How to configure RDS for Windows 2000

After a clean install of Windows 2000, the MSADC virtual directory defaults to access denied for all IP addresses and domain names. This means that, on clean installs, no computers are able to connect to the MSADC virtual directory on these computers. Therefore, all Remote Data Services (RDS) applications do not work until the steps shown here are taken.

You may receive one of the following error messages: In Visual Basic, you may receive the following error message:

There are two core configuration concerns with Remote Data Services: RDS Security and IIS security.

RDS security

RDS security is controlled through the registry and by RDS handlers. The RDS DataFactory is restricted by data handlers. Also, if you are invoking custom business objects, a registry must be added to enable the business object to be accessed. Add a registry key whose name matches ProgID of the business object in the following registry hive: \HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch

RDS relies on the following registry keys:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory

If these keys do not exist, add them.

1. To determine whether these keys exist, use Regedit.exe or Regedt32.exe.
2. To determine whether the key permissions are too restrictive, start Regedt32.exe, and select the registry key.
3. On the Security menu, click Permissions to view the Access Control List for the key.
4. Make sure the IUSR account has at least Read permission to the registry keys.
5. At a command prompt, type iisreset to restart your Web server.

Run Handunsf.reg from the MSADC directory. This action makes handlers not required. Note that this last option does compromise security. However, because the application is behind a corporate firewall on a company intranet, security concerns are limited to those with physical access.

IIS security

For IIS security, follow these steps:

1. Click Start on the computer that is running Windows 2000, click Programs, point to Administrative Tools, and then click Internet Services Manager.
2. Expand the computer name in the left pane.
3. Expand Default Web Site.
4. Right-click the MSADC virtual directory, and then click Properties.
5. On the Directory Security tab, under IP Address and Domain Name Restrictions, click Edit. The IP Address and Domain Name Restrictions dialog box appears.

To enable RDS-based applications and pages on this server, choose one of the following:

• If you want all clients to access RDS-based pages and applications, click Granted Access.
• If you want to grant access only to selected clients, click Add to enter their IP addresses or domain names.

For more information about setting IP address and domain name restrictions, see the IIS documentation.

For more information about handler security, click the following article number to view the article in the Microsoft Knowledge Base: For more information, click the following article number to view the article in the Microsoft Knowledge Base: