It has been a little silent on the JEDI Apilib project lately, but this will change!

We had some change in the team members: Marcel van Brakel, founder and large contributor of the project has signed off because he no longer actively uses Delphi. Christian Wimmer has joined the team and he is a very promising member.

Christian has been working on a new include model (optional) of the Jedi Apilib which has the advantage that you only need to use one unit (JwaWindows) for the whole library.

Chris has also published the JEDI Windows Security Code Library (Jwscl). This is library that tremendously simplifies using Win32 API calls from Delphi. At this point the library contains:

• Windows Version
• Token
• Impersonation
• Login
• SID
• Access Control List
• Security Descriptor
• Owner, Group, DACL, SACL
• WindowStation
• Desktop
• LSA
• Rights mapping
• Secured Objects Files, Registry (+Inheritance), etc.
• Credentials (Login Dialog)
• Encryption (MS Crypto API)
• Well Known SIDs
• Privileges
• Security Dialogs (The “ACL Editor” you see on the security yab when you rightclick object in Explorer)
• Terminal Sessions
• Unicode + Ansicode
• Vista Elevation
• Vista Integrity Level

Although Jwscl is in beta stage it is already very well useable.

(more…)

Dirk Schmitz send me his Python version of encrypting the RDP Password:

Read the original article here: https://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/

When a client is connected to a Terminal Server Session you can use the Terminal Server API to retrieve the client’s local IP address.

Start by enumerating all sessions with WtsEnumerateSessions and then for each session get the ClientAddress with a call to WTSQuerySessionInformation with the WTSClientAddress parameter. Sound simple, no?

WTSQuerySessionInformation returns a pointer to a WTS_CLIENT_ADDRESS structure. You need to know that the IP address is located at on offset of 2 bytes in the Address member of WTS_CLIENT_ADDRESS.

So here’s a sample:

(more…)

The upcoming Vista SP1 promises 3 new Terminal Server API functions:

• WTSConnectSession : Connects a Terminal Services session to an existing session on the local computer.
• WTSStartRemoteControlSession: Starts the remote control of another Terminal Services session.
• WTSStopRemoteControlSession : Stops a remote control session.

If you look in the Windows 2008 beta you can see that the functions are already implemented (in WtsApi32.dll):

(more…)

Did you ever loose Clipboard functionality (copy/paste) while working with several Terminal Server sessions? I think everyone that works a lot with Terminal Server has experienced this from time to time.

It’s caused by badly behaving applications. Dimitry Vostokov wrote a tool to fix this issue for Citrix (RepairCBDChain.exe), he explains the issue very well on his blog:

Windows has a mechanism to notify applications about clipboard changes. An application interested in such notifications has to register itself in the so called clipboard chain. Windows inserts it on top of that chain and that application is responsible to propagate changes down the chain:

If 3rd-party application forgets to forward notifications down then we have a broken clipboard chain and clipboard changes are not sent via ICA protocol:

Read more at Dimitry’s Blog: http://citrite.org/blogs/dmitryv/2006/12/09/clipboard-issues-explained/

So how can we fix this for Terminal Server then?
(more…)

You will probably know Microsofts Tool to Manage Terminal Server, it’s called Terminal Services Manager (you will probably know it as TSAdmin). It can be used to view information about terminal servers including all sessions, users, and processes for each terminal server.

I’m currently working on a TSAdmin replacement (codename TSAdminEx). Purpose is to show how to use the Terminal Server API’s and as a little bonus we will add some extra functionality to TSAdminEx.

(more…)

This is an often asked question but the solution is simple:

So how does it work?
First we obtain the user’s primary access token with the WtsQueryUserToken  API call. To call this function successfully, the calling application must be running within the context of the LocalSystem account and have the SE_TCB_NAME privilege (LocalSystem has this privilege by default). Since the function returns a primary acces token we can just pass this to CreateProcessAsUser and voila!

(more…)

Ever tried to run a VBS scripts that queries Active Directory in another domain or from a workstation that is not a domain member? Than you have probably seen this error before:

This is because the default settings for Chasing referrals is set to ADS_CHASE_REFERRALS_NEVER.

(more…)

 Ever wondered how mstsc saves passwords? If you open an RDP file with a text editor like Notepad you can see the encrypted password. In this article I will show you how to encrypt and decrypt these passwords. Besides password recovery this enables you to create rpd files programmatically or perhaps update the password in many rdp files with a batch file.

(more…)