Windows Server 2008 R2 Unleashed (191 page)

different port for RDP traffic.

NOTE

Only clients using RDP version 5.1 or later can connect to the nonstandard port. Also,

after the port is changed, the RD Session Host server or RD Virtualization Host server

must be restarted.

Supporting Remote Desktop Services

Supporting Remote Desktop Services involves more than just proper configuration; it also

involves supporting end users, installing and maintaining applications, and securing and

optimizing Remote Desktop settings, among other server duties.

982

CHAPTER 25

Remote Desktop Services

Using the Role Administration Tools

For the Remote Desktop Services role, a number of different role administration tools can

be used to manage the role and its role services. When the role or role service is installed,

its corresponding Role Administration Tool is also installed. However, in some cases, an

administrator might want to manage a role service using a remote Windows Server 2008

R2 or Windows 7 machine. In these cases, using Server Manager, an administrator can

install the Remote Server Administration Tools for the Remote Desktop Services role and

all of its corresponding role services.

Using the Remote Desktop Services Manager

The Remote Desktop Services Manager (tsadmin.msc) can be used to manage sessions on a

Remote Desktop Session Host server. Process and resource usage on the RD Session Host

server can be monitored here on a server or per-user basis. Also when an administrator

wants to remote control an existing Remote Desktop session, he or she can complete this

task from within the Remote Desktop Services Manager. Lastly, this tool can also be used

to send messages to active session users, disconnect, reset, or log off sessions.

Managing RDS Using the Command Line

ptg

In Windows Server 2008 R2, a number of command-line tools make Remote Desktop

Services administrative tasks much more flexible and scriptable. For a complete listing of

these commands, refer to the Windows Server 2008 R2 and the Windows Server 2008

online help. A few of the more useful commands are as follows:

. tskill.exe—This tool can be used to kill hung or stuck processes or applications in

any active session without having to connect to the session using remote control.

. Shadow.exe—This tool initiates a shadow or remote control session from a command

prompt or script.

. Query.exe {Process, Session, Termserver, User}—This tool allows the adminis-

trator to query a particular server to get a list of current active and inactive sessions

and processes.

Remotely Managing a Remote Desktop Session

Remote Desktop users might require support for tasks such as mapping to a file share,

installing a third-party printer driver, or just troubleshooting issues within the terminal

session. While using the remote control features of Remote Desktop Services, an adminis-

trator can interact with users in active sessions with view-only access or complete remote

control functionality. The amount of access given to an administrator during a remote

control session can be set by the user, but it can be configured at the server level by the

administrator.

An administrator can remotely control a user’s session only from within a separate Remote

Desktop session. The remote control command can be initiated using Remote Desktop

Services Manager or the command-line tool Shadow.exe.

Supporting Remote Desktop Services

983

Managing Remote Desktop Services with PowerShell

When the Remote Desktop Services role is installed, a PowerShell provider is also installed

that allows administrators to manage Remote Desktop settings using PowerShell. Once

installed, and a PowerShell console is opened, administrators can access the resulting

RDS: drive to manage a number of different settings that are organized into the following

directories:

.
RDSConfiguration—
Contains settings that apply to the RD Session Host role

service

.
Gateway—
Contains settings that apply to the RD Gateway role service

.
LicenseServer—
Contains settings that apply to the RD Licensing role service

.
ConnectionBroker—
Contains settings that apply to the RD Connection Broker

role service

.
RemoteApps—
Contains a list of published applications and their settings

.
RDFarms—
Contains settings that apply to RD Session Host server farms

25

Group Policy for RD Session Host Servers

ptg

Group Policy contains several Remote Desktop Services user and computer settings to

configure Remote Desktop sessions. An administrator can modify existing group policies

or create new group policies to manage Remote Desktop Services machine and user

settings. These Group Policy Objects (GPOs) can then be applied to RD Session Host

servers, virtual machines, or users located in an Active Directory site, domain, or organiza-

tional unit (OU) or based on a GPO filter.

Group Policy is the preferred method of standardizing Remote Desktop Services configura-

tions throughout Active Directory because user and machine configurations can be centrally

administered. Because so many Remote Desktop Services settings are available in Group

Policy, the following list outlines where Remote Desktop Services settings can be found:

. Computer Configuration\Windows Settings\Security Settings\Local

Policies\User Rights Assignment—User rights assignment can allow logon

through Remote Desktop Services as well as deny logon through Remote Desktop

Services, depending on the configuration setting.

. Computer Configuration\Administrative Templates\Windows Components\Remote

Desktop Services—Almost all Remote Desktop Services settings can be configured

here. Settings here override user or client configurations and also override settings

made in the User Configuration section of Group Policy.

. User Configuration\Administrative Templates\Windows Components\Remote

Desktop Services—User session settings can be configured in this section. Settings

here override user or client configurations.

A simple and effective way to manage the GPOs for your RD Session Host servers is to

create an OU for your RD Session Host servers and apply GPOs to the OU. Enabling the

984

CHAPTER 25

Remote Desktop Services

Computer Configuration\Administrative Templates\System\Group Policy\User Group

Policy Loopback Processing mode is very important if you want the user-context GPO

settings to take effect. The loopback processing can be set to either merge or replace.

Merging allows existing domain-based GPOs to merge with the ones for Remote Desktop

Services, whereas the replace option overrides all other settings and the Remote Desktop

Service–specific settings are only applied.

Applying Service Packs and Updates

Applying service packs and updates on an RD Session Host server or virtual machine should

follow the same strategy as outlined in the previous section “Installing Applications.” Test

all service packs and updates in an isolated lab environment prior to production release and

always create a backup of the system first to allow for rollback, if necessary.

Performing Disaster Recovery

The steps for backing up and restoring an RD Session Host server or virtual machine

should follow the same procedures as backing up and restoring a standalone server.

Administrators must be sure to back up any local user data, including profiles, and back

up the current server System State. The data and System State backup, accompanied with a

server build document, are all that an administrator needs to recover the RD Session Host

ptg

server or virtual machine. For detailed steps concerning the creation of server build docu-

ments and Windows Server 2008 R2 backup and recovery techniques, refer to Chapter 22,

“Documenting a Windows Server 2008 R2 Environment,” Chapter 30, “Backing Up the

Windows Server 2008 R2 Environment,” and Chapter 31, “Recovering from a Disaster.”

Summary

Windows Server 2008 R2 Remote Desktop Services is a flexible tool that can be used to

provide administrative, server-based computing, and virtual desktop functionality.

Depending on the needs of your organization, Remote Desktop Services can be deployed

to meet needs that range from centralized administration to remote access for business-

critical applications. With features like RD Web Access, RD RemoteApp, RD Gateway, RD

Virtualization Host, and so on, the ease and simplicity of using Remote Desktop Services

has never been more compelling.

Remote Desktop Services enables users and system administrators alike to perform job

functions productively from the office or remotely with simplicity.

Best Practices

985

Best Practices

The following are best practices from this chapter:

. Drain Remote Desktop connections when performing scheduled maintenance on an

RD Session Host server.

. When an RD Session Host server or virtual machine is due for an operating system

upgrade, if possible replace the server with a clean build and test all applications,

instead of performing in-place upgrades to avoid server or application failures.

. Place your RD Session Host and RD Virtualization Host servers where they can be

readily accessed by the clients that will primarily be using them.

. Whenever possible, choose applications that have been tested and certified by the

vendor to run on Windows Server 2008 R2 Remote Desktop Services.

. For optimum performance for multitiered applications, install two or more network

cards on an RD Session Host server and configure the server to use one exclusively

for RDC client connectivity and the others for back-end server communication.

25

. Use Group Policy to limit client functionality as needed to enhance server security,

and if increased network security is a requirement, consider requiring clients to run

ptg

sessions in 128-bit high encryption mode.

. When possible, try to never install the Remote Desktop Services role and then host

applications on a domain controller.

. It is recommended that applications always be grouped together based on usage. If

an application behaves badly or isn’t certified to run Remote Desktop Services, it

should be separated to dedicated servers in a farm.

. Try to treat RD Session Host servers as nodes that are dispensable. As such, try to

always build your RD Session Host servers using the same hardware and install the

same applications on them.

This page intentionally left blank

ptg

CHAPTER 26

IN THIS CHAPTER

Windows Server 2008
. Managing Desktops and

Servers

R2 Administration Tools
. Operating System Deployment

Options

for Desktops
. Windows Server 2008 R2

Windows Deployment Services

. Installing Windows Deployment

Services (WDS)

Windows Server 2008 R2 contains several services and

features that can be leveraged to simplify desktop and user

. Creating Discover Images

management for an organization’s computer and network

. Creating Custom Installations

infrastructure. Effectively managing an organization’s

Using Capture Images

computer and network infrastructure requires the ability to

support users locally and from remote locations; to perform

. General Desktop

Administration Tasks

remote configuration and administration of servers, work-

stations, and networking services and applications; and to

deploy or replace servers and workstations when systems

ptg

fail or are replaced with new hardware.

When a computer and network infrastructure utilizes

Windows Server 2008 R2 systems and Active Directory

Domain Services (AD DS), many of the included services

and features can simplify administrative tasks. For example,

domain group policies can be created and applied to differ-

ent sets of users and computers to automatically deploy

printers, configure wireless networking, redirect user folders

to server shares, set default security policies, and much

more. Having an Active Directory infrastructure allows orga-

nizations to deploy a role called Windows Deployment

Services. Windows Deployment Services (WDS) provides

administrators with the ability to deploy Windows Server

2008, Windows Server 2008 R2, Windows 7, Windows

Vista, and other legacy operating systems such as Windows

Server 2003 and Windows XP Professional to servers and

workstations (both physical and virtual machines) across

the network from a central console using unicast or multi-

cast communications. There are several requirements to

make the WDS deployment process work, but, essentially, a

system is booted up using PXE boot, connects to the WDS

system, selects an installation image, and the operating

system is deployed across the network automatically.

988

CHAPTER 26

Windows Server 2008 R2 Administration Tools for Desktops

Setting up and creating custom operating system deployments that suit a particular orga-

Other books

Treva's Children by David L. Burkhead
StripperwithSpice by Afton Locke
Bestias de Gor by John Norman
Angels Are For Real by Judith MacNutt
Well Hung by Lauren Blakely
Memoirs of a Porcupine by Alain Mabanckou
Better Than Okay by Jacinta Howard