Edit

Share via

Win32_TSGeneralSetting class

  • Article

The Win32_TSGeneralSetting WMI class represents general settings of the terminal such as the encryption level and transport protocol.

The following syntax is simplified from MOF code and includes all defined and inherited properties, in alphabetical order. For reference information on methods, see the table of methods later in this topic.

Syntax

[dynamic, provider("Win32_WIN32_TSGENERALSETTING_Prov"), ClassContext("local|hkey_local_machine\\SYSTEM\\CurrentControlSet\\Control\\TerminalServer\\WinStations"), AMENDMENT]
class Win32_TSGeneralSetting : Win32_TerminalSetting
{
  string   Caption;
  string   Description;
  datetime InstallDate;
  string   Name;
  string   Status;
  string   TerminalName;
  string   CertificateName;
  uint8    Certificates[];
  string   Comment;
  uint32   MinEncryptionLevel;
  uint32   PolicySourceMinEncryptionLevel;
  uint32   PolicySourceSecurityLayer;
  uint32   PolicySourceUserAuthenticationRequired;
  uint32   SecurityLayer;
  string   SSLCertificateSHA1Hash;
  uint32   SSLCertificateSHA1HashType;
  string   TerminalProtocol;
  string   Transport;
  uint32   UserAuthenticationRequired;
  uint32   WindowsAuthentication;
};

Members

The Win32_TSGeneralSetting class has these types of members:

Methods

The Win32_TSGeneralSetting class has these methods.

Method Description
SetEncryptionLevel Sets the encryption level.
SetSecurityLayer Sets the security layer to one of "RDP Security Layer" (0), "Negotiate" (1), or "SSL" (2).
SetUserAuthenticationRequired Enables or disables the requirement that users must be authenticated at connection time by setting the value of the UserAuthenticationRequired property.

Properties

The Win32_TSGeneralSetting class has these properties.

Caption

Data type: string

Access type: Read-only

Qualifiers: MaxLen (64)

Short description (one-line string) of the object.

This property is inherited from CIM_ManagedSystemElement.

CertificateName

Data type: string

Access type: Read-only

Display name for the local computer personal certificate subject name.

Certificates

Data type: uint8 array

Access type: Read-only

Contains a serialized certificate store that contains all of the certificates from the My user account store on the computer that are valid server certificates for use with secure sockets layer (SSL).

Comment

Data type: string

Access type: Read/write

Descriptive name of the combination of session layer and transport protocol.

Description

Data type: string

Access type: Read-only

Description of the object.

This property is inherited from CIM_ManagedSystemElement.

InstallDate

Data type: datetime

Access type: Read-only

Qualifiers: Mappingstrings ("MIF.DMTF|ComponentID|001.5")

The date the object was installed. A lack of a value does not indicate that the object is not installed.

This property is inherited from CIM_ManagedSystemElement.

MinEncryptionLevel

Data type: uint32

Access type: Read-only

Qualifiers: Low ("Only data sent from client to server is protected by encryption based on server's standard key strength. Data sent from Server to client is not protected."), Medium ("All data sent between Server and client is protected by encryption based on server's standard key strength."), High ("All data sent between Server and client is protected by encryption based onserver's maximum key strength.")

The minimum encryption level.

Low (1)

Low level of encryption. Only data sent from the client to the server is encrypted using 56-bit encryption. Be aware that data sent from the server to the client is not encrypted.

Medium / Client Compatible (2)

Client compatible level of encryption. All data sent from client to server and from server to client is encrypted at the maximum key strength supported by the client.

High (3)

High level of encryption. All data sent from client to server and from server to client is encrypted using strong 128-bit encryption. Clients that do not support this level of encryption cannot connect.

FIPS Compliant (4)

FIPS compliant encryption. All data sent from client to server and from server to client is encrypted and decrypted with the Federal Information Processing Standard (FIPS) encryption algorithms using the Microsoft cryptographic modules. FIPS is a standard entitled "Security Requirements for Cryptographic Modules". FIPS 140-1 (1994) and FIPS 140-2 (2001) describe government requirements for hardware and software cryptographic modules used within the U.S. government.

Name

Data type: string

Access type: Read-only

The name of the object.

This property is inherited from CIM_ManagedSystemElement.

PolicySourceMinEncryptionLevel

Data type: uint32

Access type: Read-only

Indicates whether the MinEncryptionLevel property is configured by the server, by group policy, or by default.

0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

PolicySourceSecurityLayer

Data type: uint32

Access type: Read-only

Indicates whether the SecurityLayer property is configured by the server, by group policy, or by default.

0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

PolicySourceUserAuthenticationRequired

Data type: uint32

Access type: Read-only

Indicates whether the UserAuthenticationRequired property is configured by the server, by group policy, or by default.

0 (0x0)

Server

1 (0x1)

Group policy

2 (0x2)

Default

SecurityLayer

Data type: uint32

Access type: Read-only

Qualifiers: RDPSecurityLayer ("RDP Security Layer: Communication between the serverand the client will use native RDP encryption."), Negotiate ("The most secure layer that is supported by the client will be used.If supported, TLS 1.0 will be used."), SSL ("SSL (TLS 1.0) will be used for server authentication as well as forencrypting all data transferred between the server and the client.This setting requires the server to have an SSL compatible certificate."), NEWTBD ("A NEW SECURITY LAYER in LONGHORN.")

Specifies the security layer used between the client and server.

RDP Security Layer (1)

Communication between the server and the client uses native RDP encryption.

Negotiate (2)

The most secure layer that is supported by the client is used. If supported, SSL (TLS 1.0) is used.

SSL (3)

SSL (TLS 1.0) is used for server authentication and for encrypting all data transferred between the server and the client. This setting requires the server to have an SSL-compatible certificate. This setting is not compatible with a MinEncryptionLevel value of 1.

NEWTBD (4)

A new security layer.

SSLCertificateSHA1Hash

Data type: string

Access type: Read/write

Specifies the SHA1 hash in hexadecimal format of the SSL certificate for the target server to use.

The thumbprint of a certificate may be found using the Certificates MMC snap-in on the Details tab of the certificate properties page.

SSLCertificateSHA1HashType

Data type: uint32

Access type: Read-only

Indicates the state of the SSLCertificateSHA1Hash property.

0 (0x0)

Not valid

1 (0x1)

Default self-signed

2 (0x2)

Default group policy enforced

3 (0x3)

Custom

Status

Data type: string

Access type: Read-only

Qualifiers: MaxLen (10)

Current status of the object. Various operational and nonoperational statuses can be defined. Operational statuses include: "OK", "Degraded", and "Pred Fail" (an element, such as a SMART-enabled hard disk drive, may be functioning properly but predicting a failure in the near future). Nonoperational statuses include: "Error", "Starting", "Stopping", and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

This property is inherited from CIM_ManagedSystemElement.

("OK")

("Error")

("Degraded")

("Unknown")

("Pred Fail")

("Starting")

("Stopping")

("Service")

TerminalName

Data type: string

Access type: Read-only

The name of the terminal.

This property is inherited from Win32_TerminalSetting.

TerminalProtocol

Data type: string

Access type: Read-only

The name of the session layer protocol; for example, Microsoft RDP 5.0.

Transport

Data type: string

Access type: Read-only

The type of transport used in the connection; for example, TCP, NetBIOS, or IPX/SPX.

UserAuthenticationRequired

Data type: uint32

Access type: Read-only

Specifies the type of user authentication used for remote connections. If set to 1, which means enabled, UserAuthenticationRequired requires user authentication at connection time to increase server protection against network attacks. Only Remote Desktop Protocol (RDP) clients that support RDP version 6.0 or higher are able to connect. To avoid disruptions for remote users, it is recommended that you deploy RDP clients supporting the appropriate protocol version before you enable the property.

Use the SetUserAuthenticationRequired method to enable or disable this property.

FALSE (0)

User authentication at connection is disabled.

TRUE (1)

User authentication at connection is enabled.

WindowsAuthentication

Data type: uint32

Access type: Read/write

Specifies whether the connection defaults to the standard Windows authentication process or to another authentication package that has been installed on the system.

FALSE (0)

Does not default to the standard Windows authentication process.

TRUE (1)

Defaults to the standard Windows authentication process.

Remarks

Be aware that window stations not associated with the console session cannot access the methods and properties of this class. If an attempt is made to do so by specifying "Console" as the value of the TerminalName property, methods of this object will return WBEM_E_NOT_SUPPORTED. This error code will also be returned if a window station attempts to call methods of this object for the purpose of adding or modifying the security properties of the LocalSystem, LocalService, or NetworkService accounts.

To connect to the \root\CIMV2\TerminalServices namespace, the authentication level must include packet privacy. For C/C++ calls, this is an authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY. For Visual Basic and scripting calls, this is an authentication level of WbemAuthenticationLevelPktPrivacy or "pktPrivacy", with a value of 6. The following Visual Basic Scripting Edition (VBScript) example shows how to connect to a remote computer with packet privacy.

strComputer = "RemoteServer1" 
Set objServices = GetObject( _
    "winmgmts:{authenticationLevel=pktPrivacy}!Root/CIMv2/TerminalServices")

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Microsoft Windows Software Development Kit (SDK). They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Requirement Value
Minimum supported client
 Windows Vista
Minimum supported server
 Windows Server 2008
Namespace
 Root\CIMv2\TerminalServices
MOF
TSCfgWmi.mof
DLL
TSCfgWmi.dll

See also

Win32_TerminalSetting