Remote Desktop Services Remote Desktop Connection Remote Desktop Protocol Remote Assistance Remote Server Administration T0ols.

Microsoft Server 2008 R2

Remote Server Administration

Remote Server Administration

• Remote Desktop Services• Remote Desktop Connection• Remote Desktop Protocol• Remote Assistance• Remote Server Administration T0ols.

Remote Desktop for Administration

• Default implementation of Remote Desktop Services (formerly known as Terminal Services in 2003 ((formerly formerly known as Terminal Services-Remote Administration Mode in Server 2000))

• Two administrators can be logged onto a server a the same time performing remote administration

Remote Desktop for Administration

• It’s also possible to configure a server as a Remote Desktop Session Host server so that it can run desktop applications for remote users.– This is Terminal Services renamed!

• Two primary tools used for RDA are:– Remote Desktop Connection– Remote Desktop

Remote Desktop for Administration

• Three options1. Don’t allow Connections to this computer: Obvious2. Allow connections from computers running any version of

Remote Desktop (less secure): will allow RDC connections from clients older than 6.0. Supports users connecting via XP with older RDC.

3. Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure): RDC 6.0 or higher available on Vista and Windows 7, can be installed on XP running SP2 or later.

Remote Desktop for Administration

Remote Desktop for Administration

• When enabled, an exception is automagically created in the firewall on the local system.– Still uses port 3389

• Can be launched via command line or Run line by using mstsc.exe

Mstsc.exe /v:svreddc1 Connect to server named svreddc1

Mstsc.exe /f Connect in full screen mode

Mstsc.exe /span Connect utilizing multiple monitors

Remote Desktops

• A tool used to connect to remote computers• Allows you to connect to multiple computers

at the same time and switch between connections

• Can run one instance of the program with multiple connections versus only one connection in RDC.

• Must add feature through Remote Server Administration Tools

Remote Desktops

Remote Assistance

• Used to be primarily used for desktop systems• Not enabled by default on 2008 R2• Useful for remote office support for servers• Allows for remote control of system• Generates invitation with password that can’t

be changed.

Remote Assistance

Windows Remote Management Services

• Windows Remote Management Services (WinRM) will allow you to issue any command-line command from one computer against another. It utilizes two commands– The WinRM tool is executed on the remote server and

enables the server to listen and respond to WinRS requests

– The WinRS tool is executed from the command line on a desktop or other server accessed by an administrator. It allows the administrator to execute any command-line commands against the remote server

Windows Remote Services

• Enabling WinRM– It is not enabled by default.– RD Gateway enables WinRM– Enabled by doing the following:

– Prompts to allow following changes• Create WinRM listener on http://* to access WS-Man

requests to any IP on this machine• Enable the WinRM firewall exception• Configure LocalAccountTokenFilterPolicy to grant

administrative rights remotely to local users.

C:\WinRM quickconfig

Windows Remote Services

C:\WinRM enumerate WinRM/config/listener

Verify settings by typing:

Windows Remote Services

• Connect to server by typing:

C:\winrs –r:servername command

C:\winrs –r:w2k8r201 cmd

Remote Server Administration Tools

• RSAT replaces adminpack.• Available in 32bit and 64bit• Full access to administer network at your

desktop• Must be added after installation through

ProgramsAdd Windows Features• Can be used to administer 2003 domains, but

cannot use Active Directory Administrative Center inherently. Requires secure web services.

Questions