Leveraging Terminal Services Features | Microsoft Windows Server 2003 Unleashed (R2 Edition)

Although some of the uses of Terminal Services have already been touched on, this section covers the features that enhance the basic Terminal Server sessions.

Using Local Resource Redirection Functionality

Terminal Services enables a Terminal Server client to redirect many of the local resources so they can be easily used within the Terminal Server session. Serial and printer ports can be made available in Terminal Server sessions to allow a user to send Terminal Server print jobs to locally configured printers, as well as access serial devices such as modems from within the Terminal Server session. Audio can also be redirected from a session to local sound cards to enable sound from the terminal session to be heard from local speakers. Also, the Windows Clipboard can be redirected to allow cutting and pasting between the Terminal Server session and the local workstation console.

Each of these resource redirections works only if the operating system and the Terminal Services client on the end user's workstation support these configurations. Some of these local resource redirections require user modification or reconfiguration for proper use. Some of the common changes are described next.

Disk Drive Redirection

Local disk drives can be redirected to Terminal Services sessions and appear in the Windows Explorer as networked drives using the naming convention local drive letter on computer namefor example, C on workstation5. There is no level of granularity here; all local drives are redirected, including floppy and CD-ROM drives. To access from a graphical window, simply browse the drive as you would a local or networked drive. Accessing this drive from the command prompt requires a little bit of education. Within a command prompt, the redirected local drives are referenced as \\tsclient\Drive letter. Directory listings can be created using this UNC, but for file transfer or quick browsing, a client should map a network drive letter to this local drive resource. To do so, follow these steps:

1.	Open a command prompt.
2.	Type `net use * \\tsclient\c`, where the local C: drive is the disk you want to access within the command-prompt window. The local drive is automatically mapped to the next available drive letter, starting from drive letter Z: and working backward through the alphabet.
3.	At the command prompt, type `Z:` and press Enter to connect directly to the mapped local drive and begin using this drive.

4.	After you finish working with this resource, disconnect the drive by typing `net use Z: /delete`, where the Z: drive is the local mapped drive.
5.	Close the command-prompt window. Caution The preceding steps refer to a machine called tsclient. You should not replace this name with the actual machine account name. The Terminal Server session recognizes the machine's local disk resources only from within a terminal session command window by tsclient, so do not consider this a substitute for the actual machine name.

Printer Redirection

With the Windows Server 2003 version of Terminal Services, locally defined print devices can also be redirected. This includes printers directly attached to the client workstation as well as network printers. When a client opens a Terminal Services session that is configured to redirect window printers as well as LPT ports, the Terminal Server attempts to install each printer for use in the Terminal Services session. If the local print device is using a print driver native to Windows Server 2003, the printer will be automatically installed and configured to the specifications configured on the end user's desktop. If the local print device is using a foreign driver, the printer must be installed and configured manually in the Terminal Services session. To install these types of printers, it is best to have an administrator install them; however, the end user can do so with the appropriate permissions. When the port is requested, the correct client workstation port must be specified. This port is named computername:PortX, where PortX is used to describe the type of portfor example, workstation1:lpt1.

Local Time Zone Redirection

Windows Server 2003 Terminal Server supports local time zone redirection. This allows a Terminal Server client connecting from a separate time zone to have the session time reflect the user's local time, enabling users to more easily comprehend the times, especially when reviewing emails.

Using Session Directory Server

Session Directory server introduces a new level of resilience and fault tolerance for Terminal Server session management. The Terminal Server allows a session to remain active even when the client becomes disconnected. This enables users who encounter network connectivity issues between the client and server to reconnect and resume the disconnected session where they left off. Users who need to take a break or attend a meeting can manually disconnect from a session. When a user returns, all the user needs to do is start a connection to the Terminal Server and the session will be resumed.

Many environments with large numbers of users to support sometimes use network load-balanced Terminal Server cluster farms to evenly distribute the session load across multiple servers. If a user forcibly or unexpectedly disconnects from a Terminal Server session on a clustered Terminal Server, chances are that upon reconnection the user will be connected to a different cluster node and start a new session. This occurs because session information is not shared between cluster nodes.

With the introduction of the Session Directory server, participating Terminal Server cluster nodes send session information to the Session Directory server, where it is maintained. When a Terminal Server is part of a cluster that uses a Session Directory server, it sends a list of active sessions to the server periodically. When a user connects to a Terminal Server cluster to start a session, the particular Terminal Server node checks with the Session Directory server to make sure the user does not already have an active session on another Terminal Server cluster node. If a session is active, the user is redirected to the correct server to resume the disconnected session; otherwise, the session is started on the node that first answered the request.

The Session Directory server service is installed on all Windows Server 2003 Enterprise and Datacenter servers. The service need only be configured to run automatically to start using it. The Terminal Server cluster nodes must be configured to participate in a Terminal Services cluster and to send session information to the Session Directory server. This can be configured throughout the enterprise using Terminal Server Manager or Group Policies that apply to the Terminal Server computer objects. Also, for security purposes, each Terminal Server using the Session Directory server must be made a member of a local group on the Session Directory server called Session Directory Computers.

Tip

For best performance and to eliminate the risk of overlapping Terminal Services sessions, configure each Terminal Server node in a cluster to restrict each user to one Terminal Services session through Group Policy or in the Terminal Services Configuration (TSCC) snap-in.

Granular Session Control

With the addition of many great features in Terminal Services also comes the ability for a Terminal Server administrator to granularly control the configuration of Terminal Services sessions. All the features available to the end user's Terminal Services session can be managed, limited, and overridden by the Terminal Services administrator. Configuring administrative settings through Group Policy or Terminal Services Configuration can override most user-configurable settings. This can greatly benefit the Terminal Server by freeing the server from spending valuable server resources for features that may not be required in an enterprise deployment, such as audio redirection or high-color resolution.

With this granular administrative capability, the Terminal Services administrator can also improve Terminal Services server security by requiring high encryption for sessions or setting the Terminal Server to run in Full Security mode.

Terminal Server Console Access

Terminal Services clients can be configured to access a Terminal Server's console remotely. This improves the functionality of remote administration by allowing the administrator to perform tasks that could previously be accomplished only at the local server console. For instance, the administrator can view pop-up messages on the console or install software for the Terminal Server. Even though console access is available for pop-up messages, the Terminal Services administrator should use the event log to review all errors or alerts that may have been logged on the Terminal Server.

Terminal Server Fault Tolerance

In Windows 2000 Terminal Services, Terminal Services nodes could be clustered using network load balancing (NLB) to split the client load across several servers. This feature has been greatly improved in Windows Server 2003 with Session Directory server when using multiple Terminal Servers in an NLB configuration.

Note

Windows Server 2003 Terminal Services can be used with Microsoft Cluster Service (MSCS), but it is generally not recommended because of scalability constraints and increased manageability. Microsoft doesn't support using both MSCS and NLB on the same servers, and Terminal Services using MSCS doesn't provide session failover.