Windows Recovery–Load Registry

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Ok, today I locked-out myself from one of my dedicated servers.. how? I changed the RDP-Port in the Registry:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

WindowsRegistryRDPPortKey

And then, I FORGOT to add the new Port to the so called ‘Windows Firewall with Advanced Security’ .. it was like a lighting strike in my body when I clicked ‘restart Server’

Logo_winlogo

So, I used putty to open an SSH connection to the server. Easy I thought, REG ADD “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” /t REG_DWORD /v PortNumber /d d3d /f

noooo, Access Denied .. ok, UAC is enabled .. tried to figure out if there’s a way to elevate the prompt .. but didn’t find a route/solution .. so I decided to reboot the server in Windows Recovery Mode, started regedit.exe and used load hive to load the SYSTEM Hive (found under C:\Windows\System32\Config). entered a name for the temporary hive, changed the PortNumber (always use CurrentControlSet1 – it’s the last successful config) and unloaded the hive.. then I remembered that I read an article about editing the registry ‘offline’ using reg.exe .. just to verify if the changed values have really been written in the SYSTEM Registry I used:

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

reg load HKLM\Win_SYSTEM C:\windows\system32\config\system
reg query "HKLM\Win_SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp"
reg unload HKLM\Win_SYSTEM

and see what I got:

WindowsRegistryLoad_Unload_RegQueryRDP_PortNumber

another option is to disable the Firewall completely using this bat/cmd file:

@echo off
:start
echo ****************************************************************
echo *                                                              *
echo *             1 : Disable Windows firewall on server           *
echo *                                                              *
echo *             2 : Enable Windows firewall on server            *
echo *                                                              *
echo ****************************************************************
 set /p choice= choose What to do:
 if not %choice%=='' set choice=%choice:~0,1%

 if %choice%==1 goto Menu1

 if %choice%==2 goto Menu2

 echo %choice% WRONG option, choose 1 or 2
 goto start

 :Menu1
reg load HKLM\Win_SYSTEM C:\windows\system32\config\system
reg.exe add "HKEY_LOCAL_MACHINE\Win_SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d "0" /f
reg.exe add "HKEY_LOCAL_MACHINE\Win_SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile" /v "EnableFirewall" /t REG_DWORD /d "0" /f
reg.exe add "HKEY_LOCAL_MACHINE\Win_SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d "0" /f
reg unload HKLM\Win_SYSTEM
@echo on
@echo Firewall Disabled !
@echo off
goto end

 :Menu2

reg load HKLM\Win_SYSTEM C:\windows\system32\config\system
reg.exe add "HKEY_LOCAL_MACHINE\Win_SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v "EnableFirewall" /t REG_DWORD /d "1" /f
reg.exe add "HKEY_LOCAL_MACHINE\Win_SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile" /v "EnableFirewall" /t REG_DWORD /d "1" /f
reg.exe add "HKEY_LOCAL_MACHINE\Win_SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile" /v "EnableFirewall" /t REG_DWORD /d "1" /f
reg unload HKLM\Win_SYSTEM
@echo on
@echo Firewall Enabled !
@echo off
goto end

:end
pause

maybe this is of help for someone..

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.