Terminal Server

© N. Ganesan, Ph.D.

Reference

Thin-Client Concept

• Thin-Client concept tutorial

Terminal Server

• Microsoft’s implementation of thin-client computing or server based computing

• The concept is similar to the main-frame based computing of the past

• Terminal server uses the Remote Desktop Protocol (RDP) to communicate

Terminal Server Encryption

• The communication is secure and it is encrypted– The connection is secured by a 128

bit, RC4 bi-directional encryption

Terminal Server Installation

Initiating the Installation

• Launch Configure Your Server wizard from the Administrative Tools

• Launch the configuration for Terminal Server

• The automatic initial installation will proceed until completion

Installation in Progress

Installation at Completion

Terminal Server Licensing Information

• A licensing server must first be installed to distribute licenses to clients

• The licensing server must then be activated

Terminal Services Licensing

Terminal Server Activation

Terminal Server Management

The Tools

• Terminal Services Manger• Terminal Services Configuration

Terminal Services Manager

Terminal Services Manager

• View and manage users, sessions or processes – For example, sessions and processes

can be terminated etc.

Terminal Services Configuration

Connection

• Each connection property can be managed

• Examples:– Change encryption level– Enable standard Windows

authentication– Specify user permissions– Etc.

RDP-TCP Properties

Server Settings

Troubleshooting Logon Problems

Some Logon Problems

• No permission to logon interactively– The settings need to be changed from

the group policy object editor by the administrator

• No access to logon to a session– Assign permission to the user to logon

from the Terminal Server Configuration MMC

Permission to Logon Interactively

Local Policy Permission Not Granted

Problem and Remedy

• Problem – The group policy of the terminal

server does not allow logon interactively

• Remedy– Change settings from the group policy

object editor by the server administrator

Steps to Remedy

• Open gpedit.msc and navigate as follows:– Local Computer Policy > Computer

Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment

• From “Allow Log on Locally” entry in the Policy list, grant local access to the user

Granting Local Logon Permission

Permission to Logon to a Session

Permission Not Granted to Logon to a Session

Remedy

• Open the Terminal Services Configuration, double click the RDP option in the main window and go to the permissions tab

• Select Add and choose your account before pressing OK and assigning the right permissions to that account

Terminal Server Access

Access Options

• Using the web browser• Using the Remote Desktop

Web Browser Access

Web Access Notes

• ActiveX execution must be enabled

Web Based Access

Remote Desktop Access

Remote Desktop Access Screen

Remote Desktop Connection

• Installed automatically by Windows XP

• The options button can be pressed for addition tabs to be shown on the initial connection screen as shown in the previous screen

Connecting to the Terminal Server Using a Command

• “mstsc -v:servername /F –console”– ‘mstsc’ represents the remote

desktop connection executable file – -v specifies the name of the server– /F is for full screen mode – –console indicates the connection is

to be made to the console

Accessing from a MAC Computer

• A terminal services client can be installed for the MAC OS you can download it from here. Once it is

• In this case, a windows-based operating system can be run from a Macintosh computer using the terminal services

Connecting without a User Name and a Password

• From the server side, open Group Policy Object Editor (gpedit.msc), double click Administrative Templates > Windows Components > Terminal Services and then choose Encryption and Security

• Open the properties box of ‘Always prompt client for password upon connection’ and disable it

• From the client side, open Remote Desktop Connection, and in the general tab enter the logon credentials in the appropriate boxes

Installation of the Remote Desktop Web Administration

• The web client can be installed from the Add/Remove windows components.

• Select the options under the World Wide Web components section in the IIS 6.0 option.

• Install the Remote Desktop Web Administration component

Installation of Additional Tools

• Available in the Windows 2003 resource kit

• Executing the self-extractable file tsscalling.exe will install the tools

• The tool will aid in scalability planning of terminal services.

Management of Applications

• The terminal server will, in general, run multiple applications for multipleusers

• It is important to close all inactive applications to improve the processing efficiency of the terminal server at all times

Remotely Restating the Terminal Server

• Use the tsshutdn command. • tsshutdn wait_time /server: server_name

/reboot /powerdown /delay: log_off_time– wait_time is the waiting time in seconds before a

user is logged off from a session. The default time is 60 seconds

– server_name specifies the name of the terminal server

– log_off_delay is the waiting period in seconds between the time the users have been logged off from the session and the time before all processes are ended prior to the computer being shut off. The default time is 30 seconds.

Disconnect and Logoff

• Disconnect only disconnects the connection as the processes started by a user will still be running on the computer

• Log off releases all the resources used by a user before the logoff process

• Therefore, instead of just disconnecting from a session or closing the remote desktop window, choosing the logoff option will free up resources for other users to use

Changing Port Number

• By default, Terminal Services runs on TCP and UDP port 3389.

• Port number can be changed by opening the e registry editor (regedit.exe) and navigating to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp key.

• Port number specified in the DWORD PortNumber can be changed to reflect the new port number

Important

• As the terminal server runs many applications, it is important to optimize the server for efficiency – For example, the disk may have to be

defrgmented to continue to be able to maintain good data throughput

• A fast server is invariably required to support the Terminal Server

The End