Export (0) Print
Expand All
0 out of 2 rated this helpful - Rate this topic

Win32_TSGeneralSetting class

The Win32_TSGeneralSetting WMI class represents general settings of the terminal such as the encryption level and transport protocol.

The following syntax is simplified from MOF code and includes all defined and inherited properties, in alphabetical order. For reference information on methods, see the table of methods later in this topic.

Syntax

[dynamic, provider("Win32_WIN32_TSGENERALSETTING_Prov")]class Win32_TSGeneralSetting : Win32_TerminalSetting
{
  string Caption;
  string CertificateName;
  uint8  Certificates[];
  string Comment;
  string Description;
  uint32 MinEncryptionLevel;
  uint32 PolicySourceMinEncryptionLevel;
  uint32 PolicySourceSecurityLayer;
  uint32 PolicySourceUserAuthenticationRequired;
  uint32 SecurityLayer;
  string SettingID;
  string SSLCertificateSHA1Hash;
  uint32 SSLCertificateSHA1HashType;
  string TerminalName;
  string TerminalProtocol;
  string Transport;
  uint32 UserAuthenticationRequired;
  uint32 WindowsAuthentication;
};

Members

The Win32_TSGeneralSetting class has these types of members:

Methods

The Win32_TSGeneralSetting class has these methods.

MethodDescription
SetEncryptionLevel

Sets the encryption level.

SetSecurityLayer

Sets the security layer to one of "RDP Security Layer" (0), "Negotiate" (1), or "SSL" (2).

Note  Support for this method was introduced in Windows Server 2003 with SP1.

SetUserAuthenticationRequired

Enables or disables the requirement that users must be authenticated at connection time by setting the value of the UserAuthenticationRequired property.

Windows Server 2003 and Windows XP:  This method is not available.

 

Properties

The Win32_TSGeneralSetting class has these properties.

Caption
Data type: string
Access type: Read-only
Qualifiers: MaxLen (64)

Short textual description (one-line string) of the CIM_Setting object. This property is inherited from CIM_Setting.

CertificateName
Data type: string
Access type: Read-only

Display name for the local computer personal certificate subject name.

Windows Server 2003 and Windows XP:  This property is not available.

Certificates
Data type: uint8 array
Access type: Read-only

Contains a serialized certificate store that contains all of the certificates from the My user account store on the computer that are valid server certificates for use with secure sockets layer (SSL).

Windows Server 2003 and Windows XP:  This property is not available.

Comment
Data type: string
Access type: Read/write

Descriptive name of the combination of session layer and transport protocol.

Description
Data type: string
Access type: Read-only

Description of the CIM_Setting object. This property is inherited from CIM_Setting.

MinEncryptionLevel
Data type: uint32
Access type: Read-only

The minimum encryption level. Windows Server 2003 supports all 4 levels. Windows XP supports levels 2 and 3 only.

ValueMeaning
1

Low level of encryption. Only data sent from the client to the server is encrypted using 56-bit encryption. Be aware that data sent from the server to the client is not encrypted.

2

Client compatible level of encryption. All data sent from client to server and from server to client is encrypted at the maximum key strength supported by the client.

3

High level of encryption. All data sent from client to server and from server to client is encrypted using strong 128-bit encryption. Clients that do not support this level of encryption cannot connect.

4

FIPS compliant encryption. All data sent from client to server and from server to client is encrypted and decrypted with the Federal Information Processing Standard (FIPS) encryption algorithms using the Microsoft cryptographic modules. FIPS is a standard entitled "Security Requirements for Cryptographic Modules". FIPS 140-1 (1994) and FIPS 140-2 (2001) describe government requirements for hardware and software cryptographic modules used within the U.S. government.

 

PolicySourceMinEncryptionLevel
Data type: uint32
Access type: Read-only

Indicates whether the MinEncryptionLevel property is configured by the server, by group policy, or by default.

Windows Server 2003 and Windows XP:  This property is not available.

ValueMeaning
0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

 

PolicySourceSecurityLayer
Data type: uint32
Access type: Read-only

Indicates whether the SecurityLayer property is configured by the server, by group policy, or by default.

Windows Server 2003 and Windows XP:  This property is not available.

ValueMeaning
0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

 

PolicySourceUserAuthenticationRequired
Data type: uint32
Access type: Read-only

Indicates whether the UserAuthenticationRequired property is configured by the server, by group policy, or by default.

Windows Server 2003 and Windows XP:  This property is not available.

ValueMeaning
0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

 

SecurityLayer
Data type: uint32
Access type: Read-only

Specifies the security layer used between the client and server.

Note  Support for this property was introduced in Windows Server 2003 with SP1.

ValueMeaning
RDP Security Layer
1 (0x1)

Communication between the server and the client uses native RDP encryption.

Negotiate
2

The most secure layer that is supported by the client is used. If supported, SSL (TLS 1.0) is used.

SSL
3

SSL (TLS 1.0) is used for server authentication and for encrypting all data transferred between the server and the client. This setting requires the server to have an SSL-compatible certificate. This setting is not compatible with a MinEncryptionLevel value of 1.

4 (0x4)

New security layer in Windows Vista.

 

SettingID
Data type: string
Access type: Read-only
Qualifiers: MaxLen (256)

Identifier by which the CIM_Setting object is known. This property is inherited from CIM_Setting.

SSLCertificateSHA1Hash
Data type: string
Access type: Read/write

Specifies the SHA1 hash in hexadecimal format of the SSL certificate for the target server to use.

The thumbprint of a certificate may be found using the Certificates MMC snap-in on the Details tab of the certificate properties page.

Note  Support for this property was introduced in Windows Server 2003 with SP1.

SSLCertificateSHA1HashType
Data type: uint32
Access type: Read-only

Indicates the state of the SSLCertificateSHA1Hash property.

ValueMeaning
0 (0x0)

Not valid

1 (0x1)

Default self-signed

2 (0x2)

Default group policy enforced

3 (0x3)

Custom

 

TerminalName
Data type: string
Access type: Read-only
Qualifiers: Key

The name of the terminal.

TerminalProtocol
Data type: string
Access type: Read-only

The name of the session layer protocol; for example, Microsoft RDP 5.0.

Transport
Data type: string
Access type: Read-only

The type of transport used in the connection; for example, TCP, NetBIOS, or IPX/SPX.

UserAuthenticationRequired
Data type: uint32
Access type: Read-only

Specifies the type of user authentication used for remote connections. If set to 1, which means enabled, UserAuthenticationRequired requires user authentication at connection time to increase server protection against network attacks. Only Remote Desktop Protocol (RDP) clients that support RDP version 6.0 or higher are able to connect. To avoid disruptions for remote users, it is recommended that you deploy RDP clients supporting the appropriate protocol version before you enable the property.

Use the SetUserAuthenticationRequired method to enable or disable this property.

Windows Server 2003 and Windows XP:  This property is not available.

ValueMeaning
0 (0x0)

User authentication at connection is disabled.

1 (0x1)

User authentication at connection is enabled.

 

WindowsAuthentication
Data type: uint32
Access type: Read/write

Specifies whether the connection defaults to the standard Windows authentication process or to another authentication package that has been installed on the system.

ValueMeaning
0 (0x0)

Does not default to the standard Windows authentication process.

1 (0x1)

Defaults to the standard Windows authentication process.

 

Remarks

Be aware that window stations not associated with the console session cannot access the methods and properties of this class. If an attempt is made to do so by specifying "Console" as the value of the TerminalName property, methods of this object will return WBEM_E_NOT_SUPPORTED. This error code will also be returned if a window station attempts to call methods of this object for the purpose of adding or modifying the security properties of the LocalSystem, LocalService, or NetworkService accounts.

To connect to the \root\CIMV2\TerminalServices namespace, the authentication level must include packet privacy. For C/C++ calls, this is an authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY. For Visual Basic and scripting calls, this is an authentication level of WbemAuthenticationLevelPktPrivacy or "pktPrivacy", with a value of 6. The following Visual Basic Scripting Edition (VBScript) example shows how to connect to a remote computer with packet privacy.

strComputer = "RemoteServer1" 
Set objServices = GetObject( _
    "winmgmts:{authenticationLevel=pktPrivacy}!Root/CIMv2/TerminalServices")

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Microsoft Windows Software Development Kit (SDK). They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Namespace

\root\CIMV2\TerminalServices on Windows Vista and Windows Server 2008, \root\CIMV2 on Windows XP and Windows Server 2003

MOF

Tscfgwmi.mof

DLL

Tscfgwmi.dll

See also

Win32_TerminalSetting

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.