Cmd.exe as a Terminal Services Remote Program

It has been too long since I last posted, I’ll try to get back on a more regular schedule. Today’s topic will be how to use Terminal Server Remote Programs to publish cmd.exe and allow you to run the Server Core cmd.exe in a window on your Vista or Longhorn Server installation.

You will need a Longhorn Server installation with the Terminal Services role installed. Once the administrative tools replacement is available in the builds you will be able to just install the Terminal Services tools.

To configure cmd.exe as the remote program:

1.      Start MMC and add the Terminal Services Remote Programs snap-in, and then connect it to the Server Core server.

2.      In the Action pane of the snap-in, click Add Remote Programs and then navigate to \\<ServerName>\c$\windows\system32\cmd.exe (where ServerName is the name of the Server Core server).

3.      In the Allow list, select Remote cmd.exe, and then select Create RDP package.

You can then use the RDP package to connect to the Server Core server using the RDP package.

Comments (3)

  1. JamesB says:

    I’m sorry and forgive me if I’m wrong. But in this day and age, why no SSH, why telnet?

    What possible reason can there be for having to set up a remote desktop connection linked to a cmd prompt instead of using SSH?

    From the sound of it, though I’ve only really read the marketing blurb, installing something such as openssh under cygwin is going to be fairly awkward now when using only core server.

  2. Anonymous says:

    JamesB: I think that you need to re read the initial post.  There is no telnet mentioned.  This happens via Remote Desktop Protocol on tcp port 3389.  I believe that the default encryption is 128 bit RC4 with more secure features in new version(s).

  3. Joshua says:

    FYI, it is possible to install Cygwin SSHD on Server Core. See…/remotely-managing-your-server-core-using-ssh.aspx for instructions.

    Anyway, I like to configure sshd to use key authentication, which means one cannot remove the extra privileges granted by the installer to the sshd account.

    For security reasons it is a good idea to grant the additional "privileges" deny login over the network and deny login over terminal services to that account, and set password never expires in case group policy feeds garbage to the server settings.

    Be forewarned sshd key authentication can log users into disabled accounts. To disable accounts from sshd, change the shell in /etc/passwd to /bin/true. /etc/passwd is in UNIX line format so use cygwin's own tools to manipulate it.

Skip to main content