Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Terminal Server’ Category

TSAdminEx Features Part 3

Beta ReleasePart 1Part 2  

This is part 3 of the TSAdminEx Features series. Today I will discuss the Process View. As usual we will start by comparing TSAdmin to TSAdminEx again. So let’s look at TSAdmin Process View:


And the one from TSAdminEx:



TSAdminEx Features Part 2


Now that a TSAdminEx beta is ready I will be showing you some features. In this part I will show the Sessions View.

Let’s start again with a compare of TSAdmin and TSAdminEx:



As you can see TSAdminEx shows more details, it shows the following extra columns:


TSAdminEx Features Part 1

Part 2

Now that a TSAdminEx beta is ready I will be showing you some features. In this part 1 I will be comparing the Users view to TSAdmin.

Let’s start TSAdmin, this tool is present by default on Windows 2003. If you use Windows XP or Windows Vista you can get it by installing the Administration Pack. Please note that TSAdmin does not work on Vista RTM due to a bug that was corrected in Vista SP1 (TSAdminEx works fine on both RTM as well as SP1)


Now let’s open TSAdminEx and start comparing…



TSAdminEx Beta release

Over the last months I have been working hard on TSAdminEx and now, finally, I can now present a first beta release.

If you don’t know what TSAdminEx is let me briefly introduce it. TSAdminEx is a tool that combines functionality of several existing tools: it has the power of task manager combined with the details of Process Explorer and the Terminal Server support of TSAdmin. On top of that it fully supports remote systems out of the box without installing any agents or services. It also has some unique features that neither of the mentioned tools can do!

Several new features have been implemented since the last time I talked about TSAdminEx and I will show you the most exciting ones here:


As you know, many kernel32.dll functions, which are working with named objects, like OpenEvent, can be used to work with global and local objects. So what are global and local objects? Global objects are created in session 0 and are actually located in the \BaseNamedObjects directory, while local objects are created in the caller’s session (for example in the \Sessions\5\BaseNamedObjects directory (for session 0, global and local has no meaning since they point to the same object)). MSDN says that you can access only the objects in your own session(via the Local\ prefix) and in session 0 (via the Global\ prefix). But what if you need to access an object in another session? (more…)

In part 1 I’ve showed how to get rid of some terminal server restrictions on Windows xp x64. But there are still some problems:

1) You cannot connect to the localhost ( (but can to 127.a.b.c, where a,b,c in [0..255] (except and

When you’re connecting to remote server, Remote Desktop Connection (mstsc.exe) checks through mtscax.dll that you’re connecting to your own address, connections are only allowed and you’re in the server mode. If this is not true, the connection is denied, usually with this message: ConsoleFailed. The logic of checking is the same: call gethostbyname for server name and check if it’s not equal to (more…)

Windows XP X64 shares the same binaries with Windows 2003 X64, but Terminal Server has some restrictions on XP. This article shows you how to get rid of them and is based on cw2k ideas from the original Windows XP Terminal Server patch.

Version 1.1 contains bug#1 fix and is smaller (less bytes are changed).

1) Winlogon.exe contains a function, called EnumerateMatchingUsers which in turn calls IsProfessionalTerminalServer function. We need to patch this function to return zero (false):

.text:0000000100042F77 IsProfessionalTerminalServer proc near ; CODE XREF: EnumerateMatchingUsers:loc_10002B44Bp
; DATA XREF: .pdata:00000001000D01DCo …

VersionInformation= _OSVERSIONINFOW ptr -138h
var_20 = word ptr -20h
var_ 1E = byte ptr -1Eh
var_18 = qword ptr -18h

.text:0000000100042F77 48 81 EC 58 01 00 00 sub rsp, 158h => 31 C0 C3 xor eax, eax; retn
.text:0000000100042F7E 48 8B 05 F3 3A 08 00 mov rax, cs:__security_cookie
.text:0000000100042F85 48 89 84 24 40 01 00 00 mov [rsp+158h+var_18], rax
.text:0000000100042F8D 48 8D 4C 24 20 lea rcx, [rsp+158h+VersionInformation] ; void *
.text:0000000100042F92 33 D2 xor edx, edx ; int


Globally disable Flash Player autoupdate

On a Citrix or Terminal Server you will want to disable autoupdate notifications of the flash player.

This can be done by creating a file mm.cfg in the folder where the flash ActiveX control is installed (normally C:\Windows\System32\Macromed\Flash).

Place the following line in this file (with a text editor like Notepad):


Be sure to save the file with UTF-8 encoding, this can be selected in the Save As dialog in Notepad:

notepad utf8

Ofcourse you are aware that only certain Flash versions are supported (and optimized) in Citrix? At this time these versions are: 7a, 8, 8b, 9, 9c, and 9d.

Locking a workstation – part 1

Win32 API provides only 1 function for locking workstation, named LockWorkstation. What does it do and how we can use it?

When a new session is started, smss.exe invokes winlogon.exe. It registers its process id in win32k.sys by calling RegisterLogonProcess. It has this prototype: (more…)

Windows 2003 X64 Terminal Server Patch

A while ago I published a patch for Windows 2003 Terminal Server that allows more than 2 concurrent sessions in Remote Administration mode.

Today I publish the same patch but for Windows Server 2003 X64. The patched function (CRAPolicy::Logon) is the same as in the original patch.