Tip

Modify user Terminal Services settings for a Windows 2000 OU

Windows 2000 Active Directory does not expose the Terminal Services attributes of a user. These settings are stored as a string in the UserParameters attribute. This attribute also stores the settings for Remote Access. I suggest that any testing that can affect multiple users should be tried and tested in a lab environment.

In order to apply the same Terminal Services Settings to all the users in the same OU you can perform the following steps:

  1. Create a test user with the terminal services settings adjusted to your environment.

  2. Perform an LDIFDE export of the test user. Then using notepad copy the UserParameters information to a textfile called UP.txt. The following is an example listing of UP.TXT:

    UserParameters::
    ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUBAaCAFDdHhDZ mdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm46Cy44C5FggBQ3R4Q2FsbG JhY2vjgLDjgLDjgLDjgLASCAFDdHhTaGFkb3fjhLDjgLDjgLDjgLAoCAFDdHhNYXhDb25uZWN0aW9 uVGltZeOAsOOAsOOAsOOAsC4IAUN0eE1heERpc2Nvbm5lY3Rpb25UaW1l44C045y35oix44CwHAgB Q3R4TWF4SWRsZVRpbWXjgLTjnLfmiLHjgLAiCAFDdHhLZXlib2FyZExheW91dOOAsOOAsOOAsOOAs CoCAUN0eE1pbkVuY3J5cHRpb25MZXZlbOOEsCACAUN0eFdvcmtEaXJlY3RvcnnjgLAgAgFDdHhOV0 xvZ29uU2VydmVy44CwGAIBQ3R4V0ZIb21lRGly44CwIgIBQ3R4V0ZIb21lRGlyRHJpdmXjgLAgKAF DdHhXRlByb2ZpbGVQYXRo5oy144C144i15pi045i046S05oy045S044y15oy145S144y145S044i1 44y15pSy5pC044S05pS044CwIgIBQ3R4SW5pdGlhbFByb2dyYW3jgLAiAgFDdHhDYWxsYmFja051b WJlcuOAsA===

  3. Create the following

    Requires Free Membership to View

  1. script file with a wsf extension. You will need to modify the LDAP path for your environment.

    Listing of TS.WSF

    <package>
    <job id = "get user objects and create ldifde formated file">
    <script language = "VBScript">
    
    Const ForReading = 1
    Const ForWriting = 2
    Const ForAppending = 8
    Input = InputBox("Please Enter an OU Name:","OU Select") WScript.Echo
    Input Dim aFile 
    aFile = "users.txt"
    
    Set Up = CreateObject ("Scripting.FileSystemObject")
    set u = Up.OpenTextFile ("up.txt", ForReading, True)
    uContents = u.ReadAll
    u.close
    
    Set objOu = GetObject _
    ("LDAP://ou=****,ou=" + Input + ",ou=****,dc=****,dc=****,dc=****")
    For Each objUser In objOu
     
    Set fy = CreateObject ("Scripting.FileSystemObject")
     If (fy.FileExists(aFile)) Then
     Set x = fy.OpenTextFile (aFile, ForAppending) 
     x.WriteLine "dn: " & objUser.Get("distinguishedName")
     x.WriteLine "changetype: modify"
     x.WriteLine "replace: UserParameters"
     x.WriteLine uContents
     x.WriteLine "-"
     x.WriteLine ()
     x.close()
     
     Else
     Set x = fy.OpenTextFile (aFile, ForWriting, True)
     x.WriteLine "dn: " & objUser.Get("distinguishedName")
     x.WriteLine "changetype: modify"
     x.WriteLine "replace: UserParameters"
     x.WriteLine uContents
     x.WriteLine "-"
     x.WriteLine ()
     x.close()
    End If
    Next
    </Script>
    <script language = "JScript">
    
    var aFile = "users.txt"
    var w = WScript.CreateObject("WScript.Shell")
    w.Run("ldifde -i -f " + aFile, 1, "True")
    WScript.Echo ("FINISHED LDIFDE IMPORT")
    var fs = new ActiveXObject ("Scripting.FileSystemObject"); 
    fs.DeleteFile (aFile); </Script> </job> </package>
    

Explanation of TS.WSF:

The VB portion of the script is used to format the LDIF file used to apply the changes. It first prompts the user for an OU to apply the changes to. It then searches the OU for User objects and formats the Users.txt file in the proper LDIFE format using the UserParameters settings from the UP.TXT file.

The JavaScript portion of TS.WSF basically runs LDIFDE import with the proper switches to apply the changes.

This was first published in December 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.