Remote Desktop users registry key
To add the user jscott to the group Remote Desktop Users: net localgroup "Remote Desktop Users" jscott /ADD If you're in an Active Directory domain environment, you can simply add a domain group (e.g., "Desktop Remote Users", or the like) to the local Remote Desktop Users group. Have a look at Group Policy Restricted Groups to manage these memberships. You can then manage the members of the domain group without having to update the workstations. If the local group is missing, you will need to recreate it and assign it permissions. Create the group NET LOCALGROUP "Remote Desktop Users" /ADD, then open the local security policy editor secpol.msc and grant the group "Allow log on though Remote Desktop Services". You can also do this via Group Policy in a domain environment. I would be curious to know how this group disappeared, if it was not just deleted. Perhaps another SF'er will know.
The relevant configuration options for terminal servers, terminal server sessions, users, and clients can be found in different places in the registry. The administration tools and Group Policies, described in the previous chapters, usually change several registry values. The following section provides you with information on their paths and default values.
We will first examine those areas of the registry that are vital to the global configuration of the terminal server and its sessions. These areas are located in the HKLM root hive. One of the central HKLM root hive areas can be found under SYSTEM\CurrentControlSet and SYSTEM\ControlSet00n. The numbered ControlSet001 and ControlSet002 subkeys contain control information that is needed to start and keep Windows Server 2003 running. One of these two numbered subkeys is the original; the other is the backup copy. On startup, the system determines which one of the keys is the original and saves the result under HKLM\SYSTEM\Select. The last successful set of control information is saved in HKLM\SYSTEM\CurrentControlSet. The three sets of control information are for the most part identical, but only one is valid and used by the system.
The HKLM\SYSTEM\ControlSet001HKLM\SYSTEM\ControlSet001\Control\Terminal Server hive allows you to configure general settings, just as you can under Terminal Services configuration or Group Policies. Some of the values described here will be discussed in detail later in this chapter.
In addition to individual values, this path holds several subkeys that, in turn, contain keys and values for Terminal Services configuration.
In Table 6.3, the last elements listed are the Wds and WinStations keys. They play a key role in configuring the RDP protocol and user sessions. Because some keys might exist in several hives, they should be explained in more detail. It is impossible to list and explain all keys in this book, so the following tables show only a selection of the most important configuration options. They can be found in one or more of these registry hives:
Table 6.4 lists the so-called flags. Flags are binary values that make a statement true (1) or false (0).
Table 6.5 lists the most important keys with the REG_DWORD data type. These are often directly related to one of the flags listed in the preceding table.
Finally, Table 6.6 shows the most important keys of the REG_SZ data type.
The HKLM\SYSTEM\ControlSet001\Services\TermDD hive contains the attributes of the Termdd.sys terminal device driver. However, do not change these attributes. You can find the device driver’s path and start option here. An adjoining hive, called HKLM\SYSTEM\ControlSet001\Services\TermService, hosts both the configuration of Terminal Services within the generic Svchost.exe Windows service and of the Services.exe process. The keys you find there include, for example, the display name, description, complete path, or start options as also listed under services administration. The subkeys show license settings and parameters for the performance indicator object of the system monitor.
If you log registry access in a focused manner during logon of a user session, you will gain interesting insights into the corresponding initialization processes. For example, which areas relevant for terminal servers does the Winlogon.exe logon process access? One piece of information needed during logon concerns creating or loading the user profile. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. These keys contain the default paths for a default user (DefaultUser), general user (AllUsers), and individual user profiles. Furthermore, you can find a list of all users who have logged on to the system here. If a user logs on to the terminal server for the first time, he or she inherits both the normal default user settings and the default values for the terminal server session. They are saved under HKLM\SYSTEM\ControlSet001HKLM\SYSTEM\ControlSet001\Control\Terminal Server\DefaultUserConfiguration. Another relevant area is located under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. It includes the AppSetup key that defines a special script file called UsrLogon.cmd. This script file is executed along with a possible logon script on startup of each terminal server session. (See Chapter 7.) The same location also contains the WinStationDisabled key that either denies (0) or allows (1) new terminal server users to log on, regardless of the protocol. At the prompt, you can modify this value using the Change logon /enable or Change logon /disable prompts. The HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv area is also needed for logon. It defines a specific logic as a response to system events. When a user logs on, even driver configuration is accessed. The area reserved for terminal servers is located under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP. The video driver configuration plays a certain role for the user session, too. For instance, Explorer.exe needs the corresponding data that is located here: HKLM\SYSTEM\ControlSet001HKLM\SYSTEM\ControlSet001\Control\Terminal Server\VIDEO\rdpdd under the \Device\Video0 key. If local Group Policies for Terminal Services settings were established, these must be loaded at the right time, of course. This happens during logon with keys found under HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services and the EnableAdminTSRemote key under HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer. However, these areas can be fairly empty if no or just a few local Group Policies were predefined.
Connecting and managing printers for terminal servers is a very complex topic. (See Chapter 4.) This fact is also quite evident in the registry. The general configuration of the printers used and the associated driver information are located under HKLM\System\CurrentControlSet\Control\Print. You will find references to the currently installed printer drivers of the terminal server under HKLM\SYSTEM\ControlSet001\Control\Print\Environments\WindowsNTx86\Drivers\Version-3\
If you do not want to install printer drivers from sources that might not be controllable, you have the option of choosing a binding path. This path is called a trusted printer driver path. To configure this behavior, you need to add the following keys to HKLM\SYSTEM\ControlSet001\Control\Print\Providers\LanManPrintServices\servers:
It is important that the structure of the \\Server name\Share folder mirror the %SystemRoot%\system32\spool\drivers\w32x86 folder. If all the data was properly entered, printer drivers can be installed only from the predefined source, allowing complete control of the printer drivers used.
The registry’s user-specific section also contains keys that are relevant to the terminal server. For example, the HKCU\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server hive has the key called LastUserIniSyncTime. This key indicates the last system time a user-specific .ini file was synchronized to its corresponding system-wide .ini file (discussed later in this chapter). If a user has administrator permissions, there is an additional key called TSADMIN here, containing several subkeys. These subkeys allow access to attributes for connection options, alerts, refresh rates, keyboard shortcuts for remote control, server list options, and display values for system processes in the Task Manager. After a user session has been established, it has its own ID (SESSIONNAME). It is located next to the client name (CLIENTNAME) and the logon server name (LOGONSERVER) in the HKCU\Volatile Environment section of the registry. Use the following registry sections to define all relevant user folders in which to save data about the applications, desktop, local settings, personal files, network environment, print environment, or start menu:
|