Administering Terminal Services

This free lesson will teach you how to administer Terminal Services.

Use the buttons below to navigate through the lesson

To Administer Terminal Services, The Terminal Services Configuration tool is used. Click on Start.

Select Administrative Tools.

Click on Terminal Services Configuration.

The Terminal Services Configuration tool will appear. To configure connection properties, right-click RDP-Tcp.

Select Properties.

From the General page the Encryption Level can be set. The four different levels are Low, Client Compatible, High and FIPS Compliant.

The Low setting secures all data sent from the client to the server, but not from the server to the client. Windows XP clients use a 56-bit key whilst older clients use a 40-bit key.

Client Compatible encrypts communications between the client and the server at the maximum key strength that the client supports. When you have mixed clients that support varying encryption levels, use this level.

The High setting secures data travelling in both directions and uses a 128-bit encryption key.

FIPS Compliant encrypts and decrypts all communications using the Federal Information Processing Standard (FIPS) encryption algorithms in the Microsoft cryptographic modules. N.B. Remote Assistance is not FIPS Compliant and will not work when enabled.

From the logon settings page, you can specify how the client will logon. You can either specify a name when logging in or specify a name from here. You can also specify whether the user will always be prompted for a password.

From the sessions page, options for the Terminal Session can be configured. The settings are normally configured for each user using the user properties page, however they can be overridden here.  Session limits can be configured from here to apply to all users.

Using the Environment page, the Initial program can be configured. This overrides the setting from the Client Connection Manager. If this option is set then when the client opens a connection the specified program will be run, once the application is closed the terminal session will end.

From the Remote Control page, options can be configured for the Remote Control feature of Terminal Services. If enabled here you can remotely view or control another session from a terminal session.

From the Client Settings page you can automatically restore the user’s mappings every time he or she logs on. User are able to map drives and Windows printers. You can also disable the client from mapping ports such as the LPT port.

From the network adapter page you can specify which network adapter will service the Terminal Service clients. You can also limit the number of connections allowed. It is a good idea to devote a whole network adapter to terminal services. (This should improve performance.)

Realise that if the terminal server is a domain controller then a user with full control will also have full control over the domain controller.

From the permissions page, user access to the terminal server can be configured. Full control should only be enabled for the administrator with standard User access for normal clients.

By selecting the Server settings page, various options can be configured. Most of the options were configured when Terminal Services was first installed. To change a setting, double-click on the option.

To view current client sessions, click on Terminal Services Manager.

A list of current connections are displayed. There is currently one user  logged in as Administrator. To view the options for a session right-click on the user.

You can disconnect, send a message, or log the user off, as well as see how long the user has been logged on. You can only use Remote Control from another Terminal Session, i.e. You can remotely control one terminal session from another.

Select Status to view the current status of the session.

Information about the connection is shown, such as the number of bytes sent.

Information about the services currently running on the client connection are displayed by selecting the Processes Tab.

Configuring User Properties

User properties are configured through Computer Management or through Active Directory Users and Computers depending on whether you are in a workgroup or a domain.

Right-click on the user whose properties are to be configured.

Select Properties.

From the Terminal Services Profile tab, options for the user’s profile can be set. The user’s profile holds the user’s settings such as the desktop and My Documents folder. A Folder can also automatically be mapped for the user, this is known as a home folder.

From the Remote Control Tab options for remote control can be set.

The Sessions tab configures how long a client can stay connected or how long an idle session will remain active. It also specifies whether a client can reconnect from any machine or from the original client only.