Wiki Home

Terminal Services Advanced Client


Namespace: WIN_COM_API
A place to talk about the Terminal Services Advanced Client? (TSAC)

The Terminal Services Advanced Client (TSAC) is a Win32®-based ActiveX® control (COM object) that can be used to run Terminal Services sessions within Microsoft Internet Explorer. The TSAC Web package includes the downloadable ActiveX control and sample Web pages that can be used as a starting point for running Windows-based programs inside Internet Explorer. Developers can also use the TSAC to develop client-side applications that interact with applications running on a terminal server.


You can get it on the W2K SP1 CD ('valuadd') director, or here:
http://www.microsoft.com/windows2000/downloads/recommended/TSAC/default.asp

I've set this up and played with it a bit. It takes about 5 min. to get going and seems to work quite well. I have some security concerns so I'll have to do some more reading before I use this in production, but over all, it seems like a nice idea. Anyone else play with it? - ?lc

hmm. I am interested in this topic as well ... ?cs

Also interesting:
http://msdn.microsoft.com/library/techart/w2ktsac.htm


My experience so far - by Paul James
I think the TSAC is VERY cool. As for security, If you use Windows 2000 authentication to access the connect page and setup RDP to use 128-bit encryption on the server, I would have to say that it is probably at least as secure as HTTPS.

This is my first foray into using Terminal Services. I chose the TSAC ActiveX because it is lightweight, can be connected from any web-enabled device, and doesn't require a client-side installation (other than the Automatic download/install of the ActiveX control from the default page. I am using a Windows 2000 server. I am running IIS 5.0. I am just using the sample web pages that came with the ActiveX package for now.

If you haven't installed Terminal Services:
You should read up on how to configure Terminal Services. Install Terminal Services on the server (from the Control Panel - Add/Remove Software). Setup Terminal Services in "Application Server" mode. Configure terminal services as you need.

How do you use the ActiveX Web Client?
Simple, download/install the sample web pages from Microsoft. You will need to have IIS running on the server.
Setup a "web site" for users to access the sample page. The sample includes an automatic install for web-clients so that when they try to connect to the web page, it will automatically prompt them to install the ActiveX control. You should setup security on the page through IIS so that a user must login and authenticate to the server before getting to the page. Terminal Services is almost certainly something you don't want to allow "Anonymous" access to.

For additional security, I have embedded the TSAC control in a VFP form (see the Wiki downloads section for TSAC).
Why use a form? If you can simply fire up a web browser and navigate to the server site, why use a VFP form (that does require a client install)? In a word, SECURITY. I can use a form like this to open certain files or registry entries to make sure the user is logging in from a valid site. If a client has 30 offices, many of which do not have static IP's and no VPN, how do I ensure that when an employee quits that they don't just go home, login to the server using the TSAC via a browser, and do major damage? Remove their user ID? Most users know other people's logins and passwords. I can use this form to pass information to the server (and remove the ability to enter that information via the web). I can also use this form to open a database or registry entries that must exist before any connection can be made.

Notes
Microsoft actually provides two controls that you can embed in a form: The TSAC ActiveX Web Control (which I use on my sample form) and the RDP which is the "full implementation" of the Terminal Services client.
Both controls use Microsoft's RDP (encrypted protocol), but the one referred to (internally) as the RDP exposes more interfaces, etc. The drawbacks to the full client are installation of the client and the fact that you would need
to create a VFP class that would allow you to receive notification of events fired from the RDP (OnConnected, OnDisconnected, etc.). The web control version exposes these events within the .OCX. There are also three versions of the RDP (protocol); version 4.0, 5.0 and 5.1. Windows NT 4 uses the 4.0 version, Windows 2000 and the TSAC use the 5.0 version, and Windows XP includes the 5.1 RDP. Version 5.1 has several new interfaces, properties, etc.

You can find notes on the ActiveX API at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/tsovr_1vho.asp

I also highly recommend using the VFP Object Browser to look at the interfaces, properties, etc. (Don't forget that you can drag-and-drop and interface from the Object Browser to a code window to automatically create an interface implementation class. It's not perfect, and doesn't always work the first time.)


Contributors: Lauren Clarke, Paul James
Category Thin Client
( Topic last updated: 2002.07.02 12:23:59 PM )