MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Four Windows Server 2008 Remote Desktop Services, Part 1
Objectives Describe the Remote Desktop Services capabilities in Windows Server 2008 Explain the enhanced Remote Desktop Services capabilities in Windows Server 2008 Describe the Remote Desktop Connection settings and Desktop Experience enhancements Publish remote applications Package Remote Desktop Services RemoteApp programs 2
Objectives (cont d.) Explain the Remote Desktop Services Web Access capabilities and install RD Web Access Describe Remote Desktop Gateway functionality and install the RD Gateway role service 3
Remote Desktop Connection Remote Desktop Connection (RDC) client software Used to connect a client computer to the Remote Desktop Session Host Communicates through virtual channels that operate in user mode or kernel mode Virtual channel Communication path in the Remote Desktop Protocol (RDP) Network Level Authentication Supported in RDP 6.0 and later 4
Activity 4-1: Display Remote Desktop Connection Properties Click Start, point to All Programs, point to Accessories Click Remote Desktop Connection Remote Desktop Connection dialog box is displayed View available tabs and see which settings are available from each tab Close all open windows 5
Figure 4-1 Remote Desktop Connection Cengage Learning 2012 6
The Desktop Experience Microsoft Desktop Experience Improves user experience when using Remote Desktop Services Intended to look and feel like a Windows 7 desktop Remote Connection display enhancements Enhanced display resolution Custom display resolutions Monitor spanning Font smoothing Display data prioritization 7
Table 4-1 Display and monitor commands configured in RDC Table 4-2 Display and monitor commands configured in mstsc.exe 8
Desktop Experience Enhancements User experience enhancement examples Customizable desktop themes Desktop Composition feature Windows Media Player Video for Windows Windows SideShow Disk Cleanup Sync Center Sound Recorder Snipping Tool 9
Activity 4-2: Install Desktop Experience Click Start, point to Administrative Tools, click Server Manager Right-click Features and select Add Features Add any features required for Desktop Experience Check the box for Desktop Experience Click Next Click Install and then click Close Click Yes when prompted to restart After reboot, click Close in the Installation Results dialog box 10
Figure 4-2 Add Features Wizard Cengage Learning 2012 11
Device Redirection Enables a device to be connected to the local device but be accessible through the Remote Desktop Services session Common devices that need to be redirected Plug and play devices Microsoft Point of Sale for.net devices Print devices Remote Desktop Easy Print Enables redirection of the default printer without having to match print drivers on client and server 12
Activity 4-3: Redirect Plug and Play Devices Click Start, point to All Programs, point to Accessories, click Remote Desktop Connection Remote Desktop Connection dialog box opens Click Options Click the Local Resources tab Click More Expand Supported Plug and Play Devices Choose device to redirect Check the Devices that I plug in later box Click OK and close the RDC dialog box 13
Figure 4-3 Local Resources Tab Cengage Learning 2012 14
Figure 4-4 Local devices and resources Cengage Learning 2012 15
Authentication and Single Sign-On Single sign-on Enables a user to enter credentials once and have access to other systems and services User credentials are passed on to application or system being accessed Requirements for single sign-on Client system must be Windows Vista or higher User rights or permissions must be adequate to access the application or system Client and host server must be in the same domain 16
Activity 4-4: Set Remote Desktop Session Host Server Authentication Click start, point to Administrative Tools, point to Remote Desktop Services Click Remote Desktop Session Host Configuration Right-click the name of the connection in the Connections section Click Properties Click the General tab Set the Security Layer value to Negotiate or SSL Click the Log on Settings tab Deselect Always prompt for password check box 17
Figure 4-5 Remote Desktop Session Host Configuration Cengage Learning 2012 18
Figure 4-6 RDP-Tcp Properties Cengage Learning 2012 19
Activity 4-4: Set Remote Desktop Session Host Server Authentication Click OK Close all windows (cont d.) 20
Activity 4-5: Enable Single Sign-On Capabilities Click Start, click Run, type gpedit.msc and press Enter to open the Local Group Policy Editor Expand Computer Configuration, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, and Security Note the Group Policy settings that can be configured Close all open dialog boxes and the Local Group Policy Editor window 21
Figure 4-7 Local Group Policy Editor Cengage Learning 2012 22
Figure 4-8 Security settings Cengage Learning 2012 23
Remote Desktop Services Role Need to install this role to install and configure the Remote Desktop Services capabilities on a system Installed in similar manner as other roles Add Role Wizard walks you through the process Remote Desktop Services role services examples RD Session Host RD Web Access RD Licensing RD Gateway RD Connection Broker 24
Activity 4-6: Install Remote Desktop Services Click Start, point to Administrative Tools, click Server Manager Click Roles in the left pane, then click Add Roles in Roles Summary The Add Roles Wizard s Before You Begin page displays Click Next Check the Remote Desktop Services box on the wizard s Select Server Roles page 25
Figure 4-9 Server manager Cengage Learning 2012 26
Figure 4-10 Select Server Roles Cengage Learning 2012 27
Activity 4-6: Install Remote Desktop Click Next Services (cont d.) Click Next on the Remote Desktop Services page Check Remote Desktop Session Host on the Select Roles Services page Click Next The Uninstall and Reinstall Applications for Compatibility page displays Click Next Select the desired authentication method and click Next 28
Figure 4-11 Select Role Services Cengage Learning 2012 29
Figure 4-12 Specify Authentication Method for Remote Desktop Session Host Cengage Learning 2012 30
Activity 4-6: Install Remote Desktop Services (cont d.) Select the desired licensing mode and click Next Add the desired users or groups and click Next Select the desired functionality and options on the Configure Client Experience page Click Next Confirm that settings are correct Click Install, click Close, and click Yes to restart When server reboots, close the Installation Results window 31
Figure 4-13 Specify Licensing Mode Cengage Learning 2012 32
Activity 4-7: Change between Install Mode and Execute Mode Click start, click Run, type cmd, click OK to open the command prompt To see help information about user modes, enter change user /? To change to Install mode, enter change user /install To change to Execute mode, enter change user /execute Close the command prompt 33
Figure 4-14 /install and /execute commands Cengage Learning 2012 34
Publishing Remote Applications RemoteApp New capability in Windows Server 2008 Supported only by clients running RDC 6.1 or higher Enables publishing individual applications instead of having to publish the entire desktop Three types of profiles Local Roaming Mandatory RemoteApp Manager used to manage applications 35
Activity 4-8: Add to the RemoteApp Programs List Click Start, point to Administrative Tools, click Server Manager Expand Roles, Remote Desktop Services, and click RemoteApp Manager (servername) Click Add RemoteApp Programs in Actions pane The RemoteApp Wizard opens Click Next Select desired applications to add to the RemoteApp program list Click Next and click Finish 36
Figure 4-15 RemoteApp Manager Cengage Learning 2012 37
Figure 4-16 Choose programs to add to the RemoteApp Programs list Cengage Learning 2012 38
Packaging RemoteApp Programs Aspects of packaging RemoteApp programs Defining location where package will be saved Selecting Remote Desktop Session Host settings Selecting Remote Desktop Gateway settings Selecting certificate settings 39
Activity 4-9: Package RemoteApp Programs Open RemoteApp Manager Select application you want to create a package for and click Create Windows Installer Package The RemoteApp Wizard displays Click Next Select the location to save the package Modify settings Click Next 40
Figure 4-17 RemoteApp Manager Cengage Learning 2012 41
Figure 4-18 Specify Package Settings Cengage Learning 2012 42
Activity 4-9: Package RemoteApp Programs (cont d.) Select where shortcut icons will appear on the client computer Select Start menu folder Enter a folder name, such as Remote Programs Click Next and click Finish 43
Figure 4-19 Configure Distribution Package Cengage Learning 2012 44
Remote Desktop Web Access Can be used to distribute RemoteApp programs Installed as a server role on server users will connect to Client computers must have RDC 6.1 or higher Integrates with IIS to provide access to applications Applications are displayed as icons in Web browser When client clicks icon, RD Web Access server creates the RDP file Client can launch application from the server 45
Activity 4-10: Install Remote Desktop Web Access Click Start, point to Administrative Tools, click Server Manager Click Remote Desktop services in Roles Summary If role is not installed, need to install it first Click Add Role Services in the Role Services area Select the Remote Desktop Web Access check box 46
Figure 4-20 Select Role Services Cengage Learning 2012 47
Activity 4-10: Install Remote Desktop Web Access (cont d.) If required roles for Remote Desktop Web Access are not installed, you will be prompted to install them Click Add Required Role Services to install the required roles, if necessary Click Next If IIS needs to be installed, click Next on the introduction page, click Next on the Role Services for IIS page, then click Install Click Close 48
Figure 4-21 Add Role Services Cengage Learning 2012 49
Figure 4-22 Installation Results Cengage Learning 2012 50
Remote Desktop Gateway Establishes an HTTPS connection Encapsulates RDP traffic with SSL encryption Creates a secure connection for remote access Users do not have to create VPN connection Remote users can connect to internal resources behind the firewall and network address translators Used for secure access to RemoteApps through RD Web Access Can be implemented with an ISA server or other VPN solution for added security 51
Activity 4-11: Install Remote Desktop Gateway Role Service Click Start, point to Administrative Tools, click Server Manager Click Remote Desktop Services in Roles Summary Click Add Role Services in the Role Services area Select the Remote Desktop Gateway check box Click Next Click Add Required Roles Services Click Next 52
Figure 4-23 Add Role Services Cengage Learning 2012 53
Activity 4-11: Install Remote Desktop Gateway Role Service (cont d.) Select the desired SSL encryption Click Next The Create Authorization Policies for RD Gateway page displays Click Next Click Add and select the groups that can connect through the Remote Desktop Gateway Click Next Select desired options on the Create an RD Cap for RD Gateway page 54
Figure 4-24 Choose a Server Authentication Certificate for SSL Encryption Cengage Learning 2012 55
Figure 4-25 Create Authorization Policies for RD Gateway Cengage Learning 2012 56
Activity 4-11: Install Remote Desktop Gateway Role Service (cont d.) Select desired options on the Create an RD RAP for RD Gateway page, and click Next Click Next on the Network Policy and Access Services page Confirm that the Network Policy Server role is selected and click Next Click Next on The Web Server (IIS) page Change or accept the default roles and click Next Review installation selections, click Install, and click Close when installation completes 57
Figure 4-26 Confirm Installation Selections Cengage Learning 2012 58
RD CAPs and RD RAPs Remote Desktop Connection Authorization Policies (RD Caps) Enable specifying which users can connect to the RD Gateway server Specify requirements users must meet to connect Remote Desktop Resource Authorization Policies (RD Raps) Enable specifying network resources that users can connect to Will be covered in more detail in Chapter 5 59
Summary Remote Desktop Services allows users to remotely access another system and programs on the remote system Remote Desktop Connection (RDC) client software is used to connect Windows Desktop Experience improves user feel and experience when using an RDC Device redirection enables a locally connected device to be accessible through a Remote Desktop Services session 60
Summary (cont d.) Single sign-on enables users to enter credentials once and access other systems and services RemoteApp enables you to publish individual applications instead of having to publish the entire desktop Remote Desktop Web Access can be used to distribute RemoteApp programs Remote Desktop Gateway can provide security and encryption when remote users access the server 61