Title: Terminal Services Advanced Client TSAC Alvin Loh Support Engineer Platforms Server Support Microsoft
1Terminal Services Advanced Client (TSAC)Alvin
LohSupport EngineerPlatforms Server
SupportMicrosoft Corporation
2What Is the Terminal Services Advanced Client?
- The Terminal Services client is an ActiveX
control that comes in three flavors - A Web package to be embedded in a Web page
- A Terminal Services Connection MMC Snap-in
- A full Standard Client as an MSI file
- http//www.microsoft.com/windows2000/downloads/re
commended/TSAC/default.asp - Ships in the value-add directory of Microsoft
Windows 2000 SP1 CD, but is not part of SP1
3What Are the Benefits?
- The old way of accessing a Windows NT 4.0
Terminal Server or Windows 2000 Server with
Terminal Services was through the Standard Client - Terminal Server client software needed to be
installed on each machine that needed access to a
Terminal Server - With the Terminal Services Advanced Client,
installation of the Standard Client software is
no longer required - Now users are pointed to a Web page and the
Terminal Services Advanced Client ActiveX control
runs inside of Internet Explorer
4Standard Client Connection UI
- Standard Client
- Local printer redirection
- Clipboard redirection
- Remote control
- Virtual channels
- Encryption
5Advanced Client UI Is Internet Explorer
- Advanced Client
- Local printer redirection
- Clipboard redirection
- Remote control
- Virtual channels
- Encryption
Feature Parity Between Standard Client and
Advanced Client
6Whats Required for the Installation of the TSAC?
- Requires the Tswebsetup.exe file from
Microsoft.com (link provided earlier). - Needs to install Web page and ActiveX control on
a server running IIS 4.0 or higher. Will go into
the ltdrivegt\inetpub\wwwroot\tsweb directory. - Server can be Windows NT 4.0 Server or Windows
2000. - Client side must have IE 4.0 or higher.
- Thin clients can use the control as well if they
have support for ActiveX
7What Happens When I Arrive at a Page with the
ActiveX Control?
- If the client is using IE 4.0 or higher and it
hits a Web page with the control embedded in it,
it will download the Mstscax.cab file referenced
by the CODEBASE parameter of the OBJECT tag if
the following is true - The computer that accessed the Web page doesn't
have an installation of the TSAC - The computers version of the .cab file is older
than the version on the Web page
8What Happens Next?
- Internet Explorer downloads the control
- Mstscax.cab file is uncompressed
- ActiveX control is installed in the default
location for downloaded controls on the target
computer - In Windows 2000 its ltwindirgt\Downloaded Program
Files - Terminal Services Advanced Client opens in a Web
page, depending on the parameters passed - TSAC uses port 3389 to connect to the terminal
server
9Levels of Encryption
- The Terminal Server Standard Clients level of
encryption is identical to the servers
encryption at the time the client creator disks
were installed - The Terminal Services Advanced Client is 128-bit
enabled by default
10Embedding the ActiveX Control in a Web Page
- ltOBJECT language"vbscript" ID"MsTscControl"gt
- CLASSID"CLSID 1fb464c8-09bb-4017-a2f5-eb742f0
4392f" - WIDTH"400"
- HEIGHT"300"
- CODEBASE path\mstscax.cabVersion a, b, c,
d,gt - ltPARAM NAME property1 value
property1valuegt - ltPARAM NAME property2 value
property2valuegt - ...
- ...
- lt\OBJECTgt
- CLSID must be exactly as it appears, otherwise
the control will not initialize. - This code must be in an ASP page as well.
11Specifiable Variables for the Code
- WIDTH the width of the Terminal Services
session displayed in the page. - HEIGHT the height of the Terminal Services
session. - CODEBASE of the Terminal Services ActiveX
Client Control (Mstscax.cab). This file is in the
directory where you installed the ActiveX Client
Control and sample pages (Default
C\Inetpub\Wwwroot\Tsweb). - PARAMNAME can be any of the parameters
supported in Msrdp.ocx (located inside
Mstscax.cab files). To view these parameters we
need to use the Oleview.exe tool or Visual Basic
Object Browser. The most common ones are listed
in Connect.asp.
12Introduction to the Secured Settings Interface
- Exposed interfaces that allow us to do extra
things - Only work in the following Internet Explorer
security zones - My Computer
- Local Intranet Sites
- Trusted Sites
- Does not work in these zones
- Internet
- Restricted Sites
13Main API Calls
- SecuredSettingsEnabled returns a BOOL
indicating whether or not the secured settings
are accessible. - SecuredSettings returns the Secured Settings
Interface. Returns failure if the page containing
the control is not in one of the allowed zones.
14Some Secured Settings Interface Methods
- FullScreen
- Specifies the full-screen/windowed state of the
control upon connection. Set to TRUE to open the
connection in full-screen mode. - FullScreen property is restricted in Internet
Zone and Restricted Sites Zone however, a user
can always change to FullScreen mode after
connection by pressing CtrlAltBreak. - StartProgram
- Specifies a program to start upon connection.
- WorkDir
- Specifies the working directory for a program
specified in StartProgram.
15Scripting the Secured Settings Interface in
VBScript
- if MsTsc.SecuredSettingsEnabled then
- MsTsc.SecuredSettings.StartProgram
"notepad.exe" - else
- msgbox "Cannot access secured setting
(startprogram) in the current browser zone" - end if
- See Connect.asp for more information
16Client-Side Bitmap Caching and Compression
- Compression and client-side bitmap caching are
enabled by default - For clients with low disk space persistent bitmap
caching can be turned off - IMsTscAdvancedSettingsput_BitmapPeristence
method - Note Misspelling of the method
- Syntax HRESULT put_BitmapPeristence (long
bitmapPeristence) - Parameters bitmapPeristence is a LONG value.
Bitmap caching is enabled if set to 1, otherwise
it is disabled.
17Additional Client Security Settings
- Disable Clipboard redirection
- HKLM\Software\Microsoft\Terminal
Server\DisableClipRedirection - Disable local printer redirection
- HKLM\Software\Microsoft\Terminal
Server\DisablePrinterRedirection - Note Set the value of both keys to DWORD 1
- Can use login script to push these out
18Terminal Services MMC Connection Snap-in
- This tool enables administrators to host multiple
Terminal Services connections in an easily
navigable tree and it is useful for managing many
Terminal Servers. - Passwords are encrypted for the user that is
logged on and is only accessible to them.
19Additional Reading
- Scripting the Terminal Services Advanced Client
(MSDN Article) - http//msdn.microsoft.com/library/techart/w2ktsac.
htm - Frequently Asked Questions
- http//www.microsoft.com/windows2000/library/opera
tions/terminal/tsacfaq.asp - Windows 2000 Terminal Services
- http//www.microsoft.com/windows2000/library/techn
ologies/terminal/default.asp - Windows NT 4.0 Terminal Server Edition
- http//www.microsoft.com/ntserver/terminalserver/d
efault.asp
20(No Transcript)