Microsoft Small Business Server 2003 Unleashed

Now that the terminal server is set up, the licensing server configured, and the users able to log in, you can start working on managing the terminal server. You need to set up applications for the users to use, and you may want to customize some of the access settings for the server. You will probably also be called on to help users who are having problems on the terminal server. The next three sections of the chapter cover these and other items related to terminal server management.

Installing Applications

Installing applications on a terminal server sometimes requires a different process than installing applications on a normal workstation. One of the first things you will notice about a correctly configured terminal server is that users are not accessing the server with administrator rights. As such, you will not be able to use the Assign Applications Wizard to install applications through the SBS logon script like you can for user workstations. (See Chapter 16 for more information about the SBS logon script and review Chapter 10, "Workstation Security," for a discussion about user rights on the workstation.)

This is not the only difference in the terminal server world, however. Because the terminal server is essentially a really souped-up shared workstation, applications must be able to have multiple instances open by different users at the same time. Not all applications have been written this way and would cause problems if they were accessed the same way they are run on a workstation. To that end, the terminal server recognizes when you are installing applications and takes some extra steps to help applications run in this multiuser environment.

The preferred method for installing applications on a terminal server is to use the Add or Remove Programs interface. In the Add or Remove Programs window, click the Add New Programs button in the left menu; then click the CD or Floppy button. If the program to be installed is on CD or floppy, the Install Program Wizard finds the installer and lets you select it, or you can click Browse and search for the installer in a different location. After you locate and launch the application installer, the Install Program Wizard remains open in the background. After the program installation is complete, click Next in the Install Program Wizard and then click Finish to close the wizard.

Caution

Do not close the Install Program Wizard until the application installation has finished. The wizard warns you about this twice before you can close it so that you cannot accidentally close the wizard before the application installation has completed. The application may fail to work correctly if the Install Program Wizard finishes first.

Alternatively, you can simply run the application installer on the terminal server without going through the Add or Remove Programs interface. In some cases, the terminal server service recognizes that an application installer has been started and the service automatically launches the Install Program Wizard, but not all applications install in the same way, so the service cannot detect every installer and launch accordingly.

Best Practice: Installing Microsoft Office on a Terminal Server

The process for installing Office 2003 on a terminal server is much simpler than with earlier versions of Office. Microsoft has developed a web page (http://office.microsoft.com/en-us/assistance/HA011402071033.aspx) with information on preparing for a deployment of Office 2003 on a terminal server. Before you install Office on the terminal server, review this document and make sure that your licensing for Office is appropriate for use in a terminal server environment. Standard OEM or off-the-shelf installs of Office do not include the rights to run Office on a terminal server. Contact your Microsoft licensing specialist to ensure that you have the proper licenses necessary to run Office from the terminal server.

Running Terminal Services Configuration

The Terminal Services Configuration console provides an interface to view and modify settings related to the connection between the client and the terminal server. These options are divided into two areas in the console, which can be found in the Administrative Tools folder.

In the Connections folder of the console is the default RDP-tcp connection. The properties pane of the connection, shown in Figure 8.1, has eight tabs. Table 8.1 provides a summary of the settings available in each of these tabs.

Figure 8.1. Properties of the RDP-tcp connection in the Terminal Services Configuration console.

Table 8.1. Settings Tabs in the RDP-tcp Connection Properties

Tab Name

Settings

General

Security layer and encryption options; determines what level of security and encryption the connection will use

Logon Settings

User logon credential selection options; determines whether to accept the credentials provided by the client or to log on to a specific account

Sessions

Timeout and reconnection options; determines which timeout settings will be used

Environment

Initial program launch options; determines whether users get full desktop or just an application upon logon

Remote Control

Remote observation and control options, determines if and how use sessions can be remotely controlled or observed

Client Settings

Remote device connection options; determines what remote resources are made available in the terminal session

Network Adapter

NIC options; determines which NIC to use for the connection and how many simultaneous connections can be used

Permissions

Security options; determines which users or groups can access the connection

In most SBS installs, these settings do not need to be modified. For those concerned with the security of the remote connection, you could look at modifying the encryption settings available in the General tab. The FIPS Compliant setting allows for the strongest encryption on the connection, but some remote clients, including the Remote Desktop Client for Macintosh, do not support that level of encryption and would not be able to connect.

The other folder available in the Terminal Services Configuration console is the Server Settings folder, shown in Figure 8.2. The seven options available here are self-explanatory and govern all connections to the terminal server.

Figure 8.2. Terminal Server Configuration Settings include the licensing mode of the server.

Make note of the Licensing option in this area because this is where you can change the licensing mode of the server from Per User to Per Device. In most cases, you will want to use Per User. However, if you need to change the licensing mode of the server for troubleshooting purposes, this is where you would make that change.

Running Terminal Services Manager

The Terminal Services Manager console provides information about the active sessions on the terminal server. As shown in Figure 8.3, when the Terminal Services Manager console is first opened, it lists all the existing sessions on all the terminal servers in the environment. In most SBS installations, this mostly likely will be only one server. Note that this window does not show any information about the SBS server itself because it supports only remote administration.

Figure 8.3. Terminal Services Manager lists all sessions on the server.

For each session, several pieces of information are listed. Table 8.2 lists and describes the information available for the connection. In addition, the green head icon (shaded in Figure 8.3, the last connection in the list) indicates the currently active connection. When you have multiple connections to the terminal server, such as a console connection and an RDP connection as shown in Figure 8.3, this helps you identify which session you are in so that you do not accidentally log yourself out.

Table 8.2. Session-Specific Information in the Terminal Services Management Console

Column

Description

Server

Identifies the server hosting the session

User

Identifies the user who initiated the session

Session

Identifies the location of the session. This will be the Console, the RDP-tcp connection number, or Disconnected if the user has dropped the session

ID

Identifies each session with a unique number

State

Indicates whether the session is active or disconnected

Idle Time

Indicates how long the session has been idle

Logon Time

Indicates the time that the session was first established

The real power in the Terminal Services Manager console is in interacting with the different sessions. Although you can take some action on the sessions when logged in on the terminal server console, you will not get the full ability to manage the sessions until you connect to the server remotely. The following list describes the interaction options and how or when you might want to use them:

  • ConnectAllows you to take over the session. When you select this option, you are prompted to enter the password of the user who owns the session. After you enter the correct password, the user is disconnected from the session, and the session becomes active on your screen.

  • DisconnectDrops the user from the session. The session stays active on the server, but the user is no longer in control of the session, and the session state changes to Disconnected.

  • Send MessageAllows you to send a message to the user session through a pop-up box on the session screen. Useful for letting a user know if the server needs to be restarted or for other administrative communication.

  • Remote ControlAllows you to share control of the remote session with the user. Depending on the configuration set in the Terminal Services Configuration console, the user may need to grant you access to the remote control session, but by default this authorization is not needed. You can remotely control only an active session, not a disconnected one.

  • ResetKills the remote session immediately. All resources used by the session are immediately released, and any unsaved work in open applications is lost. Think of this as the remote equivalent of powering the session off.

  • StatusDisplays a window of TCP/IP statistics for the session.

  • Log OffDisconnects the user session, but by sending a logoff command to the session. This can be done on active and disconnected sessions and is safer than doing a Reset on the connection.

Your time spent in the Terminal Services Manager console will likely be for one of two reasons: remote controlling user sessions to assist with problems or clearing out disconnected sessions. One of the hardest lessons to teach new terminal server users is to use the Log Off button instead of the big X to close the terminal server session. In some cases, this can lead to multiple disconnected sessions for a single user, tying up system resources on the terminal server. Periodically, you need to run the Terminal Services Manager console to see whether there are scores of disconnected sessions, especially sessions that have been idle for long periods of time. If and when you find them, right-click on the session and select Log Off.

Related

Категории