July 25, 2011, 4:44 a.m.
posted by jin
CONFIGURING TERMINAL SERVICES
The Terminal Services Configuration tool is available from the Start menu Programs Administrative Tools or as a Microsoft Management Console (MMC) snap-in. These tools support the administration of Terminal Services Configuration.
Terminal Services Connections support the link between the server and client session settings. Its properties are the critical component in determining how and where Terminal Services can be used. The Terminal Services Configuration snap-in tool modifies RDP-TCP properties, including the users and groups allowed to use these services (see Figure).
Terminal services use a TCP/IP connection through TCP port 3389 for Microsoft Windows access—specifically, the Remote Desktop Protocol (RDP-TCP) stack.
Third-party vendor Citrix provides a Terminal Services connection to Apple Macintosh, UNIX, and MS-DOS workstations and terminals. It uses its own ICA protocol on clients to connect through asynchronous communications, IPX/SPX, NetBIOS, and TCP/IP. For information on integrating Citrix's MetaFrame and WinFrame technology, visit the Citrix Web site at www.citrix.com.
RDP-TCP configuration is accomplished through a series of Properties tabs, each of which provides options that deserve independent consideration. The Properties dialog box is displayed by right-clicking RDP-Tcp and selecting Properties.
The General tab (Figure) identifies the Microsoft RDP-version level and the transport used, with TCP as the default. It also allows the system administrator to add comments about this installation.
The most important configuration option on the General tab is the encryption level for data transport. Data encryption is one-directional from the client to the server and must coincide with the server's defined encryption level. Data transmitted from the server is not protected by encryption to the client.
Standard Windows user authentication is confirmed by checking the last option on the General tab screen.
REMOTE CONTROL OPTIONS
The Remote Control tab (Figure) establishes how the user can gain access and the level of control to be granted. It is a particularly important setting for a system administrator because it permits control over and observation of a user's session. The Remote Control tab is used to select the level of control desired. The first two options retain the user's default settings on remote control or negate the function; the third option establishes the right to View the session and/or Interact with the session. If the Require user's permission box is checked, the message box will be displayed on the user's desktop when control is attempted so that the user can grant or deny access.
An organizational policy should be considered as to the proper use of this function, since the ability to control and observe a user's session obviously has both positive and negative ramifications. When a user encounters a problem, it is a blessing to the system administrator to be able to view and correct it remotely; however, this also creates concern over eavesdropping and confidentiality.
Remote control is defined differently for domain users and local users. For domain users, follow these steps: From the Active Directory Users Accounts and Computers snap-in, select the domain, select Users, select the targeted user, right-click the user and choose Properties, select the Remote Control tab, and make the desired changes. For local users, use the Computer Management (Local) snap-in, select System Tools, select Local Users and Groups, right-click the user, select Properties, and select the Remote Control tab.
CLIENT SETTINGS FOR REMOTE CONTROL
The Client Settings tab enables and disables a number of client-side items. The Connection options (1) connect local drives, (2) connect the local printer, and (3) set the local printer as the default device for applications executed by the user. In essence, these settings direct the respective devices to the terminal user's local environment. As shown in Figure, each of six mapping options can be disabled by a checking a box next to it.
NETWORK ADAPTER SETTINGS
The Network Adapter tab (Figure) performs two functions. First, it permits the selection of the adapters that have been found to be compatible for the network, with the default setting All network adapters configured with this protocol. Second, it establishes the number of allowable connections. If Unlimited connections is selected, there is no limit to the number of connections allowed to the Terminal Server. If Maximum connections is selected, a number for the upper limit for concurrent connections must be entered. This option is generally recommended because system performance can be seriously affected by too many connections. Once system capacity is properly sized, setting an upper limit will reduce the possibility of system overload.
The Terminal Services Permissions tab (Figure) defines which users and groups have rights to assume Full Control, User Access, and Guest Access. By default, the Administrator and System groups are allowed all three. This tab is employed to delegate authority to other users or groups for Terminal Server management.
As with other Permissions properties dialog boxes, additional users and groups are included by clicking the Add button and deleted with the Remove button. The Advanced button is used to apply special permissions. (See Chapter 10 for more information about managing this Permissions tab.)
The Logon Settings tab (Figure) permits the use of either client-provided or administrator-defined logon information. If the latter is selected, complete the text boxes for User name, Domain, Password, and Confirmed password.
The Sessions tab (Figure) establishes parameters around the time a client can remain idle, the maximum length of a session, and whether that client can reconnect. One of the benefits of Terminal Services is that a user can disconnect without terminating the session. Providing that the parameters are set to enable this function and time period, he can reconnect as the same or a different client exactly where he left off.
The Environment tab (Figure) permits the user to use an individual profile or overrides these settings with those established in this dialog box. In many environments, only certain applications need be initiated. For example, in a customer service environment, a set of knowledge-based Help applications may be all that is necessary. In such a case, check the Override settings and designate the program path and file name.
Terminal Services Server Settings
The Server Settings determine how Terminal Services is applied (with default settings shown in Figure).
The seven default settings are
Delete temporary folders on exit determines how temporary folders are treated on exit.
Use temporary folders per session determines where temporary folders are created during a session.
Permission Compatibility indicates if security is set Full or Relaxed.
Sessions Directory enables or disables session directory functions.
Restrict each user to one session places a yes or no restriction on the user sessions.
Licensing defines the basis of the license.
Active Desktop defines whether the Microsoft Active Desktop environment is enabled or disabled.