Terminal Services Advanced Client TSAC Alvin Loh Support Engineer Platforms Server Support Microsoft

1
Terminal Services Advanced Client (TSAC)Alvin
LohSupport EngineerPlatforms Server
SupportMicrosoft Corporation
2
What Is the Terminal Services Advanced Client?

• The Terminal Services client is an ActiveX
  control that comes in three flavors
• A Web package to be embedded in a Web page
• A Terminal Services Connection MMC Snap-in
• A full Standard Client as an MSI file
• http//www.microsoft.com/windows2000/downloads/re
  commended/TSAC/default.asp
• Ships in the value-add directory of Microsoft
  Windows 2000 SP1 CD, but is not part of SP1

3
What Are the Benefits?

• The old way of accessing a Windows NT 4.0
  Terminal Server or Windows 2000 Server with
  Terminal Services was through the Standard Client
• Terminal Server client software needed to be
  installed on each machine that needed access to a
  Terminal Server
• With the Terminal Services Advanced Client,
  installation of the Standard Client software is
  no longer required
• Now users are pointed to a Web page and the
  Terminal Services Advanced Client ActiveX control
  runs inside of Internet Explorer

4
Standard Client Connection UI

• Standard Client
• Local printer redirection
• Clipboard redirection
• Remote control
• Virtual channels
• Encryption

5
Advanced Client UI Is Internet Explorer

• Advanced Client
• Local printer redirection
• Clipboard redirection
• Remote control
• Virtual channels
• Encryption

Feature Parity Between Standard Client and
Advanced Client
6
Whats Required for the Installation of the TSAC?

• Requires the Tswebsetup.exe file from
  Microsoft.com (link provided earlier).
• Needs to install Web page and ActiveX control on
  a server running IIS 4.0 or higher. Will go into
  the ltdrivegt\inetpub\wwwroot\tsweb directory.
• Server can be Windows NT 4.0 Server or Windows
  2000.
• Client side must have IE 4.0 or higher.
• Thin clients can use the control as well if they
  have support for ActiveX

7
What Happens When I Arrive at a Page with the
ActiveX Control?

• If the client is using IE 4.0 or higher and it
  hits a Web page with the control embedded in it,
  it will download the Mstscax.cab file referenced
  by the CODEBASE parameter of the OBJECT tag if
  the following is true
• The computer that accessed the Web page doesn't
  have an installation of the TSAC
• The computers version of the .cab file is older
  than the version on the Web page

8
What Happens Next?

• Internet Explorer downloads the control
• Mstscax.cab file is uncompressed
• ActiveX control is installed in the default
  location for downloaded controls on the target
  computer
• In Windows 2000 its ltwindirgt\Downloaded Program
  Files
• Terminal Services Advanced Client opens in a Web
  page, depending on the parameters passed
• TSAC uses port 3389 to connect to the terminal
  server

9
Levels of Encryption

• The Terminal Server Standard Clients level of
  encryption is identical to the servers
  encryption at the time the client creator disks
  were installed
• The Terminal Services Advanced Client is 128-bit
  enabled by default

10
Embedding the ActiveX Control in a Web Page

• ltOBJECT language"vbscript" ID"MsTscControl"gt
• CLASSID"CLSID 1fb464c8-09bb-4017-a2f5-eb742f0
  4392f"
• WIDTH"400"
• HEIGHT"300"
• CODEBASE path\mstscax.cabVersion a, b, c,
  d,gt
• ltPARAM NAME property1 value
  property1valuegt
• ltPARAM NAME property2 value
  property2valuegt
• ...
• ...
• lt\OBJECTgt
• CLSID must be exactly as it appears, otherwise
  the control will not initialize.
• This code must be in an ASP page as well.

11
Specifiable Variables for the Code

• WIDTH the width of the Terminal Services
  session displayed in the page.
• HEIGHT the height of the Terminal Services
  session.
• CODEBASE of the Terminal Services ActiveX
  Client Control (Mstscax.cab). This file is in the
  directory where you installed the ActiveX Client
  Control and sample pages (Default
  C\Inetpub\Wwwroot\Tsweb).
• PARAMNAME can be any of the parameters
  supported in Msrdp.ocx (located inside
  Mstscax.cab files). To view these parameters we
  need to use the Oleview.exe tool or Visual Basic
  Object Browser. The most common ones are listed
  in Connect.asp.

12
Introduction to the Secured Settings Interface

• Exposed interfaces that allow us to do extra
  things
• Only work in the following Internet Explorer
  security zones
• My Computer
• Local Intranet Sites
• Trusted Sites
• Does not work in these zones
• Internet
• Restricted Sites

13
Main API Calls

• SecuredSettingsEnabled returns a BOOL
  indicating whether or not the secured settings
  are accessible.
• SecuredSettings returns the Secured Settings
  Interface. Returns failure if the page containing
  the control is not in one of the allowed zones.

14
Some Secured Settings Interface Methods

• FullScreen
• Specifies the full-screen/windowed state of the
  control upon connection. Set to TRUE to open the
  connection in full-screen mode.
• FullScreen property is restricted in Internet
  Zone and Restricted Sites Zone however, a user
  can always change to FullScreen mode after
  connection by pressing CtrlAltBreak.
• StartProgram
• Specifies a program to start upon connection.
• WorkDir
• Specifies the working directory for a program
  specified in StartProgram.

15
Scripting the Secured Settings Interface in
VBScript

• if MsTsc.SecuredSettingsEnabled then
• MsTsc.SecuredSettings.StartProgram
  "notepad.exe"
• else
• msgbox "Cannot access secured setting
  (startprogram) in the current browser zone"
• end if
• See Connect.asp for more information

16
Client-Side Bitmap Caching and Compression

• Compression and client-side bitmap caching are
  enabled by default
• For clients with low disk space persistent bitmap
  caching can be turned off
• IMsTscAdvancedSettingsput_BitmapPeristence
  method
• Note Misspelling of the method
• Syntax HRESULT put_BitmapPeristence (long
  bitmapPeristence)
• Parameters bitmapPeristence is a LONG value.
  Bitmap caching is enabled if set to 1, otherwise
  it is disabled.

17
Additional Client Security Settings

• Disable Clipboard redirection
• HKLM\Software\Microsoft\Terminal
  Server\DisableClipRedirection
• Disable local printer redirection
• HKLM\Software\Microsoft\Terminal
  Server\DisablePrinterRedirection
• Note Set the value of both keys to DWORD 1
• Can use login script to push these out

18
Terminal Services MMC Connection Snap-in

• This tool enables administrators to host multiple
  Terminal Services connections in an easily
  navigable tree and it is useful for managing many
  Terminal Servers.
• Passwords are encrypted for the user that is
  logged on and is only accessible to them.

19
Additional Reading

• Scripting the Terminal Services Advanced Client
  (MSDN Article)
• http//msdn.microsoft.com/library/techart/w2ktsac.
  htm
• Frequently Asked Questions
• http//www.microsoft.com/windows2000/library/opera
  tions/terminal/tsacfaq.asp
• Windows 2000 Terminal Services
• http//www.microsoft.com/windows2000/library/techn
  ologies/terminal/default.asp
• Windows NT 4.0 Terminal Server Edition
• http//www.microsoft.com/ntserver/terminalserver/d
  efault.asp

20
(No Transcript)