Crack Licencias Terminal Server 2012 R2

| 15-09-2021
[RAND-1-100] Comments

Ir a la carpeta: HKEYLOCALMACHINE SYSTEM CurrentControlSet Control Terminal Server RCM; Para extender la licencia cal wiindows server 2008, 2012 o 2016 asignar los privilegios lectura escritura a su usuario sobre la carpeta: GracePeriod (Carpeta hija de RCM). Para cambiar los permisos: click derecho sobre la carpeta GracePeriod.

  • Start to finish: Cracking a Windows Server 2012 R2 Administrator account (Part 1 of 2) Posted on June 30, 2015 by vonnie — 2 Comments ↓ I want you to imagine your best friend from college challenges you to a duel.
  • Open Server Manager and go to 'Remote Desktop Services' on the left menu. This will show you the Overview with the status and settings for your terminal server. If you plan to install the licensing services locally on this server click the RD Licensing icon in the 'deployment overview' window.
Learning has never been so easy!

With the Release of Server 2012 R2 Microsoft completely changed how Remote Desktop Services are deployed and managed. This change tossed many like myself for a loop as I could not find any documentation on how to do what was once a 5 minute task.

Hopefully after reading this article this once simple task will be simple once again

13 Steps total

Step 1: Open Server Manager

Click Manage and Select Add Roles and Features

Step 2: Select Remote Desktop Services installation

Select Remote Desktop Services installation and click next

Step 3: Select Quick Start

Select Quick Start and click next

Step 4: Select Session-based desktop deployment

Select Session-based desktop deployment and click next

Step 5: Server Pool

Make sure the server you are installing on is listed in the server pool.

If you are installing on the same server you are physically logged into then the server should be there by default

Click Next

Step 6: Installation Checks

Once the installation checks are completed choose to allow (or not) your server to restart automatically if required as part of the install and click Deploy

Step 7: Wait

Hurry up and wait while your server does the install

Step 8: Success!

Click Close to continue

Step 9: Add TS Licensing

Open Server Manager and go to 'Remote Desktop Services' on the left menu. This will show you the Overview with the status and settings for your terminal server.

If you plan to install the licensing services locally on this server click the RD Licensing icon in the 'deployment overview' window. Then follow the instructions to install the licensing service locally and add your purchased licensing.

I am going to use a licensing server in this example so I won't go into detail on this option

Step 10: Add Licensing Server

If you have more than one TS like I do you will want to use a Licensing server. This allows you to share your client TS licenses across all of your terminal servers making it easier to purchase and manage your license needs.

To uses this option click 'Tasks' and Edit Deployment Properties'

Step 11: Edit Deployment Properties

Click 'RD Licensing'

Select your licensing type, I am using Per User

type in the name of your licensing server and hit add. Your licensing server will be contacted, verified and added to the list.

Click OK

Step 12: Set Who Can Log into this server

Go to System >> Remote Settings >> Select Users and add the Group or Users who will be allowed to connect to this server

Step 13: Verify User Connectivity

At this point users should now be able to log into this server. Test your connectivity out with a regular user account and you should be good to go!

The process as been re-arranged and is very different when compared to previous versions, but once you get a grasp for where things have been moved to it still works very much the same as it always did.

Published: Sep 15, 2015 · Last Updated: Oct 07, 2016

References

  • RD Licensing Configuration on Windows Server 2012
  • Windows Server 2012 R2 Remote Desktop Services (RDS) Installation And Publish RemoteApp

17 Comments

  • Chipotle
    mdcarver Jan 29, 2016 at 03:07pm

    Thanks, This was exactly what I was looking for. Got us upgraded.

  • Tabasco
    BackpackingTech Sep 20, 2016 at 02:45pm

    Awesome - so easy to follow. Thanks!!!

    Question - is terminal services licensing similar to open licensing in that it's on a trust basis with Microsoft? Don't really see where to add CALs.

  • Pimiento
    danstones Jan 12, 2017 at 01:16am

    @MichaelIT@ToE - Hopefully you've found the answer by now, but for future readers...

    Absolutely not. Once you install RDS, you are in a 120-day grace period for licensing. After 120 days, if you don’t install a license server, add licenses to it and configure the RDS server to point to the license server your RDS will be unusable until you fix that. When you install licenses, it registers with Microsoft Clearing House.

    After step 11 above, if the License Server Manager role is not already installed, it will install it. From there you need to launch the License Server Manager, click the 'Review' button under Configuration column > Click 'Add to Group' > Click OK.
    Right-click the server and click Activate > Follow the wizard and fill in the contact and address details from your license order, and add your license details. You should then see them as active. Check the RD License Diagnoser console to confirm that RDS is seeing the licenses.

  • Pimiento
    Schikitar Jan 23, 2017 at 10:05am

    Hi, I know this comment is coming a bit late but I've recently attempted this on Windows Server 2016 but it will not allow more than one person to connect at a time;

    Remote Desktop Connection
    Do you want to allow to connect to this machine?
    Click OK to disconnect your session immediately or click Cancel to stay connected.
    No action will disconnect your session in 30 seconds.

    Did something change between 2012R2 and 2016 - is it possible to have a traditional terminal server anymore?

  • Poblano
    SeansPCPower IT Mar 20, 2017 at 09:00am

    This might help.
    Open RD Gateway Manager.
    Under configuration tasks click View or modify certificate properties.
    In the general tab make sure Allow maximum supported simultaneous connections.
    Or perhaps there is a limit set. Note the default is 1.

  • Thai Pepper
    camerones Aug 30, 2017 at 11:22pm

    well done sir. this was good insight into setting up new features and roles. Straight forward and to the point.

    Glad I happened across it.

  • Pimiento
    curtisvaughan Sep 7, 2017 at 04:13am

    Ok, I'm having issues. Every time I try to add TS it errors out, all services provided the Server Manager go red and the only way to fix it, as it suggests, is to reboot. I've tried 3 times, hoping maybe something was a fluke. BTW, I have all licenses, etc. But haven't gotten to the point to even apply them. Any ideas?

  • Mace
    molan Sep 7, 2017 at 05:45am

    Make sure no group policies are applied to the server by moving it to an OU with no attached policies and then force a gpupdate. Then try the install again.

    Certain policies can cause the install to fail.

    Also if you have antivirus or other security software installed remove it until after the ts roles are installed.

  • Pimiento
    curtisvaughan Sep 7, 2017 at 01:02pm

    Thank you for responding. Ok, I think I've figured out something. I don't have WID installed. That is, it was installed, but because, as I now know, I changed to an AD server that cause WID to be unable to login. So I changed to the login to Administrator. Based on MS articles I should have changed it to login as service. Anyhow, now it's seems to be gone.
    However, I got it reinstalled. Switched to login as service. Tried installing TS and it failed.....
    After reboot. WID is gone again.
    As for your suggestion, I created a new group, made sure it didn't have any policies, moved the server to that group and did a gpupdate. However, user policies still applied! Also turned off the AV app.
    Nonetheless, same result.

  • Pimiento
    jacobouaknine Dec 15, 2017 at 12:01pm

    Hi All,

    Like many I came across this article because of i was looking to understand what changed from 2008 to 2012. I really like the article and thank you very much for taking time to share.

    I have a question: we setup Remote Desktop server 2012 (under role based features) instead of this option (your first or second print screen)

    Is there a major different? Should role back and set it up this way instead ?

    What we are simply trying to do is give external users a Remote session with a familiar windows7 /windows 10 feel so they can work remotely (Quickbooks etc... ).

    Right now with the standard Remote Desktop setup, they get the 2012 theme without start menu and can see the admin tools etc... they get frustrated and don’t want to use it.

    Any advise or guidance will very much appreciated.

  • Serrano
    ITGirl and Cat5 Feb 6, 2018 at 06:22pm

    Why does it always seem like MS can take a 5 second process and make it into 10 min? Thanks for saving me the headache on this one. Due to some Citrix restrictions, I am only just now making 2012 terminal servers for the first time.

  • Pimiento
    jrosique Apr 4, 2018 at 10:09pm

    I am struggling to understand this new RDS. All we want is to provide the same RDC experience my users had with 2008 Terminal Server. I have followed Molan's tutorial as well as many others and can't get it to work. At this point, I am willing to pay anyone (out of my pocket) to get it done.

    Here's the issue, my 200+ users in three countries are used to open remote desktop connection on their Windows desktops and connect to corporate.mypublicdomain.com which resolved to an NLB cluster of two 2008 R2 servers. In my lab deployment there is no NLB anymore (as Connection Broker should take care of the load balancing) so when I connect (using Remote Desktop) to newcorporate.mypublicdomain.com (resolves to the public IP of the RDS Gateway), I am presented with the 'Only members of the Remote Desktop Users group is allowed' message which makes no sense as I am using my domain admin account for testing.

    As I mentioned, at this point, I am ready to pay ayone that makes this thing works. I am tired of roaming the internet searching for answers.

  • Sonora
    Doug7207 Apr 19, 2018 at 08:55pm

    I am having the same problem. I just cannot get RDS to work on this brand new server. I am just going to call Microsoft and pay. I cannot afford to dump any more time down this hole. I am glad MS gets rewarded for making their products next to impossible to configure.

  • Pimiento
    spicehead-r081 Nov 2, 2018 at 07:34am

    Recently, I tried to install using the way mentioned above but getting an exception/error as mentioned below;

    I got Index out of Bound error on the Installation/Deployment Wizard.

  • Pimiento
    spicehead-lw9xi Feb 27, 2019 at 02:54am

    i have struggled with this issue myself until i took the time out and figured out what was missing from our friends explanation. even after configuring all the necessary settings which im sure everyone was able to do yet it still did not work because the missing piece is editing the 'allow remote desktop users logon' under group policy. in defining this policy every user with remote access still has to be included here for the remote desktop service to work, even admins.
    hope im not too late

  • prev
  • 1
  • 2
  • next

I want you to imagine your best friend from college challenges you to a duel.

Here’s the deal: you both graduated with honors from ivy league schools but your careers bifurcated down different paths. You decided to work in corporate america but he started his own software company in Silicon Valley.

Now you’re friend has a kinetic personality. He’s incredibly smart, talks faster than you can think and really understand technology. But he’s also full of hubris and lacks humility.

Crack Licencias Terminal Server 2012 R2

One day over drinks, in a moment of spontaneity, he looks you straight in the eye and challenges you to a duel.

Server

He leans in and boasts:

I bet you can’t hack into my network. I’ve hired the best security administrators. I have invested millions on cutting edge protection systems and I’m confident that my network is indomitable. In fact, I’m so sure you can’t break in that I’ll cut your company a check for $500,000 if you can breach my security controls. I’ll give you 1 week. But if you can’t break in you’ll have to give me bragging rights and every time you see me you’ll have to rhapsodize about my invulnerable network. I’ll be expecting constant laudation. Sound like a deal?

With a smug smirk on his face, he stretches out his hand for the shake.

Would you shake on it?

You decided to shake on it. After all, it’s not going to cost you anything to accept the challenge.

The first thing you need to do is figure out how you’re going to gain access to his corporation. Are you planning to penetrate his enterprise remotely or physically through social engineering? MAybe you hang out with a group of people on a smoke break and then tailgate the crowd into the elevator as they pass through the security turnstiles? Or maybe you can pose as a plumber or FedEx employee and dupe the receptionist into letting you inside?

Crack Licencias Terminal Server 2012 R2 Iso

Hmm…

WE also also have someone click on a link and get access that way.

Let’s say you use chicanery and charm to weasle your way into one of the cubicles on his floor. What next?

Since you read my 3 part introduction on Kali Linux, you have the Live CD in hand. So you pop it in the CD tray, boot the PC off the CD, mount the file system, find the hash and dump it to a USB drive.

Is this possible?

Crack licencias terminal server 2012 r2 iso

Yes.

Is it probable?

Sp2

You bet.

How Hash Hacking Works

Windows stores plaintext passwords in a obfuscated format known as a hash.

We can use a tool such as SAMdump2 to capture the password hashes and team that with John the Ripper to crack the password. John The Ripper tries to guess the password by hashing it and comparing hashes. If the hash matches the one we captured with SAMdump2 then we know John The Ripper correctly guessed the password.

If we have a dictionary list with millions of phrases we can use that. Or we can combine that with a brute force attack to create a hybrid attack.

Let’s say he has a Dell PowerEdge R920 running Windows Server 2012 R2. We slipped into the server room, popped open the DVD drive and booted from the Kali Live CD.

How did we get inside? The door was ajar.

Why?

Because an authorized technician was working on the phone system and propped it open so he could easily enter and exit without bothering management.

Ha.

After inserting the CD you press F12 to bring up the Dell Boot menu.

You quickly look over your shoulder and select CD/DVD/CD-RW Drive.

After a few seconds, the Kali Boot screen appears.

After another glance over your shoulder you hit enter to boot into the terminal.

Whoa.

So now what?

Remember what we need to do: with the Live CD booted on the victim’s computer, we can mount the file system and dump the SAM hashes, take it back to our basement and feed it to John the Ripper so we can crack the passwords. Hash cracking is effective but it’s a slow process. So you should expect to leave your computer cracking for days, maybe weeks before you strike gold.

That being said, you really want the $500,000 offer your friend promised so you’re up for it.

Looking around

The first thing we need to do is look around the file system. We’ve booted to the Windows Server 2012 R2 server but we can’t view the file system without mounting it.

fdisk can help us see what’s going on.

Crack licencias terminal server 2012 r2 iso

We can see two storage devices here:

  • /dev/sda1
  • /dev/sda2

The password hashes are typically on the larger device so let’s go with sda2.

The Plan

We’re going to make a new folder and then we’ll mount the sda2 filesystem to that folder so we can look around.

Crack Licencias Terminal Server 2012 R2 Sp1

Let’s name our folder PC_HDD and then mount it:

Now can can poke around SDA2 by changing to the PC_HDD directory.

And this my friend is the Windows Server 2012 R2 file system. It’s like we’re sitting at a Windows command prompt browsing through the files.

We need to browse to the directory that holds the password hashes.

Oooh what’s that?

SAM file contains our hashes but we can’t just grab the file and leave. There are a few things we need to do to extract the hash:

There are two steps:

  • Use bkhive to extract the hive
  • Use samdump2 to extract the hashes

bkhive is just an intermediate step to give us a file that samdump can use.

And now we invoke samdump2 using the bkhive output file.

Whoohoo.

hash.txt is our gold.

Let’s take a look before someone notices you:

Here’s the list of accounts on the server. We only have two:

  • Administrator
  • Guest

The 500 after Administrator means it’s an admin. So if you saw another account named Vonnie:500 you would know Vonnie is also an admin.

The exit!

After verifying the hash, you furtively save the file to your jump drive, eject the Kali Linux CD and dash out the server room.

You now have everything you need to crack the password offline.

The Bottom Line

Crack Licencias Terminal Server 2012 R2 Sp3

Don’t be overconfident.

Crack Licencias Terminal Server 2012 R2 Sp2

If someone is motivated enough they can break any security system. I don’t care how much money you’ve spent on locking down your servers, securing the perimeter and educating your staff. If someone wants in to your company they’re going to get in. The best you can do is slow them down.

Perfect security doesn’t exist.

Tomorrow I’ll show you how to crack the Windows Server 2012 hashes was filched.

Posted in How To, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: Hacked, Security, Tricks, Tutorial