Terminal Server © N. Ganesan, Ph.D.
Reference
Thin-Client Concept Thin-Client concept tutorial
Terminal Server Microsoft’s implementation of thin- client computing or server based computing The concept is similar to the main- frame based computing of the past Terminal server uses the Remote Desktop Protocol (RDP) to communicate
Terminal Server Encryption The communication is secure and it is encrypted –The connection is secured by a 128 bit, RC4 bi-directional encryption
Terminal Server Installation
Initiating the Installation Launch Configure Your Server wizard from the Administrative Tools Launch the configuration for Terminal Server The automatic initial installation will proceed until completion
Installation in Progress
Installation at Completion
Terminal Server Licensing Information A licensing server must first be installed to distribute licenses to clients The licensing server must then be activated
Terminal Services Licensing
Terminal Server Activation
Terminal Server Management
The Tools Terminal Services Manger Terminal Services Configuration
Terminal Services Manager
View and manage users, sessions or processes –For example, sessions and processes can be terminated etc.
Terminal Services Configuration
Connection Each connection property can be managed Examples: –Change encryption level –Enable standard Windows authentication –Specify user permissions –Etc.
RDP-TCP Properties
Server Settings
Troubleshooting Logon Problems
Some Logon Problems No permission to logon interactively –The settings need to be changed from the group policy object editor by the administrator No access to logon to a session –Assign permission to the user to logon from the Terminal Server Configuration MMC
Permission to Logon Interactively
Local Policy Permission Not Granted
Problem and Remedy Problem –The group policy of the terminal server does not allow logon interactively Remedy –Change settings from the group policy object editor by the server administrator
Steps to Remedy Open gpedit.msc and navigate as follows: –Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment From “Allow Log on Locally” entry in the Policy list, grant local access to the user
Granting Local Logon Permission
Permission to Logon to a Session
Permission Not Granted to Logon to a Session
Remedy Open the Terminal Services Configuration, double click the RDP option in the main window and go to the permissions tab Select Add and choose your account before pressing OK and assigning the right permissions to that account
Terminal Server Access
Access Options Using the web browser Using the Remote Desktop
Web Browser Access
Web Access Notes ActiveX execution must be enabled
Web Based Access
Remote Desktop Access
Remote Desktop Access Screen
Remote Desktop Connection Installed automatically by Windows XP The options button can be pressed for addition tabs to be shown on the initial connection screen as shown in the previous screen
Connecting to the Terminal Server Using a Command “mstsc -v:servername /F –console” – ‘mstsc’ represents the remote desktop connection executable file –-v specifies the name of the server – /F is for full screen mode ––console indicates the connection is to be made to the console
Accessing from a MAC Computer A terminal services client can be installed for the MAC OS you can download it from here. Once it is In this case, a windows-based operating system can be run from a Macintosh computer using the terminal services
Connecting without a User Name and a Password From the server side, open Group Policy Object Editor (gpedit.msc), double click Administrative Templates > Windows Components > Terminal Services and then choose Encryption and Security Open the properties box of ‘Always prompt client for password upon connection’ and disable it From the client side, open Remote Desktop Connection, and in the general tab enter the logon credentials in the appropriate boxes
Installation of the Remote Desktop Web Administration The web client can be installed from the Add/Remove windows components. Select the options under the World Wide Web components section in the IIS 6.0 option. Install the Remote Desktop Web Administration component
Installation of Additional Tools Available in the Windows 2003 resource kit Executing the self-extractable file tsscalling.exe will install the tools The tool will aid in scalability planning of terminal services.
Management of Applications The terminal server will, in general, run multiple applications for multipleusers It is important to close all inactive applications to improve the processing efficiency of the terminal server at all times
Remotely Restating the Terminal Server Use the tsshutdn command. tsshutdn wait_time /server: server_name /reboot /powerdown /delay: log_off_time –wait_time is the waiting time in seconds before a user is logged off from a session. The default time is 60 seconds –server_name specifies the name of the terminal server –log_off_delay is the waiting period in seconds between the time the users have been logged off from the session and the time before all processes are ended prior to the computer being shut off. The default time is 30 seconds.
Disconnect and Logoff Disconnect only disconnects the connection as the processes started by a user will still be running on the computer Log off releases all the resources used by a user before the logoff process Therefore, instead of just disconnecting from a session or closing the remote desktop window, choosing the logoff option will free up resources for other users to use
Changing Port Number By default, Terminal Services runs on TCP and UDP port Port number can be changed by opening the e registry editor (regedit.exe) and navigating to the HKEY_LOCAL_MACHINE\SYSTEM\Curre ntControlSet\Control\TerminalServer\WinS tations\RDP-Tcp key. Port number specified in the DWORD PortNumber can be changed to reflect the new port number
Important As the terminal server runs many applications, it is important to optimize the server for efficiency –For example, the disk may have to be defrgmented to continue to be able to maintain good data throughput A fast server is invariably required to support the Terminal Server
The End