Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


April 2001

Remotely Manage Your Win2K Servers


From the April 2001 Edition
of Windows IT Pro
Sean Daily
Focus
InstantDoc #20043
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Remote Computing Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Remote Administration for the Rest of Your Network

Download the Code Here

Win2k's built-in terminal services delivers a grand slam

Remote administration has long been a challenge for administrators of Windows-based networks. Windows NT and its associated resource kits provide limited tools for performing remote administration, and the included tools don't offer much functionality or are not completely secure (e.g., NT's Telnet service). The problem isn't necessarily with the tools; rather, the problem is the lack of remote-administration support from the underlying OS and its services and components. Although graphical remote control tools, such as Symantec's pcAnywhere32, offer a solution, they're hampered by the additional per-server cost that they incur. In addition, these tools are limited by the significant bandwidth requirement of Windows' GUI.

Besides instability and rebooting requirements, the lack of command-line tools and built-in remote-administration support is the most common complaint I hear about NT. Windows 2000 Magazine contributing editor Mark Minasi sums up this troublesome predicament with a humorous observation, which I've heard him share at conferences: What do you use to administer a remote UNIX server? Telnet. What do you use to administer a remote NT server? A plane ticket.

Although the contrast between Windows-based OSs and command-line-friendly OSs such as UNIX is humorous to observe, the need for better remote administration in Windows-based servers is a serious matter. Fortunately, pressure from customers about NT's poor remote-administration support drove Microsoft to address this problem in Win2K.

Terminal Services to the Remote Rescue
Microsoft's solution for providing better remote-administration support was twofold. First, provide better command-line tools in the Win2K OS to reduce the number of tasks that require GUI access. To do so, the company introduced new command-line utilities, such as NetShell (Neth), and enhancements to NT command-line utilities. Second, accommodate GUI-based access to servers by leveraging and extending technology slated for the Win2K Server product family: Win2K Server Terminal Services.

Under NT, thin-client terminal services take the form of NT Server 4.0, Terminal Server Edition (WTS). This version of NT Server 4.0 has a multiuser-capable kernel that is significantly different from that of the other NT versions. You can augment WTS with additional services and features that Citrix MetaFrame provides. Although the primary focus of these products is to provide remote clients and Windows-based terminals (WBTs) with access to NT and Windows-based applications, they also offer administrators access so that they can remotely support the terminal server.

In Win2K, Microsoft included support for terminal services in the OS kernel for all the Win2K Server variants. In addition, Microsoft developed a special mode of operation specifically to provide remote administration capabilities to any Win2K server. This administrative mode doesn't have the licensing requirements of the regular terminal services mode, application server mode; you can simply enable Terminal Services in remote administration mode on any Win2K server without additional client-licensing costs. Although Terminal Services provides client support for only Windows machines, Win2K also provides 16-bit and 32-bit versions of the RDP 5.0 terminal services client. This inclusion means that Windows servers finally have full-featured built-in remote administration and control capabilities. Thus, buying remote control software and plane tickets is no longer a requirement for remote Windows server administration. (For information about remote administration options for non-Win2K Server machines in your network, see the sidebar "Remote Administration for the Rest of Your Network.")

Installing Terminal Services
Installing Terminal Services is a fairly straightforward process. You can install the service during the Additional Components portion of the Win2K Setup process or after the initial Win2K installation by using the Add/Remove Windows Components section of the Control Panel Add/Remove Programs applet. To install Terminal Services, simply select the Terminal Services check box, as Figure 1 shows. By default, selecting this option also installs the Terminal Services client software onto the server, as well as a utility for creating client installation disks. If you want to disable the installation of the client software and client installation disk creation utility, click the Terminal Services option and select Details. In the resulting window, you can clear the Client Creator Files check box. If you let Win2K install the client software, the OS will copy the software to the server's %Systemroot%\system32\clients\tsclient folder, which you can then share so that client installation files are accessible to remote clients.

After you select the Terminal Services check box and click Next, a configuration wizard, which Figure 2, page 44, shows, is launched and asks which mode of operation you want to configure: remote administration mode or application server mode. Unless you intend to license the server to run applications for users, select remote administration mode. Doing so configures the server to support two administrative remote client sessions without additional licensing requirements. Furthermore, this selection configures Terminal Services to minimize its impact on the server's performance.

Performance is an important consideration because remote control and terminal services software are traditionally resource-hungry applications. Remote administration mode assumes that you want to provide remote administration capabilities on the server without exacting a major performance penalty on users while administrative terminal server sessions are active.

Any Terminal Services installation onto an existing Win2K server (i.e., through the Add/Remove Programs applet) requires a system reboot before remote administration is possible. Although Win2K requires signfificantly fewer reboots than NT, Terminal Services is an exception to this rule.

Unattended Installations
Another Terminal Services installation option is that you can use unattended installation scripts to automate the process. This option particularly is useful if you're already using unattended installation scripts to deploy Win2K servers. You can perform unattended Win2K installations through unattended installation scripts launched using the winnt or winnt32 Setup /u option or through a Remote Installation Services (RIS)-based script. For information about unattended Win2K installations and RIS, see "Related Articles in Previous Issues," page 50, and Douglas Toombs, "Superior RIS," page 79.

To install and enable Terminal Services through an unattended installation, you use the [Components] and [TerminalServices] sections of an unattended setup file (e.g., unattend.txt). If these sections don't exist, you must create them. The [Components] section controls the installation of Terminal Services and the client software, and the [TerminalServices] section controls the Terminal Services configuration mode. Table 1 lists the keywords and default values for both sections. The following example shows these sections as they appear in a typical unattended installation file used to configure a remote administration mode-enabled server.

[Components]
TSEnable = ON
TSClients = ON

[TerminalServices]
ApplicationServer=0

Terminal Session Options
Although Win2K's Terminal Services works well under its default configuration, you might benefit from modifying the default settings. To configure a Terminal Services connection, you use the Microsoft Management Console (MMC)-based Terminal Services Configuration utility, which Figure 3, page 46, shows. This utility is in the Administrative Tools program group on a Terminal Services server or in the Win2K Support Tools installed from the Win2K Professional CD-ROM on a Win2K Pro system.

For example, you might want to change the encryption the connection uses for RDP client session data to and from the server. By default, Win2K terminal server client sessions use medium-level encryption, which means Terminal Services uses 56-bit standard key strength encryption to encrypt the terminal server client session data to and from the server. Low-level encryption also uses a 56-bit key strength, but Terminal Services encrypts only data sent from the client to the server. Using high-level encryption, Terminal Services encrypts data to and from the server by using a 128-bit key strength (assuming both the server and client support this key strength). As you might imagine, the penalty for increasing the encryption strength is performance—stronger encryption means slower client sessions. In contrast, setting the encryption level to low will improve performance but might impose undesirable security risks because data that Terminal Services sends from the server to the client is unencrypted.

To change the encryption level, right-click the RDP-Tcp connection listed in the console's right pane and select Properties. In the resulting RDP-Tcp Properties window, which Figure 4 shows, you set the encryption level in the Encryption section on the General tab.

Other remote-administration-related settings that you might want to modify include options on the Sessions tab of the RDP-Tcp Properties window. Sessions options relate to how Terminal Services handles client session timeouts and disconnections. For example, you can configure Terminal Services to override client-side settings for values such as session time limits for active or idle sessions, whether to end or disconnect expired sessions, and how and when to end user-disconnected sessions. Other useful tabs include the Permissions tab, which lets you configure which users and groups have access to the Terminal Services server, and the Remote Control tab, which lets you configure session shadowing.

Another Terminal Services management activity you'll need to occasionally perform is managing remote client sessions. To do so from a Terminal Services-enabled server, you use the Terminal Services Manager, another utility in the Administrative Tools group. This utility, which Figure 5 shows, lets you perform administrative duties on the server, such as resetting active, idle, or disconnected user sessions; ending running processes; sending messages to connected users; and getting user session status. You can also use this utility to perform session shadowing, the ability to remotely view or control a user's terminal session from the terminal server. (Citrix first introduced this functionality in its ICA-based terminal service products; Microsoft mimics the functionality in Win2K's RDP-based Terminal Services.) This feature might be useful, for example, if you discover a suspicious administrator connection that you want to observe or for training a new administrator from a remote location. Another useful aspect of the Terminal Services Manager is that, like most Win2K administration tools, it's enterprise-friendly and lets you manage not just the local server but all Terminal Services-enabled servers in your enterprise.

   Previous  [1]  2  Next 


Top Viewed ArticlesView all articles
No Jobs, No Excitement at Apple's Last Macworld Keynote

Apple CEO Steve Jobs made the right move in skipping out on his company's last appearance at Macworld: In a Tuesday keynote address at the conference, Apple had no interesting new products to sell, opting instead to spend mind-numbing amounts of time on ...

Where is Microsoft NetMeeting in Windows XP?

...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Cloud Computing Forum: Integrating Software, Server and Storage as a Service into Your Enterprise IT Delivery Model

Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.


Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Empower Your Processes with PowerShell 201
Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

New Release: Windows IT Pro Master CD
13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2009 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing