Transcript Microsoft Certifications - Pacific IT Professionals

Server 2008 Terminal Services and
Remote Desktop Services
Basic application access is possible without Citrix, and
Server 2008 R2 adds on some key features.
Terminal Services on Server 2003
• Windows Server 2003 allowed user access to terminal services, but
only to the full desktop experience on the server.
• This was often confusing for the users who were less
computer-savvy.
• Required firewall to be open on port 3389.
• Need to add on Citrix Presentation Server to allow users to only
select the application they wanted, without being confused by the
addition of the full desktop.
2
New with Windows Server 2008
• Support for higher resolution desktops and spanning of multiple
monitors (if in a horizontal formation)
• Max resolution is now 4096x2048 instead of 1600x1200
• Plug and Play Device Redirection for Media Players and
Cameras
• Single Sign-On supported from Vista workstations
• Printing enhanced with TS Easy Print
• Requires client to have RDC 6.1 and .NET Framework
3.0 SP1
• TS RemoteApp, TS WebAccess and TS Gateway
(Also includes TS Licensing and TS Session Broker)
3
Terminal Services RemoteApp
• RemoteApp programs are accessed through Terminal Services
but appear to be running locally on the client machine.
• Multiple applications will share the same Terminal Services
session.
• Requirements:
• Clients must be either Server 2008, XP SP3, Vista SP1
or Windows 7
• Must be running RDC 6.1 (include with above OSes)
• Terminal Services Web Access must be used to access
the RemoteApp programs.
4
Terminal Services Web Access
• Users can visit a web
site to access a list of
available RemoteApp
programs.
• Presents an
experience similar to
Citrix Presentation
Server.
• Also allows access to
full terminal service
desktop if the user has
access rights.
5
Terminal Services Gateway
• TS Gateway uses RDP (Remote Desktop Protocol) over HTTPS
to establish a secure connection between remote users and the
terminal service machine.
• No VPN required.
• No need to open port 3389. Uses port 443 instead.
• Policies can be configured to limit who can connect, what they
can connect to, if device or disk redirection is allowed or if smart
card authentication is required.
• TS Gateway can also be integrated with NAP for additional
security.
• An externally trusted SSL certificate is require for the gateway
server.
6
Basic Setup Diagram
• The TS Gateway machine has a external IP address with the firewall
open for SSL
•The TS Web Access is installed on the same machine as the Gateway
•The TS RemoteApp server has all the published applications installed
7
TS Gateway Snap-In
8
TS RemoteApp Snap-In
9
What’s different from Citrix?
•
•
•
•
10
Users are prompted to log on twice – once to access the application
web page and then again to launch the first program from the
RemoteApp server.
• Any additional programs launch use the same TS session and
does not prompt for another password. (Server 2008 R2
improves the single sign-on experience)
With Server 2008, all the applications published on the RemoteApp
server are available to every user
• Server 2008 R2 allows for filtering the applications show via
security groups, but that not a native feature in Server 2008.
No support for Mac with the current Mac version of the RDC client.
Requires
Requires Internet Explorer for Active-X support.
What’s changed with Server 2008 R2?
• Terminal Services was renamed to “Remote Desktop Services”
• Improved multi-display support – now supports displays with
different resolutions (like a laptop with an external monitor
connected)
• System and Logon messages can be displayed to the remote
user. (RDC 7.0 client required)
• Forms based authentication allows for a more customizable
logon experience that can be imbedded in a web page. Server
2008 only provides the standard Windows authentication
prompt.
11
Caveat #1: XP SP3
XP SP3 supports the necessary TS ActiveX components, but they
are disabled in IE 7 for enhanced security.
Client machines will have to have the following keys in the registry
removed to activate the Add-On:
• HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Setti
ngs\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}
• HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Setti
ngs\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}
Caveat #2: Unsigned RDP Files
The RDP files need to be signed to prevent another few clicks for the
user.
Questions?
Jennelle Crothers
Email: [email protected]
Twitter: @jkc137
Blog: www.techbunny.com
14
About Jennelle Crothers
Jennelle Crothers is a Sr. Network Administrator for The Conservation &
Liquidation Office. Jennelle migrates, maintains and supports multiple
Microsoft AD configurations due to the function of the Conservation &
Liquidation Office which is to serve in receivership insolvent insurance
companies in the State of California. She is actively involved in Pacific IT
Professionals (formerly SFNTUG).
Jennelle is a Microsoft Certified Systems Engineer (MCSE): Messaging, an
MCITP: Enterprise Administrator and Window 7, as well as a MCTS for
Windows Virtualization and Exchange 2007. She is an MVP for the
Windows Desktop Experience.
When she is not playing on server equipment she enjoys raising dogs for
Guide Dogs for the Blind. She is married to her wonderful husband Dennis
and they live together in San Francisco, CA.
15