The Server Core Registry Editor
(scregedit.wsf) is a script used to modify the registry on Server Core
installations. The script is only available on Server Core
installations, not full installations of Windows Server 2008 or Windows
Server 2008 R2. The basic syntax of the command is
cscript %windir%\system32\scregedit.wsf /property value
Tip
cscript is the command-based script host used to execute the script file and must be entered first.
Tip
Because the path (%windir%\system32\, normally
C:\windows\system32\) is not known to the system, it must be included
in the command.
For example, if you want to enable remote desktop
connections from other systems to the Server Core installation, you can
use the following command:
cscript %windir%\system32\scregedit.wsf /ar 0
The /ar switch
enables or disables remote connections. A value of 0 enables remote
desktop connections and a value of 1 disables remote desktop
connections. The following table shows the common properties and values
used with scrededit.wsf.
scregedit.wsf Command | Comments |
---|
Allow Remote Desktop connections.
/ar 0 | 1 C:\>cscript %windir%\system32\ scregedit.wsf /ar 0 C:\>cscript %windir%\system32\ scregedit.wsf /ar 1
| You can enable Remote Desktop with a 0 and disable it with a 1. You can view the current setting with the /v switch like the following:
C:\>cscript %windir%\system32\scregedit.wsf /ar /v |
Require CredSSP.
/ar 0 | 1 C:\>cscript %windir%\system32\ scregedit.wsf /cs 0 C:\>cscript %windir%\system32\ scregedit.wsf /cs 1
| You
can allow connections from earlier versions of Windows that don’t
support Credential Security Support Provider (CredSSP) with a value of
0, or require CredSSP with a value of 1. If the value is 1, the system
blocks connections from computers that don’t support CredSSP
(pre-Windows Vista computers).
Figure 1
shows this setting in the GUI of a full installation of Windows Server
2008 server (not a Server Core server). Notice that it shows that
connections are only allowed From Computers running Desktop with Network Level Authentication (More Secure). This is the same setting as /cs with a value of 1 to require CredSSP.
You can view the current setting with the /v switch, such as the following:
C:\>cscript %windir%\system32\scregedit.wsf /cs /v
Note
CredSSP is an authentication enhancement used with Remote Desktop
Protocol 6.1. It provides an extra layer of security by preventing a
client from establishing a session without first authenticating.
|
Configure automatic updates.
/au 4 | 1 C:\>cscript %windir%\system32\ scregedit.wsf /au 4 C:\>cscript %windir%\system32\ scregedit.wsf /au 1
| You can enable automatic updates with a 4 and disable it with a 1. You can view the current setting with the /v switch, such as the following:
C:\>cscript %windir%\system32\scregedit.wsf /au /v
|
Allow IPsec Monitor remote management.
/im 0 | 1 C:\>cscript %windir%\system32\ scregedit.wsf /im 0 C:\>cscript %windir%\system32\ scregedit.wsf /im 1
| You
can enable remote management using the IPsec Monitor with a value of 1
and disable it with a 0. You can view the current setting with the /v switch, such as the following:
C:\>cscript %windir%\system32\scregedit.wsf /im /v |