Windows 2003 Terminal Services (Part 1)
Terminal Services, known to some as an Admin’s best friend, uses RDP (Remote Desktop Protocol), relies on TCP/IP, and falls under the application layer of the ISO 7-layer model. It has been improved by offering more features, greater reliability and scalability in Windows 2003.
Introduction
Terminal Services, known to some as an Admin’s best friend, uses RDP (Remote Desktop Protocol), relies on TCP/IP, and falls under the application layer of the ISO 7-layer model. It has been improved by offering more features, greater reliability and scalability in Windows 2003.
Terminal Services allow:
- the sharing of applications and desktops over the network
- administrators to take control of, and manage, a computer from their desk
- the centralization and management of applications (constantly keeping them up to date)
The ability to access a terminal server and establish a session via a Pocket PC, for example, is a great feature that would be handy for employees on the move. Terminal Server does not require the client to have a Microsoft Windows operating system in order to connect to it.
A 128 bit, RC4 bi-directional encryption method is used to secure the connection. Should the terminal services client not support such a high level of encryption, then lower levels can be set.
A few of the most sought after advantages include:
- Automatic re-connection of a disconnected session (useful for wireless connections)
- Smart Card Authentication support
- Automatic re-direction of client local and network mapped drives
- Automatic re-direction of Audio
- 24-bit color mode support
- Session Directory (stores a list of sessions indexed by username and server to allow automatic re-connection from a disconnected session, in a terminal server farm environment)
However, a disadvantage would include the fact that although Windows 2003 and Terminal Server offer load balancing, this can still be improved. The current system is based on network utilization and can handle up to 32 servers.
A very important feature which has been implemented is the way in which bandwidth is managed for a terminal services session. It has been improved to provide low-bandwidth connections (such as dial up) with better performance by only transmitting a screen view of the remote computer, rather than the actual data itself.
To benefit from these new features, the terminal services client must be using RDP 5.1 (included in Windows XP) and the server must have RDP 5.2 (included in Windows 2003).
Setting up Windows 2003 as a Terminal Server
Open the ‘configure your server’ wizard from Administrative Tools and in the select a role section, choose Terminal Server and click Next twice to confirm your actions. The wizard will then start to install the required files and warn you that the machine will have to be restarted during the installation process. Close any open programs and click OK.
The installation will continue for a few minutes before the machine is restarted. After the machine has booted and you logon, you are presented with a confirmation screen that states the computer is now a terminal server.
It is important to take note that a 120-day evaluation period has been allocated for unlicensed clients. If you do not obtain a license within that period then terminal services clients will no longer be able to initiate a session.
Licensing
This is probably where the most changes have been made. Microsoft have introduced a ‘per user’ license to add to the already familiar ‘per device’ method.
To make your machine a terminal server license server you will have to install it separately. This can be done from the windows components wizard section in the add/remove window from the control panel.
Once you have installed this option your server will be listed in the terminal server licensing console.
You will have to activate the server before it can start distributing licenses. Activation of the licensing server can be done via a direct connection to the internet, a web browser or over the telephone. The following is a screenshot of the terminal server licensing console demonstrating what you would have to do to start the activation process.
This will bring up a wizard asking you to enter details and select options to suite your needs.
Follow the on screen instructions and press Finish when you are done.
Terminal Server Configuration
The two main applications used to configure the terminal server are:
(They can both be found in the administrative tools folder in control panel or on the start menu).
- Terminal Services Manager (completely re-written in Windows 2003)
- Terminal Services Configuration
Terminal Services Manager
When you select the server name you can choose to view and manage the Users, Sessions or Processes tab. The green icons indicate that the server is online. If you had to disconnect it, the icons would be gray.
The Users tab allows you to see who is connected, how long they have been connected and the state of their connection. If you select a user and right click you can disconnect or reset the user’s session, send a message (which will be displayed as a pop-up message box on the client side), view the status or log the person out of the terminal server session.
The Sessions tab permits the viewing and control of the terminal server sessions. You can right click a session and select the status to see the incoming and outgoing data or reset to reset the session.
The processes tab shows all the processes that are running and which user they belong to (this is a simplified version of the processes tab found on the windows task manager).
Select a user, click the right mouse button and choose ‘end process’ to kill the process.
The image below shows the Terminal Services Manager with an active connection initiated by a user (andrew).
If you select the RDP-Tcp#12 (username) option you can view the processes and session information specific to that user. Note: The #12 number will be different for each session.
‘Favorite servers’ will list all the servers that you have added as a favourite – you can do this by right clicking a server and selecting ‘add to favorites’.
You are able to connect to multiple terminal servers by press Actions > Connect to computer. These will be listed in the ‘All Listed Servers’ node.
Terminal Services Configuration
The screenshot below is that of the Terminal Services Configuration.
Any connections that have been setup will be displayed in the connections part of the console. Double click a connection to open the properties page.
The following table will describe what actions you may take on each tab.
Tab Description General add a comment, change the encryption level, enable standard windows authentication Logon Settings select whether or not to always use the same credentials for logging on, enable ‘always prompt for password’ Sessions select whether to override the user’s settings with a set of predefined settings Environment choose to override settings of a user profile and run a program when the user logs on Remote Control change the way the remote control facility is used, disable remote control Client Settings change connection, colour and mappings settings Network Adapter specify the type of network adapter you want to use and change the connection limit Permissions specify the user permissions (who has access to the terminal server and who doesn’t)
The server settings section enables you to modify the settings of the server. Double click a setting from the list to bring up the appropriate window and be given the option to make a change.
Each setting shown in the above window is self explanatory. The settings in the list each have an attribute which you can set according to your preferences.
Terminal Services give you the opportunity to provide a secure and reliable tool to employees. Microsoft has built on the success of Terminal Server in Windows 2000 and come up with new solutions to meet user’s needs.
Better manageability and user friendliness are just two of the improved features worth mentioning. You have just been reading Part one of an article based on terminal services. Part two will be released next week. It will include troubleshooting potential logon problems, terminal services tips and a guide on how to log on to a terminal server from a Windows client.