Pre-initializing a Active X Control for Remote User connecting over RDP

  • Thread starter Thread starter Saqib Ali
  • Start date Start date
S

Saqib Ali

Guest
Hello All,

I would like to pre-initialize ActiveX Controls for certain internal
website for our users connecting over RDP. I don't want them to have
to go through the process of Accepting the Publisher Certificate when
they are trying to access the Active X controls.

How can this be achieved? All controls are internally developed and
signed by valid Verisign issued Authenticode SPCs

Any ideas?

Thanks
saqib
http://security-basics.blogspot.com/
 
Re: Pre-initializing a Active X Control for Remote User connecting over RDP

Hi,

Logon to your TS as an administrator, open up the Local Computer
account's store using the Certificates mmc snapin, and then import
your SPC into the Trusted Publishers store.

-TP

Saqib Ali wrote:
> Hello All,
>
> I would like to pre-initialize ActiveX Controls for certain internal
> website for our users connecting over RDP. I don't want them to have
> to go through the process of Accepting the Publisher Certificate when
> they are trying to access the Active X controls.
>
> How can this be achieved? All controls are internally developed and
> signed by valid Verisign issued Authenticode SPCs
>
> Any ideas?
>
> Thanks
> saqib
> http://security-basics.blogspot.com/
 
Re: Pre-initializing a Active X Control for Remote User connecting over RDP

On Oct 22, 1:07 am, "TP" <tperson.knowsp...@mailandnews.com> wrote:
> Logon to your TS as an administrator, open up the Local Computer
> account's store using the Certificates mmc snapin, and then import
> your SPC into the Trusted Publishers store.

Already did that :) But the users still have to go through the process
of Accepting the Publisher Certificate when they are trying to access
the Active X controls.

saqib
http://security-basics.blogspot.com/
 
Re: Pre-initializing a Active X Control for Remote User connecting over RDP

Hi,

After you install the SPC in the local computer store, logon
as multiple different regular users and open the certificates snapin
for each user.

Do you see the above certificate listed under Trusted Publishers?

I want to confirm that it is installed correctly for all users before
looking at other potential issues.

Thanks.

-TP

Saqib Ali wrote:
> Already did that :) But the users still have to go through the process
> of Accepting the Publisher Certificate when they are trying to access
> the Active X controls.
>
> saqib
> http://security-basics.blogspot.com/
 
Re: Pre-initializing a Active X Control for Remote User connecting over RDP

> After you install the SPC in the local computer store, logon
> as multiple different regular users and open the certificates snapin
> for each user.
> Do you see the above certificate listed under Trusted Publishers?
> I want to confirm that it is installed correctly for all users before
> looking at other potential issues.

Yup all the users see the SPC in the Trusted Publishers panel :-) But
Controls still not working :-(

saqib
http://security-basics.blogspot.com/
 
Re: Pre-initializing a Active X Control for Remote User connecting over RDP

Hi,

Can you describe what is unique about your activex control?

What I mean is this: I can install other activex controls on a
TS as an admin and then normal users can use them without
any prompts. For example, flash, remote desktop, etc.

Are normal users able to use other activex controls without
prompting?

Which version of Internet Explorer are you running?

Have you removed Internet Explorer Enhanced Security
Configuration for regular users?

Are you able to create a basic html file that references
your activex control along with the control and certificate
zipped up? It doesn't need to do much, just enough
to trigger the activex control to download and demonstrate
the problem you are seeing. That way I could run it in
a test environment and see if I see the same behavior.

-TP

Saqib Ali wrote:
> Yup all the users see the SPC in the Trusted Publishers panel :-) But
> Controls still not working :-(
>
> saqib
> http://security-basics.blogspot.com/
 
Back
Top