Friday, September 12, 2014

Control Who Can Use RDP Drive Redirection on Windows 2008 R2

Before we can proceed, you need to refer to this post to create 2 RDP listeners. Once you have multiple RDP listeners, the first step we need to do is to open Remote Desktop Session Host Configuration. You can do it by typing tsconfig.msc from run. As you can see in the screen captures below, there are actually 2 connections.


Assuming RDP-Tcp allow drive redirection and only Administrator can use it while RDP-Tcp-normalUser does not allow drive redirection and user1 can use it. So click on RDP-Tcp-normalUser and change the following:

Add in user1

Configure drive redirect, for this example, i disable all Redirection features.


Click on RDP-Tcp and make sure no user1 in this profile.


From client, you can do drive redirection by go to Local Resources tab and click More


A new Window let you select which drive to redirect


So if you login using Administrator with the default connection (default port 3389), you should see the mapped drive under Others.


If you login using user1 with the new connection (port 3390), you should not see any mapped drive.


Create 2 RDP Listners in Windows 2008 R2

Remote Desktop Protocol (RDP) allow user to remotely control a remote PC. By default, there is only one RDP listener and so why i want to create more that that? My reason is because i want to create 2 RDP profiles where only one profile allow drive redirection. I will discuss more on how to achieve that in the other post and for this post, i will show you how to create 2 RDP listeners.

Open your Registry Editor by typing regedit on the run prompt. Once you in the Registry Editor, go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp and right click and select Export.


Go to the path where you save the exported registry key and right click and select Edit


Change the highlighted part with a new name. Save the file.


Double click the registry file will add the new registry key.


Yo can now change the port number, in this case, i change it to 3390 


After change, you need to restart Remote Desktop Service


You can check using netstat -an to confirm new port (3390) is indeed listening.


You can now login using this new port


Friday, September 5, 2014

"Expecting to find valid JSON in request body..." curl for Windows

I was testing out curl command to access Openstack API under Windows environment and whenever i used the similar command which is working in Linux, i always encounter the following error message when do it on Windows.

The command and the error message:


curl -i --insecure https:/10.10.2.9:5000/v2.0/tokens -X POST -H "Content-type:application/json" -H "User-Agent:python-keystoneclient" -d '{"auth":{"tenantName":"testTenant","passwordCredentials":{"username":"testUser","password":"passsword"}}}'

HTTP/1.1 400 Bad Request
Date: Fri, 05 Sep 2014 08:46:13 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 244
Connection: close

{"error": {"message": "Expecting to find valid JSON in request body. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}


Until i almost gave up on this problem, i found this link which have the following notes:

"Note: cURL commands that contain single quotes ( ' ) will fail on Windows. When possible, use double quotes ( " ) in place of single quotes. If a command requires both single quotes and double quotes, escape the double quotes with a backslash (for example: \" ) and replace the single quotes with double quotes."

By inserting escape character and replacing single quote with double quotes, the command can be completed successfully.


curl -i --insecure https://10.10.2.9:5000/v2.0/tokens -X POST -H "Content-Type:application/json" -H "User-Agent:python-keystoneclient" -d "{\"auth\":{\"tenantName\":\"testTenant\",\"passwordCredentials\":{\"username\":\"testUser\",\"password\":\"password\"}}}"

HTTP/1.1 200 OK
Date: Fri, 05 Sep 2014 08:58:42 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 2200

......