- Back to Home »
- Windows 2003 Terminal Services
Sunday, December 11, 2011
Windows 2003 Terminal Services
Terminal Services, known to some as an Admin’s best friend, uses RDP (Remote Desktop Protocol), relies on TCP/IP, and falls under the application layer of the ISO 7-layer model. It has been improved by offering more features, greater reliability and scalability in Windows 2003.
Introduction
Terminal Services, known to some as an Admin’s best friend, uses RDP (Remote Desktop Protocol), relies on TCP/IP, and falls under the application layer of the ISO 7-layer model. It has been improved by offering more features, greater reliability and scalability in Windows 2003.
Terminal Services allow:
1.the sharing of applications and desktops over the network
2.administrators to take control of, and manage, a computer from their desk
3.the centralization and management of applications (constantly keeping them up to date)
The ability to access a terminal server and establish a session via a Pocket PC, for example, is a great feature that would be handy for employees on the move. Terminal Server does not require the client to have a Microsoft Windows operating system in order to connect to it.
A 128 bit, RC4 bi-directional encryption method is used to secure the connection. Should the terminal services client not support such a high level of encryption, then lower levels can be set.
A few of the most sought after advantages include:
However, a disadvantage would include the fact that although Windows 2003 and Terminal Server offer load balancing, this can still be improved. The current system is based on network utilization and can handle up to 32 servers.
A very important feature which has been implemented is the way in which bandwidth is managed for a terminal services session. It has been improved to provide low-bandwidth connections (such as dial up) with better performance by only transmitting a screen view of the remote computer, rather than the actual data itself.
To benefit from these new features, the terminal services client must be using RDP 5.1 (included in Windows XP) and the server must have RDP 5.2 (included in Windows 2003).
Terminal Services allow:
1.the sharing of applications and desktops over the network
2.administrators to take control of, and manage, a computer from their desk
3.the centralization and management of applications (constantly keeping them up to date)
The ability to access a terminal server and establish a session via a Pocket PC, for example, is a great feature that would be handy for employees on the move. Terminal Server does not require the client to have a Microsoft Windows operating system in order to connect to it.
A 128 bit, RC4 bi-directional encryption method is used to secure the connection. Should the terminal services client not support such a high level of encryption, then lower levels can be set.
A few of the most sought after advantages include:
- Automatic re-connection of a disconnected session (useful for wireless connections)
- Smart Card Authentication support
- Automatic re-direction of client local and network mapped drives
- Automatic re-direction of Audio
- 24-bit color mode support
- Session Directory (stores a list of sessions indexed by username and server to allow automatic re-connection from a disconnected session, in a terminal server farm environment)
However, a disadvantage would include the fact that although Windows 2003 and Terminal Server offer load balancing, this can still be improved. The current system is based on network utilization and can handle up to 32 servers.
A very important feature which has been implemented is the way in which bandwidth is managed for a terminal services session. It has been improved to provide low-bandwidth connections (such as dial up) with better performance by only transmitting a screen view of the remote computer, rather than the actual data itself.
To benefit from these new features, the terminal services client must be using RDP 5.1 (included in Windows XP) and the server must have RDP 5.2 (included in Windows 2003).
Setting up Windows 2003 as a Terminal Server
Open the ‘configure your server’ wizard from Administrative Tools and in the select a role section, choose Terminal Server and click Next twice to confirm your actions. The wizard will then start to install the required files and warn you that the machine will have to be restarted during the installation process. Close any open programs and click OK.
The installation will continue for a few minutes before the machine is restarted. After the machine has booted and you logon, you are presented with a confirmation screen that states the computer is now a terminal server.
It is important to take note that a 120-day evaluation period has been allocated for unlicensed clients. If you do not obtain a license within that period then terminal services clients will no longer be able to initiate a session.
Licensing
This is probably where the most changes have been made. Microsoft have introduced a ‘per user’ license to add to the already familiar ‘per device’ method.
To make your machine a terminal server license server you will have to install it separately. This can be done from the windows components wizard section in the add/remove window from the control panel.
Once you have installed this option your server will be listed in the terminal server licensing console.
You will have to activate the server before it can start distributing licenses. Activation of the licensing server can be done via a direct connection to the internet, a web browser or over the telephone. The following is a screenshot of the terminal server licensing console demonstrating what you would have to do to start the activation process.
You will have to activate the server before it can start distributing licenses. Activation of the licensing server can be done via a direct connection to the internet, a web browser or over the telephone. The following is a screenshot of the terminal server licensing console demonstrating what you would have to do to start the activation process.
This will bring up a wizard asking you to enter details and select options to suite your needs.
Follow the on screen instructions and press Finish when you are done.
Follow the on screen instructions and press Finish when you are done.
Terminal Server Configuration
The two main applications used to configure the terminal server are:
(They can both be found in the administrative tools folder in control panel or on the start menu).
When you select the server name you can choose to view and manage the Users, Sessions or Processes tab. The green icons indicate that the server is online. If you had to disconnect it, the icons would be gray.
The Users tab allows you to see who is connected, how long they have been connected and the state of their connection. If you select a user and right click you can disconnect or reset the user’s session, send a message (which will be displayed as a pop-up message box on the client side), view the status or log the person out of the terminal server session.
The Sessions tab permits the viewing and control of the terminal server sessions. You can right click a session and select the status to see the incoming and outgoing data or reset to reset the session.
The processes tab shows all the processes that are running and which user they belong to (this is a simplified version of the processes tab found on the windows task manager).
Select a user, click the right mouse button and choose ‘end process’ to kill the process.
The image below shows the Terminal Services Manager with an active connection initiated by a user (andrew).
If you select the RDP-Tcp#12 (username) option you can view the processes and session information specific to that user. Note: The #12 number will be different for each session.
‘Favorite servers’ will list all the servers that you have added as a favourite - you can do this by right clicking a server and selecting ‘add to favorites’.
You are able to connect to multiple terminal servers by press Actions > Connect to computer. These will be listed in the ‘All Listed Servers’ node.
The server settings section enables you to modify the settings of the server. Double click a setting from the list to bring up the appropriate window and be given the option to make a change.
Each setting shown in the above window is self explanatory. The settings in the list each have an attribute which you can set according to your preferences.
Terminal Services give you the opportunity to provide a secure and reliable tool to employees. Microsoft has built on the success of Terminal Server in Windows 2000 and come up with new solutions to meet user’s needs.
Better manageability and user friendliness are just two of the improved features worth mentioning. You have just been reading Part one of an article based on terminal services. Part two will be released next week. It will include troubleshooting potential logon problems, terminal services tips and a guide on how to log on to a terminal server from a Windows client.
This section will be of interest to terminal server administrators and clients. It includes a step-by-step guide of how to logon to a terminal server, troubleshooting common logon problems, and a tips section.
A Windows 2003 Terminal Server can be accessed by a windows client that has Remote Desktop Connection installed or via a web browser (remote desktop web connection).
(They can both be found in the administrative tools folder in control panel or on the start menu).
- Terminal Services Manager (completely re-written in Windows 2003)
- Terminal Services Configuration
When you select the server name you can choose to view and manage the Users, Sessions or Processes tab. The green icons indicate that the server is online. If you had to disconnect it, the icons would be gray.
The Users tab allows you to see who is connected, how long they have been connected and the state of their connection. If you select a user and right click you can disconnect or reset the user’s session, send a message (which will be displayed as a pop-up message box on the client side), view the status or log the person out of the terminal server session.
The Sessions tab permits the viewing and control of the terminal server sessions. You can right click a session and select the status to see the incoming and outgoing data or reset to reset the session.
The processes tab shows all the processes that are running and which user they belong to (this is a simplified version of the processes tab found on the windows task manager).
Select a user, click the right mouse button and choose ‘end process’ to kill the process.
The image below shows the Terminal Services Manager with an active connection initiated by a user (andrew).
If you select the RDP-Tcp#12 (username) option you can view the processes and session information specific to that user. Note: The #12 number will be different for each session.
‘Favorite servers’ will list all the servers that you have added as a favourite - you can do this by right clicking a server and selecting ‘add to favorites’.
You are able to connect to multiple terminal servers by press Actions > Connect to computer. These will be listed in the ‘All Listed Servers’ node.
Terminal Services Configuration
The screenshot below is that of the Terminal Services Configuration.Any connections that have been setup will be displayed in the connections part of the console. Double click a connection to open the properties page.
The server settings section enables you to modify the settings of the server. Double click a setting from the list to bring up the appropriate window and be given the option to make a change.
Each setting shown in the above window is self explanatory. The settings in the list each have an attribute which you can set according to your preferences.
Terminal Services give you the opportunity to provide a secure and reliable tool to employees. Microsoft has built on the success of Terminal Server in Windows 2000 and come up with new solutions to meet user’s needs.
Better manageability and user friendliness are just two of the improved features worth mentioning. You have just been reading Part one of an article based on terminal services. Part two will be released next week. It will include troubleshooting potential logon problems, terminal services tips and a guide on how to log on to a terminal server from a Windows client.
A Windows 2003 Terminal Server can be accessed by a windows client that has Remote Desktop Connection installed or via a web browser (remote desktop web connection).
Troubleshooting Logon Problems
Apart from the obvious logon error of typing in a wrong username or password, there exists two common problems that users come across when logging on. These are shown below.
This error indicates that the group policy of the terminal server does not allow you to logon interactively. The settings will have to be changed from the group policy object editor by your administrator.
To do this, open gpedit.msc and navigate to the following section:
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
and after double clicking on the “Allow Log on Locally” from the Policy list, choose the user that you want to grant local log on access to and press OK. The image below indicates which section must be clicked on.
To do this, open gpedit.msc and navigate to the following section:
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
and after double clicking on the “Allow Log on Locally” from the Policy list, choose the user that you want to grant local log on access to and press OK. The image below indicates which section must be clicked on.
The error message below means that you do not have access to logon to the terminal services session because your account has not been given the effective permissions from the terminal services manager on the server.
To correct this, open the Terminal Services Configuration, double click the RDP option in the main window and go to the permissions tab. Select Add and choose your account before pressing OK and assigning the right permissions to that account. Now attempt to logon again with that user account.
Terminal Services Client Logon - A step-by-step guide
Web Client
The terminal services web client will allow you to logon to a terminal server from your web browser. This is very handy as it provides quick and easy access from anywhere.
Open your web browser and in the address bar type the following details:
http://server_name/tsweb
where server_name is the name of the terminal server (this can also be the IP address). If the WWW service and the tsweb website has been started on the server then you will be directed to a page like the one seen below:
The image below shows the general tab of the Remote Desktop Connection window, which was expanded by pressing the Options >>> button on the original window.
In this tab you can save your connection settings for future use, specify which computer you want to connect to and supply the logon credentials. The other tabs are used for performance related options like the display size and colour, speed and placement of resources.
Once you have entered the correct logon details press connect to initiate the session. It is likely that you will be asked to re-enter the logon credentials – unless the administrator has disabled the option from the terminal server.
Open your web browser and in the address bar type the following details:
http://server_name/tsweb
where server_name is the name of the terminal server (this can also be the IP address). If the WWW service and the tsweb website has been started on the server then you will be directed to a page like the one seen below:
Enter the name of the server you want to connect to and choose the size of the screen before clicking ‘connect’. If you do not already have the required ActiveX component installed then you will be prompted to install it – click Yes when the window pops up and asks you to confirm the setup. In my example I have chosen for the screen to use a 800x600 display size. The web browser will act as a place holder for the terminal services screen to be displayed, as shown in the following screenshot.
Remote Desktop Connection
Remote Desktop Connection is installed by default on Windows XP- but can also be downloaded as a separate application from the Microsoft website. This is used to initiate a terminal services session from the client side. To open it type mstsc in the run box or navigate to Accessories > Communications on the Start menu. The image below shows the general tab of the Remote Desktop Connection window, which was expanded by pressing the Options >>> button on the original window.
In this tab you can save your connection settings for future use, specify which computer you want to connect to and supply the logon credentials. The other tabs are used for performance related options like the display size and colour, speed and placement of resources.
Once you have entered the correct logon details press connect to initiate the session. It is likely that you will be asked to re-enter the logon credentials – unless the administrator has disabled the option from the terminal server.