OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Susan Bradley, CPA aka \ (sbradcpa_at_PACBELL.NET)
Date: Sat Aug 24 2002 - 20:44:20 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    If you install [or let XP or Win2kSP3 autoinstall] the 02-047 Cumulative
    patch for IE, you will be unable to connect to Terminal Services from a
    Web Page.

    You will need to follow MSKB 328002 to adjust the ASP page to include
    the updated GUID as follows:

    CAUSE This behavior occurs if one or more of the following Terminal
    Services ActiveX controls are blocked by Internet Explorer for security
    reasons:
    Terminal Services Advanced Client (TSAC) 1.0 ActiveX control - GUID:
    {1fb464c8-09bb-4017-a2f5-eb742f04392f}
    Microsoft Windows XP version of the TSAC - GUID:
    {791fa017-2de3-492e-acc5-53c67a2b94d0}
    Microsoft Windows .NET beta versions of the TSAC - GUID:
    {931a8c29-3ea9-494d-91e7-22e9a9247687}
    The only GUID that will work in Internet Explorer after you install the
    security patch described in the "Symptoms" section of this article is
    the following:
    {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}
    RESOLUTIONTo resolve this issue, contact the administrator of the Web
    server. Administrators should install the new control immediately from
    the following Microsoft Web page:

    http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp
    For additional information about this issue, click the article number
    below to view the article in the Microsoft Knowledge Base:
    Q327521 MS02-0046: Buffer Overrun in TSAC ActiveX Control Might Allow
    Code Execution
    Modify existing ASP pages to load the updated control as follows:
    <OBJECT language="vbscript" ID="MsRdpClient"

            CLASSID="CLSID:9059f30f-4eb1-4bd2-9fdc-36f43a218f4a"

    Q328002 - You Cannot Connect to Terminal Services from a Web Page:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328002

    For clients attaching to a Win2k Domain [in particular Small Business
    Server 2000 servers] the "http://servername/myconsole" is affected. The
    webconsole.asp page should be adjusted. For XP clients attaching to a
    Small Business Server 2000 domain, the Win2k Remote Desktop Web
    connection should be installed on the server and the XP clients can then
    use http://servername/tsweb to connect remotely to the server.

    In general and for security purposes, it is probably [well no, it is]
    more secure to VPN in and use a normal Remote Desktop connection rather
    than the Remote Desktop WEB connection.

    Susan Bradley