Terminal Services

Terminal Server is a server used for centralizing the management of applications

It provides remote administration for administrators.
T.S. provides sharing of application and resources.
It is used when a company cannot upgrade their client machines, hardware infrastructure.

Benefits of terminal services:

1)Centralized management applications
2)Centralized security using NTFS permissions
3)Easy to administer
4)Easy management of TS clients
5)Remote administration
6)Terminal server provides only the subset portion of the desktop to the client machines. i.e. when a client establishes a terminal session only the desktop portion is downloaded to the client machine to interact with.
7)During the session the terminal server uses the protocol called RDP. (Remote Desktop Protocol)
8)With the help of this protocol client obtains the server’s desktop on to the client it is nothing but thin client. Only the mouse clicks and key stokes are sent to the TS

Requirements of Terminal server:
DC
Member server
Applications (MS office, oracle, java, PageMaker etc)

Installing terminal server

On DC
Open control panel add/remove programs
Add/rem windows components
Check the box terminal server - next – yes – next –
Select relaxed security - insert CD (win2003)

T.S. operates in two modes

1) Remote desktop mode
2) Application mode

If we want to configure T.S. only for remote administration we should select remote administration mode.
If we want to configure T.S. for centralizing management application server we should go with application mode.
Application mode offers remote administration as well as applications.

In win2003 we can install T.S. in 2 ways:
1) Fully secured mode
2)) Fully relaxed mode

Fully secured mode: if we select this option users will not have access to registry files & system files and it doesn’t provide backward compatibility for existing OS or applications.

Fully Relaxed mode: Provides access to registry and other system resources useful when the security is not criteria or for performing remote administration.

Terminal Server Licensing:
By default when we install T.S. the clients can access T.S. only for 120 days.
It is a free license provided by T.S. license manager.

T.S. License manager: responsible for maintaining the T.S. license information and contacting Microsoft clearing house for obtaining the license activation.
When a T.S. client establishes a session with T.S. the client has to obtain a license key in order to access the applications.

Licensing mode:

There are 2 modes
1. Domain Licensing mode
2. Enterprise licensing mode.

1. Domain Licensing mode:

suitable when we want to maintain a separate licensing manager for each & every domain.
NOTE: T.S & licensing manager cannot be configured in same server.

Enterprise license mode:

Suitable when we’ve multi domain model and centralizing the licensing manager or issuing of the license keys to the terminal clients.
Only one T.S. licensing manager is maintained in the enterprise domain and is connected to Microsoft clearing house from where it gets authenticated.

Installing T.S. client or Remote Desktop:

On client machine
C:\windows\system32\clients\tsclient\win32&setup
Before establishing the T.Session on both T.S. & client machines
Step1: my computer - properties – remote – check the box remote desktop (allow users)
On DC
Create a user in ADUC
On member server

Establishing a session

Start – p – accessories – communication – remote desktop connections
Supply the IP of TS - connect
Provide the username &pwd we’ve created – ok

Error1: the local policy of system

Solution: move on to DC
Start – p – admin tools – DCSP – expand local policies &user rights – select the option ‘allow log on through terminal services’
Add the user whom we want to allow
Apply - ok - start – run – gpupdate
Move on to member server
Try to login with the same user name

Error2: We don’t have access to logon to terminal session

Solution: move on to DC
Start – p – admin tools
Open T.C. configuration
Double click RDP- TCP - permissions
Add the user – full control - apply - ok
Move on to member server
Again try to login – we should login.

Remote control:

R.C. is used for viewing the session or interacting with the session.

1 View Session:

If the administrator selects this option, the remote control session will be give only used for monitoring users.

2 Interacting session:

useful when an administrator wants with user to provide remote assistance or troubleshooting.

Remote Control:

To have remote control of the user, an administrator has to login to the TS and only through the TS he can take the remote control of the user.

Implementing remote control:

On member server
Login as a user
Establish a terminal session as a user

On DC
Login as administrator
Start - P – admin tools – Terminal Services configuration
Double click RDP - remote control
Select the type of control we want to view/interact
Apply – ok

Establish a session on to the same machine by typing server’s IP

Login as administrator
In terminal session
Start – p – admin tools
Open terminal services manager
Right click on user – remote control
Select the release keys (ex.Ctrl+ Z)(used for giving up remote control ) – ok

Allowing Local resources to be available on TS session.

Before login
On the member server - options
Open remote desktop connections
Options - local resources
Check the box disk drives
Connect & ok

* When we open my computer of T.S. we should notice the local drives.

Allowing user to access only a particular application through TS.

(Run only allowed applications for a user)
On DC
Open ADUCGo to the user properties
Following program
Specify the program (ex. Notepad, cmd, etc.)– File name – ok

Allowing a common application for all the users from TS

On DC
Start – p admin tools – open TS configuration – double click RDP
Environment – check the box override setting – specify the application name
Ok suitable when we want to maintain a separate licensing manager for each & every domain.

NOTE: T.S & licensing manager cannot be configured in same server.

Enterprise license mode:

Suitable when we’ve multi domain model and centralizing the licensing manager or issuing of the license keys to the terminal clients.
Only one T.S. licensing manager is maintained in the enterprise domain and is connected to Microsoft clearing house from where it gets authenticated.

Installing T.S. client or Remote Desktop:

On client machine
C:\windows\system32\clients\tsclient\win32&setup
Before establishing the T.Session on both T.S. & client machines
Step1: my computer - properties – remote – check the box remote desktop (allow users)
On DC
Create a user in ADUC
On member server

Establishing a session:

Start – p – accessories – communication – remote desktop connections
Supply the IP of TS - connect
Provide the username &pwd we’ve created – ok

Error1: the local policy of system

Solution: move on to DC
Start – p – admin tools – DCSP – expand local policies &user rights – select the option ‘allow log on through terminal services’
Add the user whom we want to allow
Apply - ok - start – run – gpupdate
Move on to member server
Try to login with the same user name

Error2: We don’t have access to logon to terminal session

Solution: move on to DC
Start – p – admin tools
Open T.C. configuration
Double click RDP- TCP - permissions
Add the user – full control - apply - ok
Move on to member server
Again try to login – we should login.

Remote control:

R.C. is used for viewing the session or interacting with the session.

1 View Session:

If the administrator selects this option, the remote control session will be give only used for monitoring users.

2 Interacting session:

Useful when an administrator wants with user to provide remote assistance or troubleshooting.