
    C:\WINDOWS\system32\wbem>wmic
    wmic:root\cli>
    wmic:root\cli> PATH WIN32_TSPermissionsSetting.TerminalName="RDP-TCP" call AddAccount "Domain\User", 2
    
    Execute (\\<ComputerName>\\root\vimv2: WIN32_TSPermissionsSetting.TerminalName="RDP-TCP")->AddAccount() (Y/N/?)
    
    Method Execution Successful.
    Out Parameters:
    instance of _PARAMETERS
    {
    RetureValue=0;
    };
    					
  4. Type quit to exit the wmic prompt and to return to the command prompt.

Properties

Article ID: 290720 - Last Review: December 3, 2007 - Revision: 9.2
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Small Business Server 2003 Premium Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
Keywords: 
kbhowto KB290720

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com