11 systems administration and terminal services chapter 12
TRANSCRIPT
11
SYSTEMS ADMINISTRATION AND TERMINAL SERVICES
Chapter 12
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 2
OVERVIEW
Manage a server by using Remote Assistance
Manage a server by using Terminal Services Remote Administration mode
Manage a server by using available support tools
Create a plan to offer Remote Assistance to client computers
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 3
OVERVIEW (CONTINUED)
Plan for remote administration using Terminal Services
Diagnose and resolve issues related to Terminal Services security
Diagnose and resolve issues related to client access to Terminal Services
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 4
REMOTE ADMINISTRATION OF WINDOWS SERVER 2003
Microsoft Windows Server 2003 provides a number of tools for remote administration, including the following: Microsoft Management Console (MMC) snap-
ins
HTML Remote Administration tools
Remote Desktop For Administration
Remote Assistance
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 5
THE MICROSOFT MANAGEMENT CONSOLE
The MMC provides a standardized, common interface for one or more tools known as snap-ins.
The MMC provides a window with two panes: The tree pane
The scope pane
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 6
NAVIGATING THE MMC
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 7
USING THE MMC MENUS AND TOOLBAR
MenuMenu CommandsCommands File Create a new console, open an existing console, add
or remove snap-ins, open recently used consoles, and an Exit command
Action Varies by snap-in
View Varies by snap-in
Favorites Allows for adding and organizing saved consoles
Window Open a new window; cascade, tile, and switch between open windows
Help General Help menu for the MMC as well as loaded snap-in Help modules
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 8
EXTENDING THE MMC WITH SNAP-INS
There are two types of snap-ins: Stand-alone
Extension
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 9
BUILDING A CUSTOMIZED MMC
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 10
CONSOLE OPTIONS
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 11
REMOTE ADMINISTRATION WITH THE MMC
Many MMC snap-ins allow you to redirect the focus of the snap-in to another domain or computer system.
Connections to remote systems are achieved by using the remote procedure call (RPC) protocol.
Remote administration using the MMC is limited to what can be performed with the available snap-ins.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 12
HTML REMOTE ADMINISTRATION TOOLS
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 13
MANAGING SERVERS WITH REMOTE DESKTOP FOR ADMINISTRATION
Remote Desktop For Administration has the following characteristics: Uses Terminal Services
Allows two concurrent Remote Desktop connections
Enables the server to be managed as if the administrator is directly logged on to it at the console
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 14
ENABLING AND CONFIGURING REMOTE DESKTOP FOR ADMINISTRATION
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 15
REMOTE DESKTOP CONNECTION
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 16
CONFIGURING REMOTE DESKTOP
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 17
TERMINAL SERVICES TROUBLESHOOTING
Common causes of failed connections or problematic sessions with Terminal Services include the following: Network failures
Credentials issues
Policy restrictions
Number of concurrent connections
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 18
USING REMOTE ASSISTANCE
Allows users to request help from experts.
Experts can view or interact with a user’s session.
Users must issue an invitation to the expert.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 19
CONFIGURING REMOTE ASSISTANCE
Using Control Panel
Using Group Policy
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 20
CREATING AN INVITATION
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 21
ACCEPTING AN INVITATION
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 22
OFFERING REMOTE ASSISTANCE TO A USER
You can configure Remote Assistance so that you can initiate troubleshooting without receiving an invitation from the user.
This behavior is configured through the Remote Assistance policy, which can then be deployed by Group Policy.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 23
SECURING REMOTE ASSISTANCE
The client can break a Remote Assistance session by pressing Esc.
The user must be present to accept a Remote Assistance session.
Passwords for invitations should be communicated by a different secure means than the invitation.
Invitations should be issued for as short a period of time as possible.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 24
SUPPORTING AND TROUBLESHOOTING TERMINAL SERVICES
Windows Server 2003 Terminal Services supports providing applications to multiple users running concurrent sessions.
Terminal Services allows you to connect old systems to to a Windows Server 2003 system in order to access and use new applications.
Use of Terminal Services can simplify software updates and security patches because the applications need only reside on one system.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 25
INSTALLING AND CONFIGURING A TERMINAL SERVICES ENVIRONMENT
There are several key considerations related to the deployment of a terminal server environment: The Terminal Server component
Applications
Installation of Remote Desktop Connection
Licensing
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 26
THE TERMINAL SERVER COMPONENT
Terminal Services can be installed by using Add Or Remove Programs or the Configure Your Server Wizard.
Best practice dictates that domain controllers are not configured as terminal servers.
Terminal Services is memory and processor intensive.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 27
APPLICATIONS
Whenever possible, you should always use the Add Or Remove Programs tool in Control Panel to install an application on a terminal server.
While in installation mode, Terminal Services manages the configuration of the application appropriately so that the application can run in multiuser mode.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 28
INSTALLATION OF REMOTE DESKTOP CONNECTION
The Remote Desktop Connection (Mstsc.exe) is installed by default on all computers running Windows Server 2003 and Windows XP.
A shortcut to the client is located on the Start menu under All Programs\Accessories\Communications.
The Remote Desktop Connection client can be installed on systems running Windows 2000 by using Group Policy.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 29
LICENSING
Each user that connects to Terminal Services on a system running Windows Server 2003 requires a Client Access License (CAL).
Use the Windows Components Wizard, which is found in Add Or Remove Programs, to install Terminal Server Licensing.
Terminal Server Licensing is managed by using the Terminal Server Licensing console in Administrative Tools.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 30
MANAGING AND TROUBLESHOOTING TERMINAL SERVICES
Several tools exist that can configure terminal servers, Terminal Services user settings, connections, and sessions. Group Policy Object Editor
Terminal Services Configuration
Active Directory Users And Computers
Remote Desktop Connection client
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 31
POINTS OF ADMINISTRATION
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 32
CONNECTION CONFIGURATION
A user’s ability to connect and log on to a terminal server is determined by a number of factors: The connection on the terminal server must be
accessible.
Remote Desktop must be enabled.
The server must have available connections.
Encryption must be compatible.
The user must have the user logon right to log on to the terminal server.
Allow Logon To Terminal Server must be enabled.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 33
DEVICE REDIRECTION
The Remote Desktop Connection client provides a range of device redirection options: Audio redirection Drive redirection Printer redirection Serial port redirection Line printer (LPT) and serial
communications (COM) port mapping Clipboard mapping
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 34
MANAGING SESSIONS AND PROCESSES
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 35
LOAD BALANCING TERMINAL SERVERS
The server clustering abilities of Windows Server 2003 allows terminal server clusters to be created.
A Session Directory is maintained by the servers in the cluster so that a user that is forced to reconnect to the cluster is provided with the open session that user previously had.
Implementing a terminal server cluster requires an excellent knowledge of both server clustering and Terminal Services.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 36
REMOTE CONTROL
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 37
SUMMARY
Some snap-ins can be used to configure remote computers; others are limited to local computer access.
Remote Desktop For Administration allows administrators to administer a server from a remote location just as if they were logged on to the server locally.
To use Remote Desktop For Administration, an account must be a member of the Remote Desktop Users group.
Remote Assistance is available only on Windows XP and Windows Server 2003.
Remote Assistance is similar to Remote Desktop For Administration for the desktop, allowing remote viewing and control of remote computers.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 38
SUMMARY (CONTINUED)
Two users are required for Remote Assistance: one user at the target desktop and the expert helper at another computer.
Port 3389, the same port used by Remote Desktop For Administration, must be open at the firewall for Remote Assistance sessions to be established.
Terminal Services provides applications in a multiuser environment.
A number of criteria must be met for a user to connect to a server using Terminal Services.
The security policy of a domain controller does not, by default, grant the Allow Logon To Terminal Server user right.
Chapter 12: SYSTEMS ADMINISTRATION AND TERMINAL SERVICES 39
SUMMARY (CONTINUED)
Various Terminal Services settings can be configured on the client, in the user account, on the connection, or on the server.
Windows Server 2003 and the Remote Desktop Connection client support device redirection, including redirection of audio devices, printers, and disks.
To load balance terminal servers, you must configure a load-balancing technology such as Network Load Balancing or Domain Name System (DNS) round robin.
You can monitor and remotely control a user’s Terminal Services session by connecting to the terminal server with the Remote Desktop Connection client.
Remote Desktop For Administration and Terminal Services require permissions and user rights for users to connect with the Remote Desktop Connection client.