Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Win32_TSGeneralSetting

Win32_TSGeneralSetting class

The Win32_TSGeneralSetting WMI class represents general settings of the terminal such as the encryption level and transport protocol.

The following syntax is simplified from MOF code and includes all defined and inherited properties, in alphabetical order. For reference information on methods, see the table of methods later in this topic.

Syntax

[dynamic, provider("Win32_WIN32_TSGENERALSETTING_Prov"), ClassContext("local|hkey_local_machine\\SYSTEM\\CurrentControlSet\\Control\\TerminalServer\\WinStations"), AMENDMENT]
class Win32_TSGeneralSetting : Win32_TerminalSetting
{
  string   Caption;
  string   CertificateName;
  uint8    Certificates[];
  string   Comment;
  string   Description;
  uint32   MinEncryptionLevel;
  uint32   PolicySourceMinEncryptionLevel;
  uint32   PolicySourceSecurityLayer;
  uint32   PolicySourceUserAuthenticationRequired;
  uint32   SecurityLayer;
  string   SettingID;
  string   SSLCertificateSHA1Hash;
  uint32   SSLCertificateSHA1HashType;
  string   TerminalName;
  string   TerminalProtocol;
  string   Transport;
  uint32   UserAuthenticationRequired;
  uint32   WindowsAuthentication;
  datetime InstallDate;
  string   Name;
  string   Status;
};

Members

The Win32_TSGeneralSetting class has these types of members:

Methods

The Win32_TSGeneralSetting class has these methods.

MethodDescription
SetEncryptionLevel

Sets the encryption level.

SetSecurityLayer

Sets the security layer to one of "RDP Security Layer" (0), "Negotiate" (1), or "SSL" (2).

SetUserAuthenticationRequired

Enables or disables the requirement that users must be authenticated at connection time by setting the value of the UserAuthenticationRequired property.

 

Properties

The Win32_TSGeneralSetting class has these properties.

Caption
Data type: string
Access type: Read-only
Qualifiers: MaxLen (64)

Short textual description (one-line string) of the object. This property is inherited from CIM_ManagedSystemElement.

CertificateName
Data type: string
Access type: Read-only

Display name for the local computer personal certificate subject name.

Certificates
Data type: uint8 array
Access type: Read-only

Contains a serialized certificate store that contains all of the certificates from the My user account store on the computer that are valid server certificates for use with secure sockets layer (SSL).

Comment
Data type: string
Access type: Read/write

Descriptive name of the combination of session layer and transport protocol.

Description
Data type: string
Access type: Read-only

Description of the object. This property is inherited from CIM_ManagedSystemElement.

InstallDate
Data type: datetime
Access type: Read-only
Qualifiers: Mappingstrings ("MIF.DMTF|ComponentID|001.5")

The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

This property is inherited from CIM_ManagedSystemElement.

MinEncryptionLevel
Data type: uint32
Access type: Read-only
Qualifiers: Low ("Only data sent from client to server is protected by encryption based on server's standard key strength. Data sent from Server to client is not protected.") , Medium ("All data sent between Server and client is protected by encryption based on server's standard key strength.") , High ("All data sent between Server and client is protected by encryption based onserver's maximum key strength.")

The minimum encryption level.

ValueMeaning
Low
1

Low level of encryption. Only data sent from the client to the server is encrypted using 56-bit encryption. Be aware that data sent from the server to the client is not encrypted.

Medium / Client Compatible
2

Client compatible level of encryption. All data sent from client to server and from server to client is encrypted at the maximum key strength supported by the client.

High
3

High level of encryption. All data sent from client to server and from server to client is encrypted using strong 128-bit encryption. Clients that do not support this level of encryption cannot connect.

FIPS Compliant
4

FIPS compliant encryption. All data sent from client to server and from server to client is encrypted and decrypted with the Federal Information Processing Standard (FIPS) encryption algorithms using the Microsoft cryptographic modules. FIPS is a standard entitled "Security Requirements for Cryptographic Modules". FIPS 140-1 (1994) and FIPS 140-2 (2001) describe government requirements for hardware and software cryptographic modules used within the U.S. government.

 

Name
Data type: string
Access type: Read-only

The Name property defines the label by which the object is known. When subclassed, the Name property can be overridden to be a Key property.

This property is inherited from CIM_ManagedSystemElement.

PolicySourceMinEncryptionLevel
Data type: uint32
Access type: Read-only

Indicates whether the MinEncryptionLevel property is configured by the server, by group policy, or by default.

ValueMeaning
0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

 

PolicySourceSecurityLayer
Data type: uint32
Access type: Read-only

Indicates whether the SecurityLayer property is configured by the server, by group policy, or by default.

ValueMeaning
0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

 

PolicySourceUserAuthenticationRequired
Data type: uint32
Access type: Read-only

Indicates whether the UserAuthenticationRequired property is configured by the server, by group policy, or by default.

ValueMeaning
0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

 

SecurityLayer
Data type: uint32
Access type: Read-only
Qualifiers: RDPSecurityLayer ("RDP Security Layer: Communication between the serverand the client will use native RDP encryption.") , Negotiate ("The most secure layer that is supported by the client will be used.If supported, TLS 1.0 will be used.") , SSL ("SSL (TLS 1.0) will be used for server authentication as well as forencrypting all data transferred between the server and the client.This setting requires the server to have an SSL compatible certificate.") , NEWTBD ("A NEW SECURITY LAYER in LONGHORN.")

Specifies the security layer used between the client and server.

ValueMeaning
RDP Security Layer
0

Communication between the server and the client uses native RDP encryption.

RDP Security Layer
1

TBD

Negotiate
2

The most secure layer that is supported by the client is used. If supported, SSL (TLS 1.0) is used.

SSL
3

SSL (TLS 1.0) is used for server authentication and for encrypting all data transferred between the server and the client. This setting requires the server to have an SSL-compatible certificate. This setting is not compatible with a MinEncryptionLevel value of 1.

NEWTBD
4

TBD

 

SettingID
Data type: string
Access type: Read-only
Qualifiers: MaxLen (256)

Identifier by which the object is known. This property is inherited from CIM_ManagedSystemElement.

SSLCertificateSHA1Hash
Data type: string
Access type: Read/write

Specifies the SHA1 hash in hexadecimal format of the SSL certificate for the target server to use.

The thumbprint of a certificate may be found using the Certificates MMC snap-in on the Details tab of the certificate properties page.

SSLCertificateSHA1HashType
Data type: uint32
Access type: Read-only

Indicates the state of the SSLCertificateSHA1Hash property.

ValueMeaning
0 (0x0)

Not valid

1 (0x1)

Default self-signed

2 (0x2)

Default group policy enforced

3 (0x3)

Custom

 

Status
Data type: string
Access type: Read-only
Qualifiers: MaxLen (10)

The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined.

This property is inherited from CIM_ManagedSystemElement.

ValueMeaning
"OK"

OK

"Error"

Error

"Degraded"

Degraded

"Unknown"

Unknown

"Pred Fail"

Pred Fail

"Starting"

Starting

"Stopping"

Stopping

"Service"

Service

 

TerminalName
Data type: string
Access type: Read-only
Qualifiers: key

The name of the terminal.

TerminalProtocol
Data type: string
Access type: Read-only

The name of the session layer protocol; for example, Microsoft RDP 5.0.

Transport
Data type: string
Access type: Read-only

The type of transport used in the connection; for example, TCP, NetBIOS, or IPX/SPX.

UserAuthenticationRequired
Data type: uint32
Access type: Read-only

Specifies the type of user authentication used for remote connections. If set to 1, which means enabled, UserAuthenticationRequired requires user authentication at connection time to increase server protection against network attacks. Only Remote Desktop Protocol (RDP) clients that support RDP version 6.0 or higher are able to connect. To avoid disruptions for remote users, it is recommended that you deploy RDP clients supporting the appropriate protocol version before you enable the property.

Use the SetUserAuthenticationRequired method to enable or disable this property.

ValueMeaning
FALSE
0

User authentication at connection is disabled.

TRUE
1

User authentication at connection is enabled.

 

WindowsAuthentication
Data type: uint32
Access type: Read/write

Specifies whether the connection defaults to the standard Windows authentication process or to another authentication package that has been installed on the system.

ValueMeaning
FALSE
0

Does not default to the standard Windows authentication process.

TRUE
1

Defaults to the standard Windows authentication process.

 

Remarks

Be aware that window stations not associated with the console session cannot access the methods and properties of this class. If an attempt is made to do so by specifying "Console" as the value of the TerminalName property, methods of this object will return WBEM_E_NOT_SUPPORTED. This error code will also be returned if a window station attempts to call methods of this object for the purpose of adding or modifying the security properties of the LocalSystem, LocalService, or NetworkService accounts.

To connect to the \root\CIMV2\TerminalServices namespace, the authentication level must include packet privacy. For C/C++ calls, this is an authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY. For Visual Basic and scripting calls, this is an authentication level of WbemAuthenticationLevelPktPrivacy or "pktPrivacy", with a value of 6. The following Visual Basic Scripting Edition (VBScript) example shows how to connect to a remote computer with packet privacy.


strComputer = "RemoteServer1" 
Set objServices = GetObject( _
    "winmgmts:{authenticationLevel=pktPrivacy}!Root/CIMv2/TerminalServices")


Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Microsoft Windows Software Development Kit (SDK). They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

Root\CIMv2\TerminalServices

MOF

TsCfgWmi.mof

DLL

TsCfgWmi.dll

See also

Win32_TerminalSetting

 

 

Show:
© 2015 Microsoft