Monthly Archives: June 2012

The Remote Desktop Services service terminated unexpectedly

Had an issue with a clients TS – 2008 R2 SP1. After scouring the logs, found multiple 7034 events. Application logs also firing;

Faulting application name: svchost.exe_TermService, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: rdpcorekmts.dll, version: 6.1.7600.16952, time stamp: 0x4f1f9e66

Exception code: 0xc0000005

Fault offset: 0x000000000000a793

Faulting process id: 0xc70

Faulting application start time: 0x01cd55b4c6d647d4

Faulting application path: C:\Windows\System32\svchost.exe

Faulting module path: C:\Windows\system32\rdpcorekmts.dll

Report Id: 14a64f35-c1a8-11e1-95b5-78e7d1f48e8a

The rdpcorekmts.dll needs to be copied from a working server. Once you have done this, follow the below steps;

You need to run this with a user that is an admin on the target system. Copy psexec and rdpcorekmts.dll (the new version) to a folder. Create a file named servernames.txt and add the name of the server(s) you want to fi Create a start.cmd file edit it and add the following:

@echo off Echo ************************************************************* echo * This process will update and change the file rdpcorekmts. * echo * If you don’t want to do that, ‘X’ out now                 * echo ************************************************************* pause

:stop remote desktop services for /f %%i in (servernames.txt) do psexec \\%%i net stop “Remote Desktop Services” /y
:Take Ownership for /f %%i in (servernames.txt) do psexec  \\%%i takeown /F c:\windows\system32\rdpcorekmts.dll
:Change permissions to full for /f %%i in (servernames.txt) do psexec  \\%%i icacls c:\windows\system32\rdpcorekmts.dll /grant administrators:F
:Copy in newer version for /f %%i in (servernames.txt) do copy rdpcorekmts.dll \\%%i\c$\windows\system32\
:Change permissions back to read-only for /f %%i in (servernames.txt) do psexec  \\%%i icacls c:\windows\system32\rdpcorekmts.dll /grant administrators:R
:start the service back up for /f %%i in (servernames.txt) do psexec \\%%i net start “Remote Desktop Services” /y
Echo ******************************************************************** echo * Remove the names of the affected servers in the file Servernames * echo ******************************************************************** Echo *Should be all done now. * echo **************************
pause exit


Tagged , ,

Blocking USB/DVD/iPhone Access via GPO

Had a client requesting we block USB/DVD access including smart phones. Base OS is SBS 2011 (essentially Server 2008 R2), unlike Server 2003 where we had to download the ADM template, 2008 r2 has these features native. To block access; 

  1. Create a new security group in AD
  2. Create new GPO
  3. Navigate to User configuration -> Policies -> Admin Templates -> System -> Removable Storage Access
  4. Select CD and DVD: Deny write access
  5. Select Remove Disks: Deny read and write access
  6. WPD Devices: Deny write access (iPhone’s etc; are classified as WPD)
  7. Link the GPO to the correct OU
  8. Apply Security Filtering to the Security group created in step 1
  9. Add the relevant members to the group and run a gpupdate /force 
Tagged , ,