|
|
Over the past several years, workers have become more mobile. Rather than sit at a computer for eight hours a day, many people find themselves moving between offices and even working from home periodically. Because of this mobility, administrators of networking environments spend a lot of time configuring remote access services, and many organizations even spend a lot of money on remote devices such as the BlackBerry or Palm.
Realizing that remote access is very important in today’s workplace, Microsoft has added a new feature called Remote Desktop Sharing, or more simply Remote Desktop, to Windows XP Professional. Suppose that you have a computer at your office, as well as a laptop computer or even a home computer. Using Remote Desktop, you can connect to your office computer from another computer and access the office computer, just as if you were actually sitting in front of the office computer. Using Remote Desktop, a terminal window appears and you simply use your office computer from your home or remote computer. If this sounds vaguely familiar, you guessed it: Remote Desktop is built on Windows 2000 Terminal Services, which allow you create terminal sessions with remote machines. Through the terminal window that appears, you can open files, launch programs, configure system changes, browse folders—basically anything you might do if you were sitting at the computer locally. As you can imagine, this feature has a lot of possibilities since your desktop PC no longer needs to be a local resource. Simply use another computer in a remote location to connect, and you can work from where ever you might be.
Remote Desktop is generally easy to use and set up, but depending on the needed configuration, you might need to work through a few networking snags. However, keep in mind the following important points and restrictions:
Windows XP Professional can function as a Remote Desktop host in that other computers can connect to it. You can connect to a Windows XP Professional computer and manage it remotely by using Windows XP Home Edition, or by installing the Remote Desktop Connection software on Windows 2000, Windows NT 4, Windows Me, Windows 98, and Windows 95.
Remote Desktop allows multiple users to connect to the same computer so that different users can access different resources and run different applications as needed.
When a remote user connects to the Remote Desktop host, the local desktop is locked. This prevents anyone from using the computer while you are logged on remotely.
Each client accessing the Remote Desktop host must have a direct connection to the host. You can accomplish this using a local area network (LAN) or wide area network (WAN) connection, a dial-up connection, or a Virtual Private Network (VPN) connection, or you can do it over the Internet if the Remote Desktop host has a public IP address.
In order to use Remote Desktop, you must first turn on the Remote Desktop service on a Windows XP Professional computer that you want to function as the remote host. Keep in mind that only Windows XP Professional computers can be Remote Desktop hosts, but you can connect to the Remote Desktop using other computer systems that run the Remote Desktop Connection software. To turn on Remote Desktop on a Windows XP Professional computer, follow these steps:
Log on to the Windows XP Professional computer as a member of the Administrators group. You cannot enable Remote Desktop without an administrator account.
Click Start | Control Panel | System. On the System Properties dialog box, shown here, click the Remote tab.
Select the Allow Users to Connect Remotely to This Computer check box in order to enable Remote Desktop. Once the setting is enabled, the current user and any member of the Administrators or Remote Desktop groups can access the computer using Remote Desktop. However, you might want to change the default settings to allow or prevent users from accessing Remote Desktop. However, any user who attempts to use Remote Desktop must have a password. Remote Desktop connections do not allow blank passwords. To manage the users who can access the Remote Desktop, click the Select Remote Users button.
In the Remote Desktop Users dialog box, shown here, you can click the Add button to add users to the Remote Desktop group, or use the Remove button to remove users from that group. Keep in mind that local administrators automatically have access. When you are done, click OK.
In order for Remote Desktop to work, you must be able to connect to the host computer from the client computer. That sounds simple enough, but if you have spent any time working with networks, you know that simple is not often a word that accompanies the concept of networking. So, before configuring your client computers, you must determine how clients will connect to the Remote Desktop host. The following sections explore your options.
Connecting to a Remote Desktop host over a LAN or WAN is the easiest way to connect. The client computer uses the host computer’s IP address to make a direct connection. You need not make any additional configuration.
You can connect to a Remote Desktop host through a dial-up connection to that host. For example, suppose that your work computer resides in a small office. The computer has a modem and is connected to the phone line. To access your work computer from a home computer, you first use the Create a New Connection Wizard on your work computer to configure the computer to accept incoming calls. Then, from your home computer, configure a dial-up connection to dial the work computer’s number. You can then dial the work computer directly and create a Remote Desktop session.
You can connect to a Remote Desktop host over the Internet, but the process is a bit more complicated. When a computer is connected to the Internet, the Internet service provider (ISP) assigns the computer an IP address. You must use this public IP address to make the Remote Desktop connection. The problem, however, is that public IP addresses change frequently. For example, if you are using a modem to connect to the Internet, each time you connect, you are usually given a new dynamic IP address. Even with broadband connections, such as cable and DSL, the IP addresses may frequently change. There is now direct workaround for this issue. To find the public IP address, connect to the Internet, then double- click the connection in Network Connections. Click the Details tab, and you’ll see the current public IP address. You can then use this IP address to connect to the host from the client computer. If you are using a dial-up connection, you must leave the host computer connected to the Internet in order to make the Remote Desktop connection.
Another difficulty concerning Remote Desktop connections over the Internet is firewalls. Most firewalls will not, by default, allow Remote Desktop traffic. If you need to connect to a Remote Desktop host that resides behind a firewall, keep these points in mind:
If you are using Internet Connection Firewall on the host computer, you need to access the Advanced Settings dialog box and enable Remote Desktop traffic. This will allow Remote Desktop traffic to pass through the firewall, once the service is enabled. See Chapter 12 to learn more about using Internet Connection Firewall.
If the host computer resides on a LAN that is protected by a firewall, or if another individual firewall product is used, you’ll need to ask an administrator to configure the firewall to allow incoming access on TCP port 3389. Remote Desktop uses TCP port 3389, and the connection will fail if the firewall is not configured to allow incoming access on this port.
If you need to connect to a Remote Desktop host over the Internet and through a Remote Access server, you should use a VPN connection. This will give you the highest security when using the Remote Desktop host over the Internet. An administrator must configure the Remote Access Server (RAS) server to allow VPN traffic. Once you connect to the network, you can start the Remote Desktop session with the host by simply connecting to it using the host’s IP address.
Once you have enabled the Remote Desktop host and you have determined how the client(s) will connect to the host, you can configure the Remote Desktop client. In Windows XP, the client software is known as Remote Desktop Connection, which was called Terminal Services Client in previous versions of Windows. The Remote Desktop Connection software enables a client to generate a Terminal Services connection with the host. If you are using Windows XP Professional or Windows XP Home Edition, there is nothing you need to configure. The Remote Desktop Connection software is already installed and configured on the system. Simply click Start | All Programs | Accessories | Communications | Remote Desktop Connection. If you are using Windows 2000, Windows NT 4.0, Windows Me, Windows 98, or Windows 95, you must install the Remote Desktop Connection software on those computers. You can find this software on the Windows XP CD-ROM. Insert the CD-ROM in the desired client, choose the Perform Additional Tasks option, then choose the Remote Desktop Connection option. This will install the software. If you do not have a Windows XP CD-ROM available, you can also download the software from Microsoft’s web site at www.microsoft.com/ windowsxp/pro/downloads/rdclientdl.asp. Follow the simple setup instructions that appear.
Once the host and client are configured as needed, you can establish a Remote Desktop connection. To start the connection from a Windows XP client, click Start | All Programs | Accessories | Communications | Remote Desktop Connection. If you are connecting from a down-level client, click Start | Programs | Accessories | Communications | Remote Desktop Connection. The Remote Desktop Connection dialog box appears, as shown next.
If you are connecting a host that resides on your LAN or WAN, simply enter the computer’s name or IP address. If you are connecting through a VPN connection or over the Internet, use the IP address of the remote host. Once you have entered the name or IP address, just click Connect. Once the connection is made, the screen turns black, then you see a Log on to Windows dialog box, as shown in Figure 11-1. Enter a username and password for a user who is a member of the Remote Desktop group or for a user who has administrative privileges. Then click OK.
Figure 11-1: Enter a valid username and password
Note | Remember that blank passwords cannot be used. You must use an account that has a password. |
Once the username and password have been accepted, the terminal window provides your Remote Desktop, as shown in Figure 11-2. You can maximize and minimize the terminal window as needed and can simply use the remote computer through the terminal window, just as you would if you were sitting locally at the computer. Keep in mind as you are working with the Remote Desktop that you can open applications and create and save files. However, the files you create, edit, and save are saved on the remote computer; the terminal window simply shows you what is happening on the remote computer. For this reason, you cannot save files to your local client desktop and you cannot drag and drop items from the terminal window (the host computer) to your local computer (the client computer). You can also use the terminal window to access network files remotely, but keep in mind that the remote account you are using must have permissions to access items on the network.
Figure 11-2: Remote Desktop session
When you are using Remote Desktop, you can easily connect to the remote computer and use a terminal window. However, what happens if another user is accessing the computer locally? For example, suppose that you have a Remote Desktop account to access a computer from your home office. However, sometimes other administrators use the Windows XP Professional computer at the office when you are not there. In this case, one of two things can happen:
If Fast User Switching is enabled on the remote computer, the remote user sees a message, shown in Figure 11-3. You will see the message shown in Figure 11-4. The user sitting at the computer locally has the ability to reject your message and keep you from logging on by clicking the No button. If no one is actually sitting at the computer (but is logged on), then the local user is logged off because there has been no response. However, the local user’s session actually remains logged on because Fast User Switching is enabled, so all applications and all open files remain open. However, the local user will not be able to use the computer until you log off.
Figure 11-3: The local user sees this message
Figure 11-4: The remote user sees this message
If Fast User Switching is not enabled on the remote computer, then you have the option to log the local user off the computer forcefully. The problem, though, is that the local user will not have the option to save any open files. For this reason, it is best to use Fast User Switching with Remote Desktop so that any local users accessing the computer will not lose data. On the other hand, in this same scenario, a local administrator can forcefully log on, disconnecting the remote user, or if the same account is used by more than one person, the local user can always disconnect the remote user. As you can see, you should put some thought into the management of users when multiple people use the same machine. The best practice if you are working with Remote Desktop is to give each user a different account and ensure that Fast User Switching is enabled.
As with all networking connectivity, Remote Desktop performance can be an issue. If you are using Remote Desktop to connect to a remote desktop over the LAN or WAN, performance will probably not be an issue since there is plenty of available bandwidth. However, what if you need to connect to a remote desktop using a dial-up or VPN connection, or over the Internet? In this case, the amount of graphics that must be downloaded and displayed on your computer can slow down Remote Desktop’s performance.
For this reason, Windows XP gives you some performance options that can help speed up Remote Desktop service. For example, one performance option enables you to remove some of the graphical interface, the display of which can tend to slow things down. Open the Remote Desktop Connection, and in the Remote Desktop Connection dialog box, click the Options button. You see several available tabs. Click the Experience tab, shown in Figure 11-5.
Figure 11-5: Experience tab
As an A+ technician, you may face the task of supporting users who use Remote Desktop. To make Remote Desktop even easier to use, you can configure users' computers to log on to Remote Desktop automatically. For example, suppose that a user accesses her Windows XP Professional computer at work from a Windows XP Home computer most evenings. You can configure automatic logon to make the process quicker and easier. To configure the automatic logon option, follow these steps:
Click Start | All Programs | Accessories | Communications | Remote Desktop Connection.
On the Remote Desktop Connection dialog box, click the Option button.
On the General tab that appears, enter the computer to which you want to connect, then enter the username, password, and domain (if necessary). Click the Save My Password check box.
Click the Save As button. By default, the settings are saved in an .RDP file in My Documents with a filename of Default. If you want the settings you entered to be your default settings, simply click Save. If not, give a different name to the logon settings.
Click Connect to make the connection. From now on, you'll not be asked to provide the username and password when you make the Remote Desktop connection.
Use the drop-down menu to select your connection speed, then use the check boxes to specify further connection options. As you can see, using fewer features, such as Display Background, can reduce the amount of bandwidth required to transmit the images to your remote computer. You can adjust these settings as needed until you find the performance level that meets your needs.
Note | Leave the bitmap caching option enabled. Bitmap caching allows your computer to store bitmap images locally on your remote computer so that they do not have to be downloaded each time they need to be displayed; this actually speeds up the performance of the connection. |
You can also click the Display tab, shown in Figure 11-6, which will modify how Windows handles the remote session in the terminal window. You can specify the resolution of the terminal window and also the color depth. Again, lower settings help conserve bandwidth—they may result in a less attractive interface, but you will see performance gains.
Figure 11-6: Display tab
The Local Resources tab, shown in Figure 11-7, gives you some configuration options that can also help performance. This tab features three categories: Sound, Keyboard, and Local Resources. You can choose to download and play sounds locally, such as in the case of Windows events, but this option does consume more bandwidth.
Figure 11-7: Local Resources
Troubleshooting: Remote Desktop and Group Policy
Suppose that you adjust the Experience settings but fail to improve performance. What can cause the Experience settings not to work? The answer is Group Policy. The Windows XP Professional computer that functions as the remote host may have local as well as site, domain, and organizational unit (OU) policies that prevent changing the Experience settings. If this is the case, talk to a network administrator about changing the Group Policy settings so that they are more lenient and allow the configuration of performance options.
Note | Sound files are transmitted using User Datagram Protocol (UDP), which some firewalls block. If you decide to use sounds and you still cannot hear them, this may be the problem. |
The Keyboard option allows you to use special key combinations that will operate when the remote session is open. The options you’ll find here are self- explanatory. Finally, Local Resources enables you to map client disk drives, printers, serial ports, and smart card devices to the remote host. This option allows you to map drives from the remote host to your local computer. For example, suppose that you are working on the remote computer, but you want to print the document on your home computer (the remote client). This feature allows you to do that, or even access information on your local drives from within the terminal window.
If you travel with a laptop and you frequently use Remote Desktop over the Internet, you can choose to use Internet Explorer to launch Remote Desktop sessions rather than using the Remote Desktop Connection software. If you want to access Windows XP Professional Remote Desktop connections using Internet Explorer, you have to configure Internet Information Services (IIS) on Windows XP Professional to allow the connection. After configuring IIS, you can then generate a terminal session using Internet Explorer 4.0 or later.
To configure the Windows XP Professional host to allow web connections, you must first install IIS. Use the Add/Remove Programs and Add/Remove Windows Components options in Control Panel to install IIS. Then you can configure IIS to allow Remote Desktop, which runs the Remote Desktop Web Connection software. Follow these steps:
Click Add/Remove Programs in Control Panel.
Click Add/Remove Windows Components.
In the Windows Components Wizard page, select Internet Information Services (IIS) and click the Details button.
In the Internet Information Services dialog box, select the World Wide Web Service and click Details.
In the World Wide Web Service dialog box, select Remote Desktop Web Connection and click OK, as shown here. Click OK again, and then again, and complete the wizard.
After installing the Remote Desktop Web Connection component, you need to set the permissions. Follow these steps:
Click Start | Control Panel | Administrative Tools | Internet Information Services.
Expand the computer name, then navigate to Web Sites, then to Default Web Site, then to tsweb, as shown here.
Right-click the tsweb container and click Properties.
Click the Directory Security tab and click Anonymous Access and Authentication Control | Edit.
On the Authentication Methods dialog box, shown next, ensure that the Anonymous Access check box is selected and click OK. Anonymous access gives a remote user access only to the IIS directory. Once connected, Remote Desktop will still require a username and password.
After configuring the remote computer to allow Web access to Remote Desktop, you can use your client computer to connect. Keep these important points in mind:
You must be using Internet Explorer 4 or later.
If you are connecting over the Internet to the remote computer, use the computer’s public IP address to connect.
If you are connecting through a RAS server, make the connection and use the name or IP address of the remote desktop to generate the connection.
To connect to the remote desktop using Internet Explorer, open Internet Explorer and type the default address, which is http://server/tsweb. Again, if you are connecting over the Internet, use the public IP address to connect, as in http://ipaddress/tsweb. You’ll see a Remote Desktop Web Connection screen, shown in Figure 11-8.
Figure 11-8: Remote Desktop Web Connection screen
When you can connect to the remote computer through IIS, the process consumes less bandwidth, which helps speed up the connection. Also, the full screen will take up the entire computer screen; other options give you a resizable window. When you first connect, you’ll probably see a security warning (depending on your Internet Explorer configuration). Remote Desktop installs an ActiveX control on your computer, so just click Yes in response to the security warning (if you do not, Remote Desktop will not work). You’ll see the same logon dialog box. Enter your username and password and click OK. The Remote Desktop sessions open in Internet Explorer or in full-screen mode, depending on your selection.
Concerning logon, when you arrive at the Remote Desktop Web Connection window in Internet Explorer, you can select the Send Logon Information for This Connection check box. This provides you the Username and Domain dialog boxes. However, a better workaround is simply to add the remote desktop to your Favorites menu. Log in first, and after you see the desktop, click the Favorites menu and add the favorite. This saves your server name, screen size, and username in a URL so that you can connect automatically by simply clicking the Favorites option. Although you'll still have to enter your password, this method is much faster. Note that to make this work, you must select the Send Logon Information for This Connection check box and enter your username and domain in the provided dialog boxes on the Remote Desktop Web Connection screen.
|
|