Fog Creek Software
Discussion Board

Remote Access to W2K boxes ...

Anyone have any suggestions on the easiest (and cheapest) way to access a w2k box remotly (ala UNIX rsh/rlogin) to do things like restart a webserver and database.
I know there are tools like pcAnywhere out there, but I'm looking for a command line solution, so that things could be automated/scripted.



Paul Reidy
Wednesday, February 27, 2002

Surely you jest.

Ryan Ware
Wednesday, February 27, 2002

Windows 2000 has a telnet server built in. 

'net start telnet'  will start the service.  tlntadmn.exe is a console app to set some options.   

For the most part this has worked ok for me, although editing files was a pain because Win2k's telnet client wouldn't send Ctrl characters properly so DOS edit doesn't work.    I downloaded a freeware vi clone (calvin) and that worked fine.

Wednesday, February 27, 2002

You can run sshd under Cygwin, which should give you what you want...  Well, you can run rshd or telnetd as well, but then you're passing a webserver admin password around the network in clear text, which may not be what you want to do...

Setup instructions can be found at

Mike G.
Wednesday, February 27, 2002

If your aversion to PCAnywhere is the cost, try VNC, or its better faster sister TightVNC.  It works great for me and TightVNC clients are available for many OS's


Wednesday, February 27, 2002

Why not just turn on terminal server in the admin mode?  XP has a built in remote desktop viewer and there is a terminal server client for most of the other ms os.

Billy Bob
Wednesday, February 27, 2002

For historical reasons, we were using VNC at Fog Creek to remote admin the NT machines, but it had a lot of annoying repaint bugs, was pretty slow, and usually failed to repaint the screen correctly. Certain things like scrolling were intolerable due to the repaint bugs.

We switched to the free, built-in terminal services feature. Wow, what a difference. It's fast. It's UNBELIEVABLY fast. It's hard to believe this, but over a 28.8 modem it feels positively SNAPPY. Over DSL lines it's almost indistinguishable from sitting at the machine. Terminal services (built using the Citrix stuff) actually copies the GDI calls from one machine to the other. So when an application on the server says TextOut (... "foo" ...) that's what gets sent over the wire, basically -- rather than all kinds of bitmaps being sent over the wire as VNC does it.

That said -- you almost never need to use it if you know about the "native" NT ways to remote admin a machine. Almost all of the computer administration applications can control another machine as easily as they control the local machine. For example when you run Computer Management you can right click and say "connect to another computer."

Joel Spolsky
Wednesday, February 27, 2002

In addition to the wonderful Admin-mode Terminal Services:

Check out the iisreset.exe command-line tool. It'll restart IIS (unsurprisingly) both locally and remotely as well as reboot the server.

Still in a command-line stylee... I like the PSExec tool from the wonderful SysInternals. Gives you telnet type access to any NT/2000/XP/.NET box without needing to install/enable anything on the remote machine (it uses RPC to actually transmit and install a little service on the remote machine):

Duncan Smart
Thursday, February 28, 2002

I didn't suggest Terminal Services because the original poster wanted a scriptable solution. However, if you are one of the TS users (and don't mind a bit of topic drift) be sure to check out the Terminal Services Advanced Client from Microsoft (multiple TS connections in an MMC console, great if you have to admin more than one server) and rdesktop for those times when you need to run your Windows box from a Linux machine.

Mike Gunderloy
Thursday, February 28, 2002

Hi All - newbie question

I'm trying to vnc into a win2k box behind a masquerading firewall/router - a snapgear lite (embedded linux device) which I've set up for a small client business.  Latest VNC.

The following incoming ports are blocked:

20, 21, 69, 137, 139, 194, 546 currently and the server's patched up to the max running AV stuff and has languard's file integrity checker running on it as well as a couple of other bits of security software.  I'm going to setup a deny all/allow some policy tommorow but that's irrelevant.

No outgoing ports are blocked.

I can hit into and configure the firewall's web interface from outside.  Let's say its external address is  It supports port forwarding.  The internal machines are using private addressing - the target server is  I've set up an incoming forward of to
and the same for 5900

I enter and get a VNC authentication dialogue box.  Enter the password I set in their and eventually get:

Network Error: no route to server  So I'm guessing the problem is outgoing.

The win2k server is on SP2 + various security patches

The routing table on the snapgear router/firewall has the following entry for their network:

Destination  Gateway Genmask    Metric      Interface    0    eth0

Now intuitively I would expect the gateway to be set to  which it is on the win2k server.

I've also tried the vnc client and got "failed to connect to server".


Thursday, December 12, 2002

*  Recent Topics

*  Fog Creek Home