The process consists of the following:

1) Change the termsrv.dll system DLLs. See chapter how.

2) For the Home Premium version, modifying registry keys (which is incorporated Vista Ultimate), we will building us one. Reg. This is only for Vista Home Premium. See the chapter on how to do it.

Once the above points, we proceed to installation. To do this, we must work on a console in elevated mode, ie Start, Accessories, right click on Command Prompt and "Run as Administrator". I guess we have the new and modified dll. Reg in a folder called TMP hanging from c: \

3) We in the console:

cd \ tmp 
net stop "Terminal Services" 
takeown / a / f% SystemRoot% \ System32 \ termsrv.dll 
icacls% SystemRoot% \ System32 \ termsrv.dll / Grant Administrators: F 
(If your version of Windows is the Spanish version, change the line above "Administrators" to "Administrators" 
ren% SystemRoot% \ System32 \ termsrv.dll termsrv.dll. bak 
termsrv.dll copy% SystemRoot% \ System32 \ termsrv.dll

4) If our version is Home Premium, ejecutams the. Reg created in step 2) as follows:

regedit / s ts.reg

5) If we want each user can have separate sessions (ie, if a user is already logged, logging in with another user, instead of taking your session, you create a new clean session), we must incorporate key record we can do as follows:

REG ADD "HKLM \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server" / v fSingleSessionPerUser / t REG_DWORD / d 0 / f

If we turn this feature off at any time and take control of the existing session, we may at any time modify the password again by changing the value 0 to a 1 by:

REG ADD "HKLM \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server" / v fSingleSessionPerUser / t REG_DWORD / d 1 / f

6) Because we do not appear in the Home on the remote connections, the ability to enable remote desktop or not, we do this through a registry key. To activate the Remote Desktop:

REG ADD "HKLM \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server" / v fDenyTSConnections / t REG_DWORD / d 0 / f

and at any time can be disabled by:

REG ADD "HKLM \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server" / v fDenyTSConnections / t REG_DWORD / d 1 / f

7) Start and the service we previously stopped at point 3)

net start "Terminal Services"

In Vista Home Premium, we opened on the firewall, by creating an exception rule to define a new port. We do, and indicates that tcp port 3389. In Vista Business and Ultimate, check the Remote Desktop rule on the firewall and enable exception if necessary. 
This allows us to have more power and a remote desktop session open and even to allow more than one with the same user.

 

PART 1 - AMENDMENTS OF THE DLL termsrv.dll

Open a console in elevated mode, and we create a working folder:

cd \ 
md tmp 
cd tmp 
copy% SystemRoot% \ System32 \ termsrv.dll

With this we have in this folder the DLL to modify. The modification is that we have to change a few bytes, which, as discussed below, made with a hex editor program, such as WinHex. 
The bytes to change depending on whether the release of our Vista is 32 or 64 bits. Then put the tables you have to modify any of the versions.

32-bit
Offset new value original

000150D8: 
000150D9: 
000150DA: 
000150DB: 
000150DD: 
000150DF: 
000150E0: 
000150E1: 
000150E2: 
000154BF: 
0004943C:

BA 
00 
01 
00 
90 
89 
91 
20 
03 
90 
EB

3B 
91 
20 
03 
00 
0F 
84 
0C 
CA 
43 
74

64-bit
Offset new value original
0005BC8F: 
0005BC90: 
0005BC91: 
0005BC92: 
0005BC94: 
0005BC95: 
0005BC97: 
0005BC9B: 
0006523E:
B8 
00 
01 
00 
90 
89 
38 
EB 
00
8B 
81 
38 
06 
00 
39 
3C 
75 
01

The program that I use to modify the WinHex but it can serve any other hex editor. We have it in WinHex: http://www.winhex.com/winhex/index-e.html 
It is very intuitive, consider the DLL for Vista 64-bit: 
From the File menu, load the DLL from the folder c: \ tmp, where you just copied.

If you look at the chart above, the first address to be modified (in 64 bits) is the 0005BC8F which corresponds to the last position (see column above) of the row that begins with 0005BC80 and that I highlighted in blue. Notice that contains an 8B, as chief executive says the changes, and we have to change for a B8. So we do for each of the addresses indicated in the chart above. There really verify that it contains the current DLL is the same as I put in the box. If it were not, is that the DLL is not the final version of Vista or has already been patched by Microsoft, in which case this method does not work and we should not continue.

At the end of the change, keep the DLL and we left the program.

 

PART 2 - ESTABLISHMENT REGISTRATION FILE TS.REG (for Home Premium)

With the notebook we create a file called TS.REG to save it in c: \ tmp. The contents of the file should be:

Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server] 
"FDenyTSConnections" = dword: 00000000 
"StartRCM" = dword: 00000001 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ AddIns] 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ AddIns \ Clip Redirector] 
"Type" = dword: 00000003 
"Name" = "RDPClip" 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ AddIns \ DND Redirector] 
"Type" = dword: 00000003 
"Name" = "RDPDND" 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ AddIns \ Dynamic VC] 
"Type" = dword: 00000000 
"Name" = "\ \ Device \ \ DrDynVc" 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ AddIns \ Sound Redirector] 
"Type" = dword: 00000003 
"Name" = "RDPSound" 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ AddIns \ Terminal Server Redirector] 
"Type" = dword: 00000000 
"Name" = "\ \ Device \ \ RDPDR" 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ DefaultUserConfiguration] 
"FInheritAutoLogon" = dword: 00000001 
"FInheritResetBroken" = dword: 00000001 
"FInheritReconnectSame" = dword: 00000001 
"FInheritInitialProgram" = dword: 00000001 
"FInheritCallback" = dword: 00000000 
"FInheritCallbackNumber" = dword: 00000001 
"FInheritShadow" = dword: 00000001 
"FInheritMaxSessionTime" = dword: 00000001 
"FInheritMaxDisconnectionTime" = dword: 00000001 
"FInheritMaxIdleTime" = dword: 00000001 
"FInheritAutoClient" = dword: 00000001 
"FInheritSecurity" = dword: 00000000 
"FPromptForPassword" = dword: 00000000 
"FInheritColorDepth" = dword: 00000001 
"FResetBroken" = dword: 00000000 
"FReconnectSame" = dword: 00000000 
"FLogonDisabled" = dword: 00000000 
"FAutoClientDrives" = dword: 00000001 
"FAutoClientLpts" = dword: 00000001 
"FForceClientLptDef" = dword: 00000001 
"FDisableEncryption" = dword: 00000001 
"FHomeDirectoryMapRoot" = dword: 00000000 
"FUseDefaultGina" = dword: 00000000 
"FDisableCpm" = dword: 00000000 
"FDisableCdm" = dword: 00000000 
"FDisableCcm" = dword: 00000000 
"FDisableLPT" = dword: 00000000 
"FDisableClip" = dword: 00000000 
"FDisableExe" = dword: 00000000 
"FDisableCam" = dword: 00000000 
"Username" = "" 
"Domain" = "" 
"WorkDirectory" = "" 
"InitialProgram" = "" 
"CallbackNumber" = "" 
"Callback" = dword: 00000000 
"Shadow" = dword: 00000001 
"MaxConnectionTime" = dword: 00000000 
"MaxDisconnectionTime" = dword: 00000000 
"MaxIdleTime" = dword: 00000000 
"KeyboardLayout" = dword: 00000000 
"MinEncryptionLevel" = dword: 00000001 
"ColorDepth" = dword: 00000001 
"NWLogonServer" = "" 
"WFProfilePath" = "" 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ SYSPROCS] 
"Rdpclip.exe" = dword: 00000000 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ Utilities] 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ Utilities \ change] 
"Winsta" = hex (7): 31,00,00,00,57,00,49,00,4 e, 00,53,00,54,00,41,00,00,00,63,00,68 , \ 
00,67,00,6 c, 00.6 f, 00,67,00,6 f, 00.6 e, 00,2 e, 00,65,00,78,00,65,00,00,00,00,00 
"Port" = hex (7): 30,00,00,00,31,00,00,00,50,00,4 f, 00,52,00,54,00,00,00,63,00,68 , \ 
00,67,00,70,00,6 f, 00,72,00,74,00,2 e, 00,65,00,78,00,65,00,00,00,00,00 
"Logon" = hex (7): 30,00,00,00,31,00,00,00,4 c, 00.4 f, 00,47,00,4 f, 00.4 e, 00,00,00,63 , \ 
00,68,00,67,00,6 c, 00.6 f, 00,67,00,6 f, 00.6 e, 00,2 e, 00,65,00,78,00,65,00,00,00, \ 
00.00 
"User" = hex (7): 30,00,00,00,31,00,00,00,55,00,53,00,45,00,52,00,00,00,63,00,68 , \ 
00,67,00,75,00,73,00,72,00,2 e, 00,65,00,78,00,65,00,00,00,00,00 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ Utilities \ query] 
"Winsta" = hex (7): 31,00,00,00,57,00,49,00,4 e, 00,53,00,54,00,41,00,00,00,71,00,77 , \ 
00,69,00,6 e, 00,73,00,74,00,61,00,2 e, 00,65,00,78,00,65,00,00,00,00,00 
"Appserver" = hex (7): 30,00,00,00,32,00,00,00,54,00,45,00,52,00,4 d, 00,53,00,45,00, \ 
52,00,56,00,45,00,52,00,00,00,71,00,61,00,70,00,70,00,73,00,72,00,76,00,2 e, \ 
00,65,00,78,00,65,00,00,00,00,00 
"Session" = hex (7): 30,00,00,00,31,00,00,00,53,00,45,00,53,00,53,00,49,00,4 f, 00, \ 
4e, 00,00,00,71,00,77,00,69,00,6 e, 00,73,00,74,00,61,00,2 e, 00,65,00,78,00,65, \ 
00,00,00,00,00 
"Process" = hex (7): 30,00,00,00,31,00,00,00,50,00,52,00,4 f, 00,43,00,45,00,53,00, \ 
53,00,00,00,71,00,70,00,72,00,6 f, 00,63,00,65,00,73,00,73,00,2 e, 00,65,00,78, \ 
00,65,00,00,00,00,00 
"User" = hex (7): 30,00,00,00,31,00,00,00,55,00,53,00,45,00,52,00,00,00,71,00,75 , \ 
00,73,00,65,00,72,00,2 e, 00,65,00,78,00,65,00,00,00,00,00 
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ Utilities \ reset] 
"Winsta" = hex (7): 31,00,00,00,57,00,49,00,4 e, 00,53,00,54,00,41,00,00,00,72,00,77 , \ 
00,69,00,6 e, 00,73,00,74,00,61,00,2 e, 00,65,00,78,00,65,00,00,00,00,00 
"Session" = hex (7): 30,00,00,00,31,00,00,00,53,00,45,00,53,00,53,00,49,00,4 f, 00, \ 
4e, 00,00,00,72,00,77,00,69,00,6 e, 00,73,00,74,00,61,00,2 e, 00,65,00,78,00,65, \ 
00,00,00,00,00

文章標籤
創作者介紹

Martin Chang的部落格

m1016c 發表在 痞客邦 留言(0) 人氣()