Install, configure, and secure Terminal Services in your enterprise
[Author's Note: Each month, this column discusses various aspects of the advanced administration of e-business sites. This month, I show you how to install, configure, and secure Windows 2000 Server Terminal Services so that you can streamline IIS server management.]
Terminal Services provides remote access to a server desktop through terminal-emulation software. This remote access makes managing multiple servers a breeze because you can do everything from one machine. This month, I introduce you to the different installation options available in Terminal Services and the different client options available during implementation. In addition, I discuss the security implications that Terminal Services implementation poses. The Web-exclusive "Related Reading" box provides articles and white papers that will help in your Terminal Services research and implementation.
Installing and Configuring Terminal Services
Installing Terminal Services is simple. You can install the service either during Win2K installation or later from the Control Panel Add/Remove Programs applet. To install Terminal Services from the applet, double-click Add/Remove Programs, then click the Add/Remove Windows Components icon to start the Windows Components Wizard. Select the Terminal Services and Terminal Services Licensing check boxes, then follow the wizard's prompts to complete the installation. (See the sidebar "Remote Administration vs. Application Server" for a comparison of these two Terminal Services installation modes.)
To verify successful installation, right-click My Computer, then select Manage to open the Computer Management console. Expand Services and Applications, then click Services. In the right pane, scroll down to the Terminal Services service. The Terminal Services service should be running and should be configured to start automatically. If you right-click the service, select Properties, then click the Dependencies tab, you'll see that it has no dependencies on other services.
Terminal Services Administrative Tools
Successful Terminal Services installation adds three tools to Administrative Tools. They are Terminal Services Client Creator, Terminal Services Configuration, and Terminal Services Manager.
Terminal Services Client Creator. The Terminal Services Client Creator tool, which Figure 1 shows, facilitates the creation of installation disks that install 16- and 32-bit Terminal Services clients. These installation disks are intended for Application Server mode, in which a client must be dedicated to running Terminal Services to run applications remotely. You probably won't be interested in creating installation disks for Application Server mode.
Terminal Services Configuration. The Terminal Services Configuration tool, which Figure 2 shows, lets you configure the connection that clients use to log on to a Terminal Services session. One TCP/IP connection is automatically configured when you install and enable Terminal Services on a Win2K Server machine. Typically, this connection is the only one you need for remote administration through Terminal Services. The Terminal Services Configuration tool also lets you customize several aspects of the Terminal Services client connection:
- You can reconfigure the properties of the RDP-TCP connection. (RDP is the protocol that Terminal Services uses.) For example, you can limit the amount of time that client sessions remain active on the server and set protection levels for encryption.
- You can set session time limits on a per-connection basis.
- You can configure settings that apply globally to the Terminal Services server, including settings for temporary folders, default connection security, and enabling and disabling Internet Connector licensing.
Terminal Services Manager. The Terminal Services Manager tool, which Figure 3 shows, lets you view information about the Terminal Services servers within the trusted domains in which you're authenticated. When you select a computer in the left pane, clients connecting remotely through Terminal Services appear on Terminal Services Manager's Sessions tab. In addition, the names of users who log on appear on Terminal Services Manager's Users tab. You can monitor on the Processes tab any applications that users run during their sessions. Therefore, you can oversee all sessions, users, and processes on each Terminal Services server from one location.
Terminal Services Clients
Microsoft provides three advanced administrative clients that facilitate remote connections to Terminal Services. However, the client software isn't automatically installed when you install the Terminal Services service. In fact, Microsoft developed these three client software packages after Win2K shipped, so you must download them from the Microsoft download site (http://www.microsoft.com/windows2000/downloads/recommended/tsac/default.asp). Many IIS administrators don't implement Terminal Services because they can't figure out which client they should use to effectively put the technology into action. Each Terminal Services advanced client package comes as a self-extracting setup program that you can install independently of the others. Thus, you can install all three packages—the Terminal Services Full Client Windows Installer package, the Web package, and the Microsoft Management Console (MMC) Terminal Services Connections snap-in—then decide which one best suits you.