![]() ![]()
![]() Remote Desktop Services in Windows 2. R2 - Part 1. Windows Terminal Services has come a long way since its infancy and has improved with every version of Windows, and Windows 2. R2 is no exception. Microsoft have done a great job in providing administrators with thorough documentation pertaining to the role being installed. Click Next. This is a single server setup so I will select all of the role services for Remote Desktop Services excluding Remote Desktop Virtualisation Host (this will be covered in a future post). I have provided Microsoft’s description of each service in the table below; Remote Desktop Session Host. RD Session Host, formerly known as Terminal Server, enables a server to host Windows- based programs or the full Windows desktop. Users can connect to an RD Session Host server to run programs, save files and use network resources on the that server. Remote Desktop Licensing. RD Licensing, formerly known as TS Licensing manages RDS CALs that are required to connect to an RD Session Host. Remote Desktop Connection Broker. RD Connection Broker, formerly known as TS Session Broker, support session load balancing and session reconnection to the RD Session Host. Remote Desktop Gateway. RD Gateway, formerly known as TS Gateway enables authorised users to connect to RD Session Host Servers over the Internet. Remote Desktop Web Access. RD Web Access, formerly known as TS Web Access enables users to access Remote. App and Desktop connection through Start Menu on a computer running Windows 7 or through a Web browser. Adding the Remote Desktop Gateway and or Remote Desktop Web Access will prompt you to install other services that are prerequisites such as IIS. Click Add Required Role Services. After you have the Selected Roles checked, click Next. The below warning will appear advising that it is recommended to install the Remote Desktop Session Host prior to installing any “client” applications. ![]() Because this is a new install of Windows 2. R2, I can ignore this warning and click Next. You will now be required to specify an Authentication Method for the Remote Desktop Session Host. The two options provided below are as follows; Require Network Level Authentication: This is more secure as user authentication occurs before a full remote desktop session is established, however it is only supported by Remote Desktop Client 6 and greater running on Windows Vista or Windows XP SP3 (Windows 7 is equipped with Remote Desktop Client 7) as they are the only current operating systems that support Credential Security Support Provider (Cred. SSP) protocol. Please be aware that the Cred. SSP is turned off by default on Windows XP SP3 and must be turned on via the registry. Please refer to the following Microsoft KB article for more details http: //support. Do not require Network Level Authentication: This is less secure because authentication occurs later in the connection process, however is supported by all Remote Desktop clients and all versions of Windows. More information can be found in the following Tech. Net article, Configure Network Level Authentication for Remote Desktop Services Connections; http: //technet. We will select Require Network Level Authentication. Click Next. Specify your Licensing Mode. Click Next. You will then be prompted to select user groups that you would like to provide access to the Remote Session Host Server. By Default, the “Administrators” group is added and I will also be adding a security group that I have created specifically for my Remote Desktop Users. Users or User groups added in this section will be automatically added to the local Remote Desktop Users group. Click Next. The next screen will allow you to configure the client experience providing your end users with similar functionality and visual experience found from a Windows 7 desktop. Port 3389 is the home of the remote desktop protocol that powers Remote Desktop Services on all modern versions of Windows. If your system has Remote Desktop enabled.I will be selecting all 3 options provided, with one of the enhancements to Remote Desktop Services in R2 being the ability to provide users with a much better Video playback experience than in previous releases. It does so by offloading the actual video playback to the local graphics processing unit. More information on Multimedia Redirection Improvements in Windows 7 and WS2. R2 can be found here; http: //blogs. Click Next. The next screen provides you with the ability to configure discovery scope for RD licensing. Following Microsoft’s recommendation, I will not configure a discovery scope for the license server and will utilise the inbuilt RDS Host configuration tool instead. Click Next. The next screen is requesting a server authentication certificate for SSL encryption. To simplify matters during the installation I will select create a self- signed certificate for SSL encryption and will discuss this in more detail in part 2 of this series. Recall, the RD Gateway is designed to provide users with the ability to log onto a Remote Desktop Host via the Internet and SSL. Windows 2. 00. 8 first introduced the TS Gateway which incorporated 2 types of policies TS CAP and TS RAP. These have been superseded in Windows 2. ![]() Vista’s Remote Desktop Connection feature allows you to connect to your computer remotely as if you were sitting right in front of it. By default, only one user can. ![]() R2 with; you guessed it, RD CAP and RD RAP. Here is a brief primer on the two; RD CAP (Remote Desktop Connection Authorisation Policy): Here you will specify users and groups who will have the ability to connect to a Remote Desktop Gateway Server. With an RD CAP you can also specify conditions for specific users and groups such as, you can only connect to this RD Gateway if you are using a smart card. RD RAP (Remote Desktop Resource Authorisation Policy): After providing users and groups the ability to authenticate with an RD Gateway, RD RAP provides you with the ability to specify which computers located in the internal network are accessible to your user groups. Don’t worry too much if you don’t get everything right in the wizard as all of these options are configurable post wizard installation. Notice, I have created a specific Active Directory Group called “Remote Desktop Computers” in which I have added computers with Remote Desktop enabled. ![]() ![]() Click Next. The next part of this wizard provides you with a primer on Network Policy and Access Services. Click Next. Leave Network Policy Server selected. It is worthwhile printing and or saving this information via the available hyperlink to form part of your documentation. The installation process will now begin and you will be presented with the installation results screen below notifying you of completion. Click Close and then restart your server to complete the process. Upon shutdown, restart and logon, Windows will proceed with the installation and configuration of our roles and services. That’s it for now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |