Menu
homeBrowsers

Remotely enable remote desktop (rdp) via regedit and command line. How to remotely disable Remote Desktop (Terminal Services) or sessions. Preliminary analysis and action plan

From time to time, users who try to install Terminal Services or remote desktop connection On Windows 7, Windows Vista, Windows Server 2008 (R2), Windows Server 2003, Windows Server 2000, Windows Home Server, or other RDP servers, you may receive the error message “The terminal server has exceeded the maximum number of connections allowed.”

The error occurs because there is a previous session or existing RDP connection to the server or host that was not disconnected or terminated properly. To prevent things from getting worse, unless the terminal server on the network was fully connected to remote clients and no additional slots were connected, the administrator can shut down the remote server using Terminal Services Manager to kill any RDP connections.

Instead of restarting or rebooting the host or server that the user wants to apply to the remote desktop in the remote control, here are alternative methods to bypass remote shutdown or termination Terminal Services or remote desktop sessions and connections.

Method 1

  1. Terminal Services Manager or Remote Desktop Services Manager can be used to disable and reset any Terminal Services or remote Desktop connection. Depending on your operating system, there are different ways to get up and running Terminal Services Manager.

Windows XP and Windows Server 2003:

Press Start - Execute and enter %SystemRoot%\System32\tsadmin.exe

Windows Vista and Windows Server 2008:

Press Start and enter the type tsadmin.msc in the Start Search field.

Windows 7 and Windows Server 2008 R2 or higher:

Press Start and enter the type Remote Desktop Services Manager in the Start Search field.

Tip: On the client operating system or workstation, Remote Server Admin Tools (RSAT) must be set for the manager to define.

  1. After launching Remote Desktop Services Manager or Terminal Services Manager, right-click on "Remote Desktop Services Manager" or "All to Server List" and select Connecting to a computer .
  2. Then enter the name or IP address of the Remote Desktop Services server you want to manage.

Log in to the remote server if prompted.

  1. Verified servers will be listed in the left panel. Select the desired server that is not responding to the remote desktop session.
  2. On the right panel, go to panel sessions.
  3. Right-click on the session you want to disconnect and select Disable .

Method 2

  1. Launch window command line.
  2. Authenticate to the remote computer using the following command:

\C$

Replace the server name or IP address of the computer with the actual NetBIOS name or IP address of the remote host. For example, net use /user:Administrator \\188.8.8.8\C$.

Enter password.

  1. Terminate any existing Remote Desktop connection or Terminal Services connections using the following command:

reset session /server:

Replace the server name or IP address of the computer with the actual NetBIOS name or IP address of the remote host. For , enter the number gradually, starting from 1, 2, 3... until the message “ I did not find session ID" that were not returned as an error when executing the command. For example, “reset session 1 / server: 188.8.8.8”.

Tip: A notification will not be displayed when the session ends successfully.

Method 3

  1. Launch window command line, and authenticate the remote host using the following command:

net use /user:Administrator \\ \C$

Replace the server name or IP address of the computer with the actual NetBIOS name or IP address of the remote host. For example, net use /user:Administrator \\188.8.8.8\C$.

Enter password.

Also, from Windows Explorer, map to the network drive to share folders on the target server, and log in accordingly.

  1. At the command prompt, enter the following command:

qwinsta/server:

Where the server name or IP address is the actual computer name or IP address of the remote host. For example, qwinsta /server:188.8.8.8.

  1. A list of active remote desktop connections or Terminal Services sessions will be displayed. Determine the stuck connection and its ID.
  2. To reset and disconnect remote desktop connections or sessions, run the following command:

rwinsta /server:

Replace with a session ID which is identified with the "qwinsta" command, and the server name or IP address with the actual computer name or IP address of the remote host. For example, rwinsta 1 /server:188.8.8.8 .

Note: qwinsta is a window station request and rwinsta resets Window stations.

After the Remote Desktop or Terminal Services connection ends the session and disconnects, the slot is released and the Remote user can remotely log in again.

Users, wondering how to remove remote access to a computer in order to protect themselves from external attacks, install third-party programs, without even suspecting that the bulk of all hacks occur due to standard Windows settings. By default, the operating system allows remote connections to the computer. Trying to make things easier for users, Windows developers have included in the system the ability to remotely configure and provide assistance. Such help is only suitable for large corporations that have a system administrator who can fix computer problems in seconds while being in another location. For home users, remote access can only make the job easier for attackers eager to hack someone else's system.

How to get to the remote access setup menu?

In just a few minutes, any user can independently remove remote access to a computer.

  1. For users working under an administrator account, you must perform the following steps sequentially - “Start”, select “Control Panel”. In the window that appears, select “System”.
  2. For users working under a different account or who do not have account information, you need to open the System window with administrator rights. Click the “Start” button, “All Programs”, “Accessories”. Having found “Explorer” in the list, run it “with administrator rights”. To do this, hold down the Shift button on the keyboard with one finger and right-click on the “Explorer” icon. If the user operates the mouse with his left hand, then he needs to press the left mouse button. In the list that appears, select the “Run as administrator” field. In the window that opens, in the panel on the left, find and click on “+” to expand “Control Panel”, then “All controls” and select “System”.

Disabling remote access in the system menu

Once in system management, before removing remote access to the computer, you need to find the corresponding section. On the left side of the panel, click “System Protection”. On the bookmarks bar at the top, select “Remote access”. In the “Remote Assistance” section, uncheck the box next to “Allow connection”. In the “Remote Desktop” menu, check the box next to “Do not allow connections.” Click “OK” and close all system windows. Restart your computer through the Start menu. After rebooting, you need to check whether the changes in the system are saved. To do this, you need to re-enter the system properties and make sure that remote connections are not active. If nothing has changed, you need to carefully study the instructions on how to disable remote access, paying attention to obtaining system administrator rights.

Pitfalls of VPNs

All Windows users should make sure that the computer is not part of a virtual private network, with the exception of situations where the provider provides Internet services only through a virtual network, which is indicated when connecting. You must open the “Control Panel” with administrator rights and select “Network Center”. Select "Change adapter settings." Before you remove remote access and virtual private networks in Windows 7, you need to find out which connection is used to operate the Internet, otherwise you can cut off your access. If there is more than one connection in the list, before deleting it is better to first disconnect it and select the “Disconnect” menu. If the shutdown does not affect the operation of the Internet, you can delete the icon.

Another loophole - remote windows registry

Questions related to how to remove remote access to a computer are answered by simply disabling Remote Assistance, but few people remember about the remote registry. But, if you think about it, by connecting remotely to the registry, you can write any commands in it that, when the system is rebooted, will not only re-enable the assistant, but also cause additional damage to the computer. With administrator rights in the control panel, you must select the menu “Administration” - “Computer Management”. In the left panel of the snap-in that opens, select “Services and Applications” and launch “Services”. In the list of services, find “Remote Registry” and right-click on the inscription. Select properties. In the “Startup type” field, select “Disabled”. Save and restart the computer via the “Start” button.

Disable remote access using the command line

Users who have become familiar with the powerful Windows Command Line tool will definitely be interested in how to remove remote access to a computer without unnecessary transitions between operating system windows. There are two ways: entering commands yourself or using an executable file with the .bat extension.

In the executable file, it is recommended to write pause after each command, since without completing work with one service, the command is transferred to another service, which can cause an error in the system with a refusal to execute. If, after disabling the necessary services, you do not want to restart the computer, you can immediately stop the services from the command line.

fb.ru

Windows 7 Remote Desktop

Remote Desktop in Windows 7, as its name suggests, is a service that allows you to connect to your computer's desktop remotely over a network. If you think that this function is needed only by administrators, then you are mistaken. For regular users, remote desktop may also be useful:

  • If you need to use a program that cannot be installed at work. You can connect to a home computer on which programs are installed
  • You forgot a document at home that you need to find on your computer. Of course, you can search for a document directly on a shared folder on your home computer, but there is one difficulty here - searching on a remote folder, with a slow connection, is very ineffective.
  • If you have your own servers, you can set them up from anywhere on the planet where there is Internet access.

In order to enable remote desktop in Windows 7, you need to follow these steps:

Go to the Start menu - Right-click My Computer - select Properties from the context menu.

In the system information window that opens, on the right side, click Remote access settings.

The System Properties dialog box has opened, Remote Access tab. Here, in the Remote Desktop section, you need to set the radio switch to the Allow connections to your computer position. There are two options for enabling Remote Desktop:

  • Allow remote connection to your computer from any computer on which the Remote Desktop client is installed. This option is less secure, but you can connect from computers that do not have Windows installed, such as Linux or iOS.
  • Another option for enabling Remote Desktop is to allow connections only from computers that use RDP with Network Level Authentication support, that is, Windows 7 and later.

I will include a less secure method, since I use Ubuntu Linux on my laptop, and if you plan to only use Windows 7 and newer, use the second option.

If it is not possible to be physically near the computer, a remote desktop connection can be enabled remotely, namely, by connecting to the remote machine using the registry editor and changing the appropriate settings. This procedure is relevant for computers that are members of the domain.

Once you have enabled Remote Desktop, it is very easy to connect to it. Windows Remote Desktop allows you to connect not only to Windows users, but also to other operating systems:

  • Windows comes with the Remote Desktop Connection program (mstsc.exe)
  • In Linux, an RDP client needs to be installed, for example Remmina, RDesktop and many others.

To connect to a remote desktop from Windows 7, you need to open the Start menu - All Programs - Accessories - Remote Desktop Connection, or type mstsc.exe in the search bar.

In the Remote Desktop Connection dialog box, in the Computer field, enter the Name or IP address of the computer on which you enabled the remote desktop. Click the Connect button.

In the dialog box that appears, enter your username and password.

Please note: You must enter the username and password of the user of the remote machine, not the one from which you are connecting.

That's all. You see the remote desktop and can work on the remote computer as if you were sitting at it.

Another small note - you may notice that the remote desktop does not display all desktop visuals. This is due to the default settings for the remote desktop client. If you work on the same local network and the connection speed is 100 megabits or more, you can change the settings. To do this, before connecting to the remote desktop, click the Show options button.

Then go to the Interaction tab and specify the speed of your network connection, according to which the optimal parameters will be determined.

profhelp.com.ua

How to allow remote connection to a computer in windows 7/8.1/10

Enabling a remote connection to a computer is very simple. Start-Right click on the My Computer icon in Windows 7 or This PC in 8.1, properties. Setting up remote access.


How to allow remote connection to a computer in Windows 7-8.1-10-01

Check the Allow remote connection switch.

How to allow remote connection to a computer in Windows 7-8.1-10-02

If you wish, you can immediately add users or a group to whom this can be done using the Select users button.


How to allow remote connection to a computer in Windows 7-8.1-10-03

In addition to the “classic” way to enable Remote Desktop support on a desktop computer with Windows 7 or a server, you can also do this:

In the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server you need to add the fDenyTSConnections dword key with the value 0.

"fDenyTSConnections"=dword:00000000

Nov 22, 2014 00:13 Ivan Semin

pyatilistnik.org

Standard Windows tool for remote access via RDP within a local network

The Windows system has been providing the ability to implement remote access via the RDP protocol for a long time. This standard tool appeared in the version of Windows NT 4.0, released in 1996. It was more or less functionally modified in the Windows XP version, and found its completeness already in Windows 7. Versions Windows 8/8.1 and 10 inherited remote access via the RDP protocol from Windows 7 without functional changes.

Below we will take a closer look at the operation of remote access via the RDP protocol in versions of Windows 7, 8.1 and 10.

7. Connection settings

1. Remote access via RDP protocol

Connection using the RDP protocol is carried out between computers located on the same local network. This type of connection is intended primarily for IT specialists who maintain company computers integrated into their production network. Without leaving their workplace, connecting remotely to the computers of enterprise employees, system specialists can solve problems that do not require intervention in the hardware of the machines and carry out preventive measures.

Connecting to a remote computer using the RDP protocol is also possible outside the local network, over the Internet. But this will require additional steps - either forwarding port 3389 on the router, or combining it with a remote computer into a single VPN network. In view of this, connecting to a remote computer over the Internet is much easier using other software tools that do not require unnecessary actions. This is, for example, the standard Windows utility “Remote Assistance” for providing computer assistance over the Internet. It works on the principle of sending an invitation file to the user who will provide computer assistance. Its more functional analogues on the Windows software market are programs like TeamViewer.

RDP is also used to connect to Hyper-V virtual machines. A remote connection via RDP can offer more options than the standard connection window of a standard hypervisor. The Hyper-V connection window does not provide sound playback in the guest OS, does not see connected USB storage media, and cannot offer more connection with a physical computer than pasting text copied into it. Whereas an RDP connection can provide the virtual machine with visibility of various devices connected to the physical computer, a better image of the guest OS desktop, work with sound, etc.

To connect via RDP, the remote computer must meet the following requirements:

  • It must have a password-protected account;
  • The system must allow remote connections;
  • If you don’t want to change your access data every time you connect with a constantly changing dynamic IP address, you need to assign a static IP address in the network settings.

Remote access is only possible on computers with Windows Pro, Enterprise or Ultimate editions installed. Home versions of Windows (Home) do not provide remote access via RDP.

2. Password on the remote computer

If you are working on a remote computer using a Microsoft account, and using a short PIN code instead of a long password, when connecting via RDP, you must enter that same long password, and not a four-digit PIN code.

If an unpassword-free local account is used on the remote computer, and there is no special need for a password, such as when connecting to Hyper-V virtual machines, you will have to create at least a simple password like “777” or “qwerty”.

3. IP address of the remote computer

When connecting via RDP, you will need to enter the IP address of the remote computer. The internal IP address is visible in the system network settings. But in versions of windows 7, 8.1 and 10 these are three different paths. In Windows 7, this is a section of the Control Panel, and in Windows 8.1 and 10 this is the Settings application, with its own organization inherent in each version. Therefore, we will find out the internal IP address in a universal way suitable for each of these systems - through the command line. The shortcut to launch the command line in Windows 7 is available in the Start menu. In Windows 8.1 and 10, the command line is launched from the context menu on the Start button.

In the command line window, enter:

After pressing Enter, we will get a summary of the data, where the internal IP address will be visible.

4. Allowing remote connections

Permission to connect remotely in Windows systems is usually initially disabled. In any case, this definitely applies to licensed assemblies. The ability to connect via RDP on a remote computer is activated in the system settings. We need the "System" section. In the Windows 7 version, it can be accessed by searching the Start menu. And in Windows 8.1 and 10, you can get to the “System” section from the context menu on the “Start” button.

You may be interested in: Looking for vulnerabilities in Windows 10 - getting money

Click “Setting up remote access”.

In the system properties window, you must set the option to allow remote connections to active. There is no need to remove the authentication option. To apply the changes, click “Apply” below.

Such settings will open the path to a remote connection, but only for the administrator account. Regular account users are not allowed to provide their own computer for remote control. The administrator can give them this right.

Below the option to allow remote connections there is a “Select users” button. Let's press it.

In the field below, enter the name of the user who is allowed to connect to him via the RDP protocol. For local accounts, this is their name, and for Microsoft accounts, this is the email address used for authorization. Click "Ok".

That’s it – now this user’s account will be accessible from any computer within the local network.

5. Connect to a remote computer

All necessary actions on the remote computer have been completed, let’s move on to the main computer from which connection and control will be carried out. You can launch the standard RDP connection utility by finding its shortcut using a search within the system. In Windows 7, this is a search in the Start menu.

In versions Windows 8.1 and 10, press the Win+Q keys.

A small connection window will appear. In the future, it will be possible to connect to remote computers using exactly this abbreviated form. But for now, click “Show options”.

In the “Computer” field, enter the IP address of the remote computer. In the field below - “User” - accordingly, enter the user name. If a Microsoft account is connected to the remote computer, enter the email address.

If you work on your computer using a regular local account, the username must be entered in the format:

Computer\User

For example, DESKTOP-R71R8AM\Vasya, where DESKTOP-R71R8AM is the computer name, and Vasya is the user name of the local account.

Below the username there is an option to save authorization data on a remote computer. Connection parameters - IP address, username and password - can be saved as a separate RDP file and used to open it on another computer. Click “Connect”, and then “Connect” again in a new window.

Enter the password for the remote computer account.

Click “Yes” in the certificate error window.

We will get more settings for connecting via the RDP protocol in the utility window initially, before establishing the connection.

6. Connect to another account on a remote computer

Below the column for filling in the user name of the remote computer, if the “Always request credentials” checkbox is not checked, options for deleting and changing access data are displayed. By clicking the “Change” option, in addition to the authorization form in an existing account on a remote computer, we will see the ability to connect to another account that is present on the same computer.

After entering a new username and password, the authorization data for a specific IP address will be overwritten.

7. Connection settings

In the opened window for connecting to a remote computer, we will find tabs with customizable parameters. The first two concern the convenience and functionality of remote access.

“Screen” – in this tab you can set the screen resolution of the remote computer; the utility window will open with this resolution after connection. If accessing from a weak computer, you can set the resolution to low and sacrifice color depth.

“Local resources” – here, in order to save system resources, you can disable sound playback on the remote computer. Or, on the contrary, you can also install audio recording from a remote computer. In the column of local devices and resources, after clicking the “Details” button, we can, in addition to the active printer, select devices of the main computer that will work on the remote computer. These are smart cards, separate hard drive partitions, flash drives, memory cards, external hard drives.

An obstacle to using the RDP protocol may be its blocking by antiviruses. In this case, the RDP protocol must be enabled in the settings of antivirus programs.

There is an opinion that connecting via Windows Remote Desktop (RDP) is very unsafe in comparison with analogues (VNC, TeamViewer, etc.). As a result, opening access from outside to any computer or local network server is a very reckless decision - it will definitely be hacked. The second argument against RDP usually sounds like this: “it eats up traffic, it’s not an option for a slow Internet.” Most often these arguments are not substantiated.

The RDP protocol has been around for a long time; its debut took place on Windows NT 4.0 more than 20 years ago, and a lot of water has passed under the bridge since then. Currently, RDP is no less secure than any other remote access solution. As for the required bandwidth, there are a bunch of settings in this regard that can be used to achieve excellent responsiveness and bandwidth savings.

In short, if you know what, how and where to configure, then RDP will be a very good remote access tool. The question is, how many admins have tried to delve into the settings that are hidden a little deeper than on the surface?

Now I’ll tell you how to protect RDP and configure it for optimal performance.

Firstly, there are many versions of the RDP protocol. All further descriptions will apply to RDP 7.0 and higher. This means that you have at least Windows Vista SP1. For retro lovers there is a special update for Windows XP SP3 KB 969084 which adds RDP 7.0 to this operating system.

Setting No. 1 - encryption

On the computer to which you are going to connect, open gpedit.msc Go to Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Security

Set the parameter “Require the use of a special security level for remote connections using the RDP method” to “Enabled” and the Security level to “SSL TLS 1.0”

With this setting we enabled encryption as such. Now we need to make sure that only strong encryption algorithms are used, and not some DES 56-bit or RC2.

Therefore, in the same thread, open the option “Set encryption level for client connections.” Turn it on and select “High” level. This will give us 128-bit encryption.

But this is not the limit. The highest level of encryption is provided by the FIPS 140-1 standard. In this case, all RC2/RC4 automatically go through the forest.

To enable the use of FIPS 140-1, you need to go to Computer Configuration - Windows Configuration - Security Settings - Local Policies - Security Settings in the same snap-in.

We look for the option “System cryptography: use FIPS-compliant algorithms for encryption, hashing and signing” and enable it.

And finally, be sure to enable the “Require a secure RPC connection” option along the path Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Security.

This setting requires connecting clients to require encryption according to the settings we configured above.

Now the encryption is in complete order, you can move on.

Setting No. 2 - change the port

By default, the RDP protocol hangs on TCP port 3389. For variety, it can be changed; to do this, you need to change the PortNumber key in the registry at the address

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Setting #3 - Network Authentication (NLA)

By default, you can connect via RDP without entering your username and password and see the Welcome screen of the remote desktop, where you will be asked to log in. This is just not at all safe in the sense that such a remote computer can be easily DDoSed.

Therefore, in the same thread we enable the option “Require user authentication for remote connections using network-level authentication”

Setting No. 4 - what else to check

First, make sure that the "Accounts: Allow blank passwords only during console logon" setting is enabled. The setting can be found in Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Security.

Secondly, do not forget to check the list of users who can connect via RDP

Setting No. 5 - speed optimization

Go to the section Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Session Environment.

Here you can and should adjust several parameters:

  • The highest color depth - you can limit yourself to 16 bits. This will save traffic by more than 2 times compared to 32-bit depth.
  • Forced cancellation of the remote desktop wallpaper - it is not needed for work.
  • Setting the RDP compression algorithm - it is better to set the value to Optimize bandwidth usage. In this case, RDP will consume a little more memory, but will compress more efficiently.
  • Optimize visual effects for Remote Desktop Services sessions - set the value to “Text”. What you need for the job.

Otherwise, when connecting to a remote computer from the client side, you can additionally disable:

  • Font smoothing. This will greatly reduce response time. (If you have a full-fledged terminal server, then this parameter can also be set on the server side)
  • Desktop composition - responsible for Aero, etc.
  • Show window when dragging
  • Visual effects
  • Design styles - if you want hardcore

We have already predefined the remaining parameters such as desktop background and color depth on the server side.

Additionally, on the client side, you can increase the size of the image cache; this is done in the registry. At the address HKEY_CURRENT_USER\SOFTWARE\Microsoft\Terminal Server Client\ you need to create two keys of type DWORD 32 BitmapPersistCacheSize and BitmapCacheSize

  • BitmapPersistCacheSize can be set to 10000 (10 MB). By default, this parameter is set to 10, which corresponds to 10 KB.
  • BitmapCacheSize can also be set to 10000 (10 MB). You will hardly notice if the RDP connection eats up an extra 10 MB of your RAM

I won’t say anything about forwarding any printers, etc. Whoever needs something, he forwards it.

This concludes the main part of the setup. In the following reviews I will tell you how you can further improve and secure RDP. Use RDP correctly, have a stable connection everyone! See how to make an RDP terminal server on any version of Windows.

One fine evening, an urgent need for additional protection from “crooked” or “deliberate hands” arose. Since the basis of our database is MS ACCESS, there are several unpleasant moments in it, such as the use of hot keys (delete, print, etc.) and our developer did not bother to disable them. Actually, there was no time to deal with Access macros and user rights to use them, and the very idea of ​​​​disabling all function keys on the keyboard also solved related problems of the built-in “Web Browser” type control - prohibiting the deletion of files created by the user, prohibiting calling up help and hotkeys in image and PDF viewers. The hole had to be patched quickly and wait for our developer to return from vacation.

Preliminary analysis and action plan

The solution that immediately came to mind was to create a parameter in the Scancode Map registry at the address HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout and write in it all the necessary key reassignments, but it quickly became clear that this does not work via RDP, and to The same was applied entirely to the system, affecting privileged users who were allowed to use hotkeys.

Having studied the vastness of the Internet, no viable and viable solution was found. There was only one thing left - creating your own layout and adding it to the system. To begin with, the files KBDRU.dll and KBDUS.dll were studied, after which it became clear that it would be extremely difficult to figure it out on our own in an evening. The review of programs that can solve this problem did not take much time and all had their drawbacks, the most important of which was installing them on the server, which is an extremely undesirable measure. Judging by the reviews, the worthy programs were: KbdEdit and Keyboard Layout Manager 2000.

And then I found a hint that you can create a layout on a virtual machine using the above programs, and use Microsoft Keyboard Layout Creator as a compiler of installation files for the new layout on the server.

Let's do

But not everything turned out to be so simple. Having studied KbdEdit, I immediately became suspicious that the dll layout file it creates weighs more than 50KB and the original is 7KB, and also that the layout will not work in the absence of this program. The files created by Keyboard Layout Manager weighed 9KB, which was quite acceptable.

Let's move on to setting up the KLM2000, nothing complicated, create a new layout based on the existing one and select edit, disable all unnecessary system and function keys (in my case, everything that is highlighted in red). The only thing I had to tinker with a little was with NUMPAD, so that these (highlighted in blue) keys do not carry system functions, it is necessary to make some reassignments: “0” we do not touch, to “.” select the value of the Virtual Key parameter – VK_OEM_PERIOD, to “1” - unassigned 0x89, “2” - 0x8A, “3” - 0x8B, “4” - 0x8C, “5” - 0x8D, “6” - 0x8E, “7” - 0x8F, “8” - 0x92, “9” - 0x93.
Save Export and use OK in the system.

Next, open Microsoft Keyboard Layout Creator, select this layout, try to save it and see an error. Unfortunately, MKLC does not skip layouts with disabled system keys. Then we copy the dlls created by KLM2000 from the Windows\System32 and Windows\SysWOW64 folders, and on another machine using MKLC we create installation files based on the standard layout, and in the properties we indicate the name of the layout that we specified when we created the layout using KLM2000.

Important

For correct operation, and this is mandatory, there must be only one keyboard layout for one language. Don’t forget about the IgnoreRemoteKeyboardLayout registry parameter so that the client’s layout doesn’t get stuck. Let's reboot.

Addition

If we add to all this the following changes for a specific user in the registry:
  • disable “Drag and Drop” (“DragHeight” and “DragWidth”)
  • disable the context menu in Explorer (“NoViewContextMenu” and “NoTrayContextMenu”)
  • set to open files with one click
- then we get that the user from under the Built-in control of the “Web Browser” type in MS Access will not be able to rename, copy, delete, or move files, even those created by MS ACCESS under his account. (creates ACCESS files according to the following procedure, first a temporary file is created in the destination folder, and then it is renamed to the final one, so prohibiting changes in group policies is not suitable here).

Conclusion

I had to experiment a little and spend the whole evening on it, but I hope this article will be useful to someone in terms of saving time, because every extra hour is priceless for us.

In general, the task of a very quick patch was solved, without installing any third-party programs on the server, which is good.