Using Remote Desktop for Administration

Previous page
Table of content
Next page

Remote Desktop for Administration is one mode of the Terminal Services built into Windows Server 2003. Terminal Services can be enabled in one of two ways:

  • Terminal Server mode. This is the Application Server mode that was available in Windows 2000 Server.

  • Remote Desktop for Administration. This is an enhancement of the Remote Administration mode of Windows 2000 Server.

This second Terminal Services mode is used to administer Windows Server 2003 servers remotely. Remote Desktop for Administration provides remote access to the graphical interfacebased tools available in the Windows environment. Remotely managing servers with Remote Desktop for Administration does not affect server performance or application compatibility.

Unlike the other terminal service mode, no terminal server Client Access Licenses (CALs) are required to use Remote Desktop for Administration. Windows Server 2003 provides two remote administrative sessions, for collaborative purposes, and a console session.

Enhancements to Remote Administration with Remote Desktop Connection

By taking advantage of the new Terminal Services client, known as the Remote Desktop Connection (RDC), remote administration is enhanced in Windows Server 2003 in several ways.

The RDC supports a wide selection of hardware devices, so servers can be managed remotely from several different types of client hardware. The RDC is supported on the following hardware types:

  • 16-bit Windows-based computers running Windows for Workgroups with TCP/IP.

  • 32-bit Windows-based computers running every Windows OS from Windows 95 to Windows Server 2003.

  • Windows CE-based handheld devices.

  • Windows CE-based terminals, or thin clients .

The RDC allows for automatic restoration of interrupted network connections. This is key for remote administration. In the event that an administrator is disconnected in the middle of a mission-critical operation, the RDC will reconnect the session without losing the administrator's place in the operation.

The RDC supports a great deal of customization for the look and feel of a remote session. Providing high color , audio, and full screen sessions, the RDC allows you to control the graphic options and connection speed. This is an important feature because as you connect remotely to servers over a slow WAN link you will want to throttle the bandwidth usage for those particular sessions.

One of the biggest improvements to the RDC involves client resource redirection, which is available to Windows Server 2003 and Windows XP. You now have the capability to access local drives, network drives , and printers through the remote connection. Cut and paste, as well as large file transfers, can be accomplished between the client and server in a remote administration session.

Finally, in addition to the two remote sessions available for remote administration, Windows Server 2003 allows a console mode that enables you to connect to the "real" console of the server. Now administrative functions, such as some software installations that previously required local interaction, can be performed remotely.

Enabling Remote Desktop for Administration

Enabling Remote Desktop for Administration is a simple procedure. Unlike Windows 2000, the Remote Desktop for Administration feature is now a separately configurable component from Terminal Services and has some new flexibility options previously unavailable.

The Remote Desktop for Administration feature is actually installed by default in Windows Server 2003, but it is installed in a disabled status for security reasons. To enable the feature with a default Start menu configuration, perform the following steps:

  1. From the Control Panel, double-click the System icon.

  2. Choose the Remote tab.

  3. On the bottom of the screen, click the check box to Allow Users to Connect Remotely to your computer, as shown in Figure 8.1.

    Figure 8.1. Enabling Remote Desktop for Administration.

    graphics/08fig01.jpg

  4. Click OK to complete the configuration.

The default level of encryption for remote sessions

The default level of encryption for remote sessions is bidirectional 128-bit. Some older terminal service clients might not support 128-bit encryption.


If the Windows Server 2003 will be accessed remotely from a terminal server client that does not support high encryption, the encryption level of the remote session can be set to Client Compatible. This encryption level will provide the highest level of encryption to the remote session supported by the client. To change the default encryption level on the server to Client Compatible, follow these steps:

  1. Open Terminal Services Configuration from All Programs\Administrative Tools.

  2. In the right pane, under the Connection column, right-click RDP-Tcp, and choose Properties.

  3. Set the encryption level to Client Compatible, as shown in Figure 8.2, and click OK to complete the configuration.

    Figure 8.2. Setting the encryption level for Remote Administration.

    graphics/08fig02.jpg

Best Practices for Remote Desktop for Administration

Understanding the following aspects of remote administration will enable system administrators to make the best use of the new Remote Desktop for Administration features in Windows Server 2003:

Use the Console Mode

With the new console mode of connection available in Windows Server 2003, you can interact with the remote server as if you are directly at the physical server. This enables you to see pop-ups and messages that might only appear at the console.

Configure Disconnect and Reset Timeouts

By default, disconnect and reset timeouts are not set. This has the potential to lock you out of remote sessions if there are two remote sessions that are active but in a disconnected state. On the flip side, when configuring the timeouts, allow enough time so that accidental disconnections can be resumed without resetting the session. By default, when a connection is broken, the session goes into a disconnected state and continues to execute whatever process it is running at that time. If the session is configured to reset when the connection breaks, all processes running in that session will be abruptly stopped . Disconnect and reset timeouts can be configured using the Terminal Services Configuration Administrative tool.

Preventing Eavesdropping

For security purposes, when you are using the console mode of remote administration, the physical console of the server is automatically locked to prevent eavesdropping.


Coordinate Remote Administration

With Windows Server 2003, administrators are able to collaborate through multiple remote sessions. This feature has potential problems, though, if two administrators are unknowingly connected remotely to the same server. For instance, server data might be lost if two administrators attempt to perform disk defragmentation from two remote sessions at the same time.

Distinguish Terminal Services from Remote Administration

Although administrators have the capability to install software through a Remote Desktop for Administration session, Terminal Services running in Terminal Server mode provides better installation and environment settings for office applications. For general desktop and remote application access functionality, use a dedicated Terminal Server solution.


Previous page
Table of content
Next page
Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325
Authors: Rand Morimoto, Andrew Abbate, Eric Kovach, Ed Roberts
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Image Processing with LabVIEW and IMAQ Vision
An Introduction to Design Patterns in C++ with Qt 4
File System Forensic Analysis
The Oracle Hackers Handbook: Hacking and Defending Oracle
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy