New Server Features

Previous page
Table of content
Next page
   

Several new server features provide improved management of Terminal Services and the Windows Server 2003 family.

Improved Server Management

Most of these features make it easier than ever to manage servers, regardless of whether Terminal Services is installed:

  • Remote Desktop for Administration.

    Remote Desktop for Administration builds on the remote administration mode of Windows 2000 Terminal Services. In addition to the two virtual sessions that are available in Windows 2000 Terminal Services remote administration mode, an administrator can remotely connect to the real console of a server. Tools that would not work in a virtual session before, because they kept interacting with "session 0," will now work remotely.

  • Connecting to the console.

    To connect to the console, administrators can choose one of the following methods :

    • Use the Remote Desktop Microsoft Management Console (MMC) snap-in.

    • Run the Remote Desktop Connection (mstsc.exe) program with the /console switch.

    • Create Remote Desktop Web Connection pages that set the ConnectToServerConsole property.

  • Activating Remote Desktop and Terminal Services.

    Unlike Windows 2000 Server, which had a dual-mode Terminal Services component, Windows Server 2003 separates the remote administration and Terminal Services functionality into separate configurable components. Remote Desktop for Administration is enabled through the System control panel's Remote tab, as shown in Figure 7-3. Terminal Services is enabled by adding the Terminal Server component using the Windows Components portion of the Add/Remove Programs Wizard.

    Figure 7-3. Remote Desktop is installed by default and is easily enabled on the Remote tab of the System control panel.

    graphics/f07xo03.jpg

Additional Management Features

The following features enhance the manageability of Terminal Services in Windows Server 2003:

  • Group Policy.

    Group Policy can be used to control Terminal Services properties. This enables configuration of groups of servers simultaneously , including settings for new features such as per-computer Terminal Services profile path and disabling wallpaper while connected remotely.

  • Windows Management Interface provider.

    A full Windows Management Instrumentation (WMI) provider allows for a scripted configuration of Terminal Services settings. A number of WMI aliases are included to provide a simple front end for frequently used WMI tasks .

  • Active Directory Service Interfaces.

    An Active Directory Services Interface (ADSI) provider gives programmatic access to per- user Terminal Services profile settings such as Home Directory, Remote Assistance permissions, and others.

  • Printer management.

    Printer management has been improved in the following ways:

    • Printer driver mapping has been enhanced to provide better matching in near- miss cases.

    • When a driver match can't be made, the Trusted Driver Path lets you specify other standard printer drivers that you sanction on your terminal servers.

    • The print stream is compressed for better slow-link performance between a server and a client.

  • Terminal Services Manager.

    An improved Terminal Services Manager allows for easier management of larger arrays of servers by reducing automatic server enumeration. This gives direct access to arbitrary servers by name and provides for a list of favorite servers.

  • Terminal Server License Manager.

    The Terminal Server License Manager has been dramatically improved to make it easier to activate a Terminal Server license server and assign licenses to it.

  • Single-session policy.

    Configuring the single-session policy lets an administrator limit users to a single session, regardless of whether it is active ”even across a farm of servers.

  • Client error messages.

    More than 40 new client error messages make it easier than ever before to diagnose client connection problems.

Enhanced Security

The Terminal Server access model now conforms better than before to Windows Server management paradigms :

  • Remote Desktop Users Group.

    Instead of adding users to a list in the Terminal Services Connection Configuration (TSCC) program, you simply make them members of the Remote Desktop Users (RDU) group. For example, the administrator can add the Everyone group to the RDU group to allow everyone to access the terminal server. Using a true Windows NT group also means that access to terminal servers can be controlled through Group Policy across groups of servers. To use per-NIC permissions on multi-NIC servers, administrators must still use TSCC.

  • Security Policy Editor.

    For additional customization, Terminal Services user rights can be assigned to individual users or groups, using the Security Policy Editor. Doing so will give those users the ability to log on to a terminal server without having to be a member of the Remote Desktop Users group just described.

  • 128-bit encryption.

    By default, connections to terminal servers are secured by 128-bit bidirectional RC4 encryption ”when the clients support 128-bit encryption. (RDC is 128-bit by default.) It's possible to connect with older clients using encryption lower than 128 bits unless it's specified that only high-encryption clients be allowed.

  • Software restriction policies.

    Software restriction policies in Windows Server 2003 enable administrators to use Group Policy to simplify locking down terminal servers (and any other Windows Server 2003 “based computer) by allowing only certain programs to be run by specified users. This built-in Windows feature replaces the AppSec (Application Security) tool used in previous versions of Terminal Services.

  • Session Directory.

    Terminal servers can be organized into farms. This configuration allows clusters of load-balanced computers to appear to their users as a single fault-tolerant service. The new Session Directory feature in Terminal Services allows users to reconnect to the specific disconnected session they've left within a farm, rather than just being directed to the least loaded server when they connect. Session Directory can use the Windows Load Balancing Service or a third-party load balancer, and the service can run on any Windows Server 2003 “based computer. However, members of the terminal server farm must be running Windows Server 2003 Enterprise Edition.

   
Top

Previous page
Table of content
Next page
Introducing Microsoft Windows Server 2003
Introducing Microsoft Windows Server(TM) 2003
ISBN: 0735615705
EAN: 2147483647
Year: 2005
Pages: 153
Authors: Jerry Honeycutt
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Strategies for Information Technology Governance
The CISSP and CAP Prep Guide: Platinum Edition
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy