ActiveDirectory User RemoteControl tab details?

Question

I'm trying to figure out how to get some active directory details specifically from the "Remote Control" tab from a users properties.

I'm able to find other details by using code similar to the following:

            //modify this line to include your domain name
            string path = string.Format("LDAP://{0}", domain);

            //init a directory entry
            DirectoryEntry dEntry = new DirectoryEntry(path);

            //init a directory searcher
            DirectorySearcher directorySearcher = new DirectorySearcher(dEntry);

            directorySearcher.PropertiesToLoad.Add("samAccountName");
            directorySearcher.PropertiesToLoad.Add("displayName");
            directorySearcher.PropertiesToLoad.Add("cn");
            directorySearcher.PropertiesToLoad.Add("distinguishedName");

            directorySearcher.PropertiesToLoad.Add("objectCategory");
            directorySearcher.PropertiesToLoad.Add("objectSID");
            directorySearcher.PropertiesToLoad.Add("objectGUID");

            directorySearcher.PropertiesToLoad.Add("manager");

            directorySearcher.Filter = "(&(objectClass=user))";

            //perform search on active directory
            searchResults = directorySearcher.FindAll();

            //loop through results of search
            Parallel.ForEach<SearchResult>(searchResults.Cast<SearchResult>().ToList(), searchResult =>
            {
                // Any processing
            });

But I haven't been able to figure out where the remote information is stored. Normally I used ADSI Edit and look for changes to the attributes as I modify them, but I haven't noticed anything changing. Could anyone point me in the correct direction?

I should mention that my domain function level and forest function level are both 2003.

Answer 1

In Windows Server 2008 (and R2), the Terminal Services Terminal Server Runtime Interface takes the user parameters from the user Active-Directory attribute called userParameters. As explain in Microsoft documentation userParameter contains Terminal Server parameter as blob (have a look to USERCONFIG structure).

---

Edited : This is exactly the same on W2K3 R2.

Here is the way to find the difference in the attributes when you check or uncheck something. I use LDIFDE.EXE tool.

ldifde -f c:\temp\ph1.ldf -d "ou=Monou,dc=societe,dc=fr" -r "sn=hocquet"

I uncheck the enable remote control

ldifde -f c:\temp\ph2.ldf -d "ou=Monou,dc=societe,dc=fr" -r "sn=hocquet"

The comparaison between ph1.ldf and ph2.ldf gives.

InputObject                                                                   SideIndicator
-----------                                                                   -------------
whenChanged: 20130703130209.0Z                                                =>
uSNChanged: 168396                                                            =>
userParameters::                                                              =>
 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUAQaCAFDd... =>
 dQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C5EggBQ3R4U2h... =>
 44Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw                         =>
whenChanged: 20120124083342.0Z                                                <=
uSNChanged: 163184                                                            <=