Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  36. Shares
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 Terminal Services

Terminal services may be provided by Windows 2000 server computers. Terminal services can allow remote computers to run desktops and applications on a server as though it is running locally. This is similar to the functionality provided by X on UNIX and Linux platforms. Keystrokes and mouse action information is sent from the client to the server over the network and visual display information is sent back to the client from the server. Terminal services offer the following advantages:

  • Since the computing is done on the server side, the terminal computer can be an older PC that is not powerful and it does not even require a hard drive.
  • Administration of applications is easier since they are run on the server only.
  • Users on the client computers cannot accidently misconfigure their computers, since there is virtually nothing to configure.

Modes

  • Remote administration - The terminal server may be remotely managed, but applications cannot be run remotely.
  • Application server - The terminal server may be remotely managed, and applications can be run remotely.

Licensing

No license is required for remote administration mode, but licensing is required for application server mode. The application server mode will run for 90 days without a license. Licensing is done on a per seat basis which means there must be a license for each computer that will access the terminal server. To set up licensing:

  1. Use the "Add/Remove Programs" control panel applet to install "Terminal Services Licensing". It contacts the Microsoft Clearinghouse database to verify licensing.
  2. Select either "Your entire enterprise" or "Your domain or workgroup" for the license option.

Required licenses:

  • Windows 2000 Server license
  • Windows 2000 Server client access license for each computer to connect.
  • Windows 2000 Professional license or Windows 2000 Terminal Services Client Access License (TSCAL) for each client.

Additional licenses that may be purchased:

  • Windows 2000 terminal Services Internet Connector License - For up to 200 users to connect over the internet.
  • Work at Home Terminal Services Client Access License - For each user using the Terminal Services to work from home.

Terminal Services licensing uses the Microsoft Clearinghouse database to verify licensing.

Installation

The control panel "Add/Remove Programs" applet is used to install terminal services. Select "Add/Remove Windows Components", and select "terminal Services". Set up terminal services in remote administration mode or application server mode during installation. Another option is to make permissions compatible with Windows 2000 users or make permissions compatible with Terminal Server 4.0 users. The former setting is more secure, but most legacy applications won't run with that setting. If running in application server mode, the recommended server hardware includes:

  • 600Mhz or faster microprocessor
  • 512MB or more RAM
  • Large hard drive

Components that are installed when Terminal Services is installed:

  • Client Creator Files - Has a wizard for creating installation disks for clients.
  • Enable Terminal Services - Used to turn terminal services on and off on the server.
  • Licensing

Win16 on Win32 (WOW) is used to translate 16 bit applications to a 32 bit operating environment by terminal services. Running 16 bit windows or MS-DOS applications is not recommended since it will cost additional processing power and memory due to the overhead of rinning the Win16 or DOS virtual machines.

Additional Administrative Tools from Terminal Services Installation

  • Terminal Services Client Creator - Used to create terminal services client boot disks.
  • Terminal Services Configuration - Allows management of terminal services setup.
  • Terminal Services Licensing - Management of client access licences (CALs).
  • Terminal Services Manager - Allows session and process monitoring.

Installing Applications

Applications to be used with terminal services must be installed after terminal services is installed. The applications must be installed in a multiuser format and on an NTFS partition. Terminal Services must be in "Install Mode" when an application is being installed. Once applications are installed, to run applications from terminals, Terminal Services must be in "Execute Mode". The control panel "Add/Remove Programs" applet is used to install the applications. Procedure:

  1. Install all applications.
    1. Start the control panel "Add/Remove Programs" applet.
    2. Select "All Users Begin With Common Application Settings".
    3. Follow the installation prompts.
  2. Run scripts in the SystemRoot\Application Compatibility Scripts\Install directory on the Windows 2000 Terminal server computer. There are scripts for several common applications, and these scripts optimize the applications to run with the terminal server. They add multiuser support, modify CPU intensive features, and modify the registry as required.
  3. Log off, then log on.
  4. Configure applications to use lower intensity video settings for maximum performance.
  5. For better performance turn off application features that run in the background.
  6. Remove the capability for applications to start other applications since this costs memory and performance.

The Change User command prompt command can also be used to install applications, but should be used to set up or confirm multiuser access capability for the application.

The most secure terminal services permissions mode is "permissions compatible with Windows 2000 users".

Client Configuration

The Terminal Services Client uses Remote Desktop Protocol (RDP) to connect to the server. Supported client systems:

  • Windows 2000
  • Windows 95, 98, Me
  • Windows NT 3.51 or 4.0
  • Windows for Workgroups 3.11

The Terminal Services Client creator was installed with the Terminal Services. This can be used to create a floppy disk for Win32 or Win16 systems to get the Terminal Services Client to the client machines. Another method is to share the terminal services directory in SystemRoot\system32\clients\tsclient\net\Win32 or Win16 and access the software across the network. The Windows for Workgroups system must use the Win16 folder.

Terminal Services Command line utilities

Commands:

CommandMeaning
change logonUsed to disable, enable, or check the status of logons
change portModify DOS com ports or query for the status of ports.
change userChange .ini file mapping for the current user. Applicable change user parameters are install, execute, and query.
cprofileRemove user's profile file associations
dbgtraceEnable or disable debug tracing
flattempEnable or disable temporary flat directories
logoffEnd a client session
msgSend a message to a client
query processDisplay process information
query sessionDisplay terminal services session information
query termserverDisplay terminal server list
query userDisplay logged on user list with information. Like "who" in UNIX.
registerRegister a program
reset sessionReset or delete a terminal session.
shadowMonitor or remotely control a Terminal Service session
tsconStart a Terminal Services session
tsdisconEnd a Terminal Services session
tskillTerminate a Terminal Server process
tsprofChange a user profile path or copy user information
tsshutdnShut down a terminal server.

Terminal Services Manager

The Terminal Services Manager is a graphical based administrative tool used to manage terminal services. It is used on the terminal server or on a client during a session. It will perform the same functions as the command set listed above. The most important functions include using remote control and monitoring and managing terminal services usage. The remote control ability will allow the administrator to take over a user's session. The user's remote control tab of the user's properties dialog box in "Active Directory Users and Computers" determines if the administrator can remotely control a user's session. Additionally it allows:

  • Finding a terminal services server remotely.
  • Making, managing, controlling, and ending sessions.
  • Connecting to another session.
  • Posting messages to sessions.

Terminal Services Configuration Tool

This is the Administrative Tool called "Terminal Services Configuration". To open the RDP-Tcp properties sheet, click on connections, right click on "RDP-Tcp", and select "Properties". The properties RDP-Tcp properties dialog box tabs are:

  • General - Can set the encryption level of the terminal session.
  • Logon Settings
  • Sessions - Can override user settings that are set in Active Directory Users and Computers. The maximum length of a session and idle session may be set here. Sessions may be manually disconnected. Also reconnection parameters may be set so it is only possible to reconnect from the original connecting client.
  • Environment
  • Remote Control
  • Client Settings - Can disable or enable print mapping, clipboard mapping, and LPT port mapping.
  • Network Adapter - The the number of possible connections.
  • Permissions - Set the permissions for users' access to connections.

Terminal Services can be used to remotely administer the server computer, but Microsoft recommends setting the following parameters:

  • Disconnected or idle sessions end after five minutes.
  • Override user settings so the session must end when the session limit is reached.
  • Disable wallpaper to save memory.
  • Set the encryption level to high.
  • Set the maximum number of connections to 1.
  • Change the registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server to 0.
  • Disable print mapping, clipboard mapping, and LPT port mapping.

User Settings for Terminal Services

These are settings in Active Directory Users and Computers that affect user Terminal Services sessions.

  1. Open "Active Directory User's and Computers"
  2. Right clock on the user to be configured for terminal services and select "Properties".
  3. The User's Properties Dialog box will open.

User's Properties Dialog box Tabs:

  • General
  • Address
  • Account
  • Profile
  • Telephones
  • Organization
  • MemberOf
  • Dial-in
  • Environment
  • Sessions - The maximum length of a session and idle session may be set here. Sessions may be manually disconnected. Also reconnection parameters may be set so it is only possible to reconnect from the original connecting client.
  • Remote control - Can allow a users session to be remotely controlled. It can be configured to require the user's permission and allow the session to be view or allow interaction in the session.
  • Terminal Services Profile - The user terminal services profile and terminal services home directory are set here.

The client can end a session by using the hot key combination that they selected.