Windows Server 2008 R2 Unleashed (180 page)

Remote Desktop for Administration

Remote Desktop for Administration is included and installed with the Windows Server

2008 R2 operating system and only needs to be enabled. This eases automated and unat-

tended server deployment by allowing an administrator to deploy servers that can be

managed remotely after the operating system has completed installation. This mode can

also be used to manage a headless server, which reduces the amount of space needed in

any server rack. More space can be dedicated to servers instead of switch boxes, monitors,

keyboards, and mouse devices.

The Remote Desktop for Administration limits the number of terminal sessions to only

two parallel connections (three, if the administrator uses session 0, the local console), and

only local administrators can connect to these sessions by default. No additional licenses

are needed to run a server in this Remote Desktop mode, which allows an administrator to

perform almost all the server management duties remotely.

Even though Remote Desktop for Administration is installed by default, it has to be

enabled. Some organizations might see using this feature as an unneeded security risk and

choose to keep it disabled or limit access to remote sessions. However, Remote Desktop for

Administration can also easily be enabled by using a group policy, a PowerShell-based

command/script, or good old manual means. Lastly, this mode of Remote Desktop is avail-

able in every Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003

ptg

version and, as mentioned before, Windows XP Professional, Windows XP Media Center

and Tablet PC Editions, Windows Vista Ultimate, Enterprise, and Business Editions, and

Windows 7 Ultimate, Business, and Professional.

NOTE

Starting with Windows Vista/Windows Server 2008 and on to Windows 7/Windows

Server 2008 R2, there have also been a number of changes to how Remote Desktop

works. A listing of these changes can be found in the “Why Implement Remote

Desktop Services” section found earlier in this chapter.

Remote Desktop Services

Remote Desktop Services allows any authorized user to connect to the server and run a

single application or a complete desktop session from their client workstation. Running

Remote Desktop Services requires the purchase of a Remote Desktop Services client access

license (CAL) for each simultaneous connection. To manage these CALs, a Remote

Desktop licensing server is needed to allocate and track the licenses for Remote Desktop

Services. The Remote Desktop Licensing role service can be installed on any Windows

Server 2008 R2 Standard, Enterprise, or Datacenter Edition member server.

It should also be noted that before installing applications that will be used in Remote

Desktop Services, it is recommended that administrators follow a strict validation process

to ensure that each application runs as it should in multiple user sessions. Some applica-

How Remote Desktop Works

927

tions might not be properly suited to run on a Remote Desktop server; in such cases,

extensive Remote Desktop Services application compatibility testing should take place

before deployment. The results of such testing can both determine if an application is

compatible and if any custom installation steps or scripts need to be created for these

applications to run correctly.

NOTE

Remote Desktop Services is not available in Windows Server 2008 R2 Web and

Windows Server 2008 R2 Itanium Editions.

Client-Side Remote Desktop Services

Windows XP Professional, Windows XP Media Center and Tablet PC Editions, Windows

Vista Ultimate, Enterprise, and Business Editions, and Windows 7 Ultimate, Business, and

Professional all have a scaled-down version of Remote Desktop. This version of Remote

Desktop allows a user to connect to a workstation and remotely take over the workstation

25

to run applications that he or she would normally run from their desk locally. As an

administration tool, this client-side Remote Desktop can be used to install software on an

ptg

end user’s workstation from a remote machine. Also, it can be used to log on to a user’s

desktop environment to remotely configure a user’s profile settings.

Remote Assistance

Remote Assistance is a feature that has been present in Windows since Windows Server

2003 and Windows XP Professional. This feature allows a user to request assistance from a

trusted friend or administrator to help deal with desktop issues and configurations. This

feature gives the end user the power to control what level of participation the remote

assistant can have. The remote assistant can be granted the ability to chat with the end

user, view the desktop, or remotely control the desktop. During remote assistance

sessions, both the end user and remote assistant can hand off control of the keyboard and

mouse. Remote assistance uses the underlying Remote Desktop Protocol (RDP) used by

Remote Desktop.

Remote Desktop Connection

The Remote Desktop Connection client is the newly improved and renamed Terminal

Server client. This full-featured client allows the end user to control Remote Desktop

session settings such as local disk, audio, and port redirection, plus additional settings

such as running only a single program or logging on automatically and so on. Remote

Desktop Connection information can be saved and reused to connect to Remote Desktop

Services with previously defined session specifications.

928

CHAPTER 25

Remote Desktop Services

Understanding the Name Change

As mentioned earlier in this chapter, Windows Terminal Services was renamed to Remote

Desktop Services in Windows Server 2008 R2. Table 25.1 lists the Terminal Services role,

role services, and related components that have been renamed and their new Windows

Server 2008 R2 name.

TABLE 25.1

Parameters and Values for Creating an Unattended Answer File

Previous Name

Windows Server 2008 R2 Name

Terminal Services

Remote Desktop Services

Terminal Server

Remote Desktop Session Host (RD Session Host)

Terminal Services Licensing (TS Licensing)

Remote Desktop Licensing (RD Licensing)

Terminal Services Gateway (TS Gateway)

Remote Desktop Gateway (RD Gateway)

Terminal Services Session Broker (TS

Remote Desktop Connection Broker (RD

Session Broker)

Connection Broker)

Terminal Services Web Access (TS Web

Remote Desktop Web Access (RD Web Access)

ptg

Access)

Terminal Services Manager

Remote Desktop Services Manager

Terminal Services Configuration

Remote Desktop Session Host Configuration

TS Gateway Manager

Remote Desktop Gateway Manager

TS Licensing Manager

Remote Desktop Licensing Manager

TS RemoteApp Manager

RemoteApp Manager

Understanding Remote Desktop Services

Although some of the features in Remote Desktop Services have already been touched on,

this section covers features that are important, new, or improved in Windows Server 2008

R2–based Remote Desktop Services.

RD Session Host

The Remote Desktop Session Host (RD Session Host) role service was previously known as

the Terminal Server role service in Windows Server 2008. This role service is used to host

Windows-based applications or a full Windows desktop for users who connect to an RD

Session Host using either Remote Desktop Connection or RemoteApp.

The new features that have been introduced in Windows Server 2008 R2 for the RD

Session Host role service are discussed in the following sections.

Understanding Remote Desktop Services

929

Per-User RemoteApp Filtering

Using per-user RemoteApp filtering, an administrator can now filter the list of RemoteApp

programs that are available to users when they log on to RD Web Access. Prior to this

feature being introduced, each user was presented with a list of all RemoteApp programs

regardless of whether they had rights.

Fair Share CPU Scheduling

In previous versions of Terminal Services, the Windows scheduler had a fair scheduling

policy that distributed processor time evenly across all threads of the same priority level.

Although this scheduling methodology was a good mechanism to prevent any one user

from completely monopolizing the CPU, it was not able to evenly distribute the processor

time based on dynamic loads. To better handle dynamic loads, the Fair Share CPU

Scheduling feature in Remote Desktop Services uses a Windows Server 2008 R2 kernel-level

scheduling mechanism to dynamically distribute processor time across sessions based on

the number of active sessions and load on those sessions.

NOTE

25

By default, the Fair Share CPU Scheduling feature is enabled. To disable this feature,

set the following Registry entry as 0:

ptg

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SessionManager\

DFSS\EnableDFSS.

Windows Installer RDS Compatibility

In previous versions of Terminal Services, only one Windows Installer installation was

supported at a time. This meant that user-related MSI actions (like personalization) were

limited to one concurrent run per Terminal Server. To streamline application deployments

to RS Session Host servers, the Windows Installer RDS Compatibility feature is designed so

that per-user application installations are queued by the RD Session Host server and then

handled by the Windows Installer.

NOTE

Windows Installer RDS Compatibility is enabled by default. You can disable this feature

by configuring the following Registry entry to 0:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal

Services\TSAppSrv\TSMSI\Enable.

Client Experience Configuration Page

During the installation of the RD Session Host role service using Server Manager, one of

the steps in the wizard is the Client Experience Configuration page. Using this page, an

administrator can configure the following client experience features:

. Audio and video playback redirection

. Audio recording redirection

930

CHAPTER 25

Remote Desktop Services

. Desktop composition (user-interface elements of the Windows Aero desktop experi-

ence within an RD Session Host session)

NOTE

When any of these features are configured using the installation wizard, the Desktop

Experience role service is also installed and Windows Audio service is started on the

RD Session Host server.

Roaming User Profile Cache Management

Caching of roaming profiles is often enabled in a Remote Desktop Services deployment to

improve end-user experience. Unfortunately, the profile cache tends to grow very large

and in certain cases can consume all the available disk space on a server. Roaming user

profile cache management is a new Remote Desktop Services feature that is designed to

limit the overall size of the roaming profile cache. When enabled and the roaming profile

cache has exceeded the specified size, Remote Desktop Services will continue deleting the

least recently used profiles until the cache size is below the defined quota.

NOTE

ptg

The profile cache size can be limited using the Group Policy setting Computer

Configuration\Policies\Administrative Templates\Windows

Components\Remote Desktop Services\Remote Desktop Session

Host\Profiles\Limit the Size of the Entire Roaming User Profile Cache.

When enabling this setting, both monitoring interval (in minutes) and a maximum size

(in gigabytes) must be defined.

Remote Desktop IP Virtualization

In certain cases, an application might require that each initialized instance of that applica-

tion must be assigned a unique IP address; for example, a CRM application that binds to a

temporary database instance, which is listening on a network port. In previous versions of

Terminal Services, these types of applications presented a deployment challenge for

administrators. However, by using the new Remote Desktop IP Virtualization, an IP

address can now be assigned to a remote desktop connection on a per-session or per-

program basis.

RD Virtualization Host

The Remote Desktop Virtualization Host (RD Virtualization Host) role service works in

conjunction with Hyper-V to host virtual machines for Remote Desktop Services. Users

can connect to a virtual machine using either RemoteApp and Desktop Connection or

Remote Desktop Web Access (RD Web Access). These virtual machines can either be

deployed as a personal virtual desktop (each user is assigned a unique virtual machine) or

part of a shared virtual desktop pool (a virtual machine is dynamically assigned).

Personal virtual desktops are assigned to individual users by using the Remote Desktop

Connection Manager. Users can only be assigned one virtual desktop; additionally, a

Understanding Remote Desktop Services

931

virtual desktop can only be assigned to one user. By keeping the relationship one-to-one,

all customizations that are made to a personal virtual desktop by a user are preserved and

available for future use.