Welcome Sign in
Skip Navigation Links
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
System Services
Enterprise Services
Terminal Services
 Providing for RDP Client Security
Providing for RDP Client Security

To allow clients to protect themselves from potentially untrustworthy servers, some properties of the Remote Desktop ActiveX control object are restricted to specific Internet Explorer URL security zones. This means that, when a user browsing the Web accesses the page and the page is in a higher URL security zone than the computer they are browsing the Web with, these properties are disabled. These restricted properties are accessed using the IMsTscSecuredSettings interface and the IMsRdpClientSecuredSettings interface, and are available in the following Internet Explorer URL security zones:

  • My computer
  • Local intranet
  • Trusted sites

They are disabled in these zones:

  • Internet
  • Restricted sites

If you call these restricted properties within your Terminal Services Web application, you should call IMsTscAx::get_SecuredSettings and IMsTscAx::get_SecuredSettingsEnabled to access the Secured Settings properties.

The restricted properties that the IMsTscSecuredSettings interface accesses are the following:

  • StartProgram. This property specifies the program that will be started upon connection.
  • WorkDir. This property specifies the working directory of the program specified in StartProgram.
  • FullScreen. This property specifies whether the state of the control upon connection will be in full-screen or windowed mode. If the value of this property is TRUE, the connection will be opened in full-screen mode. Although the use of the FullScreen property is restricted to the Internet Explorer URL security zones listed earlier, a user can always change to full-screen mode after connection by pressing the full-screen mode shortcut key combination (CTRL+ALT+BREAK).

The properties that the IMsRdpClientSecuredSettings interface accesses are the following:

  • AudioRedirectionMode. This property specifies whether to redirect sounds, or play sounds at the terminal server.
  • KeyboardHookMode. This property specifies how and when to apply Microsoft Windows key combinations; for example, ALT+TAB.

The following script launches Microsoft Notepad.exe upon connection. Run this script before calling the IMsTscAx::Connect method.

if MsRdpClient.SecuredSettingsEnabled then
    MsRdpClient.SecuredSettings.StartProgram = "notepad.exe"
else
    msgbox "Cannot access secured setting (startprogram) in the current browser zone"
end if

Send comments about this topic to Microsoft

Build date: 9/4/2008

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker