11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11

SYSTEMS ADMINISTRATION AND TERMINAL SERVICES

Chapter 12

Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 2

OVERVIEW

Manage a server by using Remote Assistance

Manage a server by using Terminal Services Remote Administration mode

Manage a server by using available support tools

Create a plan to offer Remote Assistance to client computers


OVERVIEW (CONTINUED)

Plan for remote administration using Terminal Services

Diagnose and resolve issues related to Terminal Services security

Diagnose and resolve issues related to client access to Terminal Services


REMOTE ADMINISTRATION OF WINDOWS SERVER 2003

Microsoft Windows Server 2003 provides a number of tools for remote administration, including the following: Microsoft Management Console (MMC) snap-

ins

HTML Remote Administration tools

Remote Desktop For Administration

Remote Assistance


THE MICROSOFT MANAGEMENT CONSOLE

The MMC provides a standardized, common interface for one or more tools known as snap-ins.

The MMC provides a window with two panes: The tree pane

The scope pane


NAVIGATING THE MMC


USING THE MMC MENUS AND TOOLBAR

MenuMenu CommandsCommands File Create a new console, open an existing console, add

or remove snap-ins, open recently used consoles, and an Exit command

Action Varies by snap-in

View Varies by snap-in

Favorites Allows for adding and organizing saved consoles

Window Open a new window; cascade, tile, and switch between open windows

Help General Help menu for the MMC as well as loaded snap-in Help modules


EXTENDING THE MMC WITH SNAP-INS

There are two types of snap-ins: Stand-alone

Extension


BUILDING A CUSTOMIZED MMC


CONSOLE OPTIONS


REMOTE ADMINISTRATION WITH THE MMC

Many MMC snap-ins allow you to redirect the focus of the snap-in to another domain or computer system.

Connections to remote systems are achieved by using the remote procedure call (RPC) protocol.

Remote administration using the MMC is limited to what can be performed with the available snap-ins.


HTML REMOTE ADMINISTRATION TOOLS


MANAGING SERVERS WITH REMOTE DESKTOP FOR ADMINISTRATION

Remote Desktop For Administration has the following characteristics: Uses Terminal Services

Allows two concurrent Remote Desktop connections

Enables the server to be managed as if the administrator is directly logged on to it at the console


ENABLING AND CONFIGURING REMOTE DESKTOP FOR ADMINISTRATION


REMOTE DESKTOP CONNECTION


CONFIGURING REMOTE DESKTOP


TERMINAL SERVICES TROUBLESHOOTING

Common causes of failed connections or problematic sessions with Terminal Services include the following: Network failures

Credentials issues

Policy restrictions

Number of concurrent connections


USING REMOTE ASSISTANCE

Allows users to request help from experts.

Experts can view or interact with a user’s session.

Users must issue an invitation to the expert.


CONFIGURING REMOTE ASSISTANCE

Using Control Panel

Using Group Policy


CREATING AN INVITATION


ACCEPTING AN INVITATION


OFFERING REMOTE ASSISTANCE TO A USER

You can configure Remote Assistance so that you can initiate troubleshooting without receiving an invitation from the user.

This behavior is configured through the Remote Assistance policy, which can then be deployed by Group Policy.


SECURING REMOTE ASSISTANCE

The client can break a Remote Assistance session by pressing Esc.

The user must be present to accept a Remote Assistance session.

Passwords for invitations should be communicated by a different secure means than the invitation.

Invitations should be issued for as short a period of time as possible.


SUPPORTING AND TROUBLESHOOTING TERMINAL SERVICES

Windows Server 2003 Terminal Services supports providing applications to multiple users running concurrent sessions.

Terminal Services allows you to connect old systems to to a Windows Server 2003 system in order to access and use new applications.

Use of Terminal Services can simplify software updates and security patches because the applications need only reside on one system.


INSTALLING AND CONFIGURING A TERMINAL SERVICES ENVIRONMENT

There are several key considerations related to the deployment of a terminal server environment: The Terminal Server component

Applications

Installation of Remote Desktop Connection

Licensing


THE TERMINAL SERVER COMPONENT

Terminal Services can be installed by using Add Or Remove Programs or the Configure Your Server Wizard.

Best practice dictates that domain controllers are not configured as terminal servers.

Terminal Services is memory and processor intensive.


APPLICATIONS

Whenever possible, you should always use the Add Or Remove Programs tool in Control Panel to install an application on a terminal server.

While in installation mode, Terminal Services manages the configuration of the application appropriately so that the application can run in multiuser mode.


INSTALLATION OF REMOTE DESKTOP CONNECTION

The Remote Desktop Connection (Mstsc.exe) is installed by default on all computers running Windows Server 2003 and Windows XP.

A shortcut to the client is located on the Start menu under All Programs\Accessories\Communications.

The Remote Desktop Connection client can be installed on systems running Windows 2000 by using Group Policy.


LICENSING

Each user that connects to Terminal Services on a system running Windows Server 2003 requires a Client Access License (CAL).

Use the Windows Components Wizard, which is found in Add Or Remove Programs, to install Terminal Server Licensing.

Terminal Server Licensing is managed by using the Terminal Server Licensing console in Administrative Tools.


MANAGING AND TROUBLESHOOTING TERMINAL SERVICES

Several tools exist that can configure terminal servers, Terminal Services user settings, connections, and sessions. Group Policy Object Editor

Terminal Services Configuration

Active Directory Users And Computers

Remote Desktop Connection client


POINTS OF ADMINISTRATION


CONNECTION CONFIGURATION

A user’s ability to connect and log on to a terminal server is determined by a number of factors: The connection on the terminal server must be

accessible.

Remote Desktop must be enabled.

The server must have available connections.

Encryption must be compatible.

The user must have the user logon right to log on to the terminal server.

Allow Logon To Terminal Server must be enabled.


DEVICE REDIRECTION

The Remote Desktop Connection client provides a range of device redirection options: Audio redirection Drive redirection Printer redirection Serial port redirection Line printer (LPT) and serial

communications (COM) port mapping Clipboard mapping


MANAGING SESSIONS AND PROCESSES


LOAD BALANCING TERMINAL SERVERS

The server clustering abilities of Windows Server 2003 allows terminal server clusters to be created.

A Session Directory is maintained by the servers in the cluster so that a user that is forced to reconnect to the cluster is provided with the open session that user previously had.

Implementing a terminal server cluster requires an excellent knowledge of both server clustering and Terminal Services.


REMOTE CONTROL


SUMMARY

Some snap-ins can be used to configure remote computers; others are limited to local computer access.

Remote Desktop For Administration allows administrators to administer a server from a remote location just as if they were logged on to the server locally.

To use Remote Desktop For Administration, an account must be a member of the Remote Desktop Users group.

Remote Assistance is available only on Windows XP and Windows Server 2003.

Remote Assistance is similar to Remote Desktop For Administration for the desktop, allowing remote viewing and control of remote computers.


SUMMARY (CONTINUED)

Two users are required for Remote Assistance: one user at the target desktop and the expert helper at another computer.

Port 3389, the same port used by Remote Desktop For Administration, must be open at the firewall for Remote Assistance sessions to be established.

Terminal Services provides applications in a multiuser environment.

A number of criteria must be met for a user to connect to a server using Terminal Services.

The security policy of a domain controller does not, by default, grant the Allow Logon To Terminal Server user right.


SUMMARY (CONTINUED)

Various Terminal Services settings can be configured on the client, in the user account, on the connection, or on the server.

Windows Server 2003 and the Remote Desktop Connection client support device redirection, including redirection of audio devices, printers, and disks.

To load balance terminal servers, you must configure a load-balancing technology such as Network Load Balancing or Domain Name System (DNS) round robin.

You can monitor and remotely control a user’s Terminal Services session by connecting to the terminal server with the Remote Desktop Connection client.

Remote Desktop For Administration and Terminal Services require permissions and user rights for users to connect with the Remote Desktop Connection client.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

Documents

systems administration

terminal services chapter

terminal services slide

mmc snapins

terminal services plan

terminal services5

terminal services7

terminal services9