Professional Documents
Culture Documents
M I C R O S O F T
L E A R N I N G
P R O D U C T
6428A
Configuring and Troubleshooting Windows Server 2008 Terminal Services
ii
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2008 Microsoft Corporation. All rights reserved. Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
MICROSOFT LICENSE TERMS OFFICIAL MICROSOFT LEARNING PRODUCTS - TRAINER EDITION Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They apply to the Licensed Content named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft updates, supplements, Internet-based services, and support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply. By using the Licensed Content, you accept these terms. If you do not accept them, do not use the Licensed Content. If you comply with these license terms, you have the rights below.
1. DEFINITIONS. a. Academic Materials means the printed or electronic documentation such as manuals, workbooks, white papers, press releases, datasheets, and FAQs which may be included in the Licensed Content. b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions location, an IT Academy location, or such other entity as Microsoft may designate from time to time. c. Authorized Training Session(s) means those training sessions authorized by Microsoft and conducted at or through Authorized Learning Centers by a Trainer providing training to Students solely on Official Microsoft Learning Products (formerly known as Microsoft Official Curriculum or MOC) and Microsoft Dynamics Learning Products (formerly know as Microsoft Business Solutions Courseware). Each Authorized Training Session will provide training on the subject matter of one (1) Course. d. Course means one of the courses using Licensed Content offered by an Authorized Learning Center during an Authorized Training Session, each of which provides training on a particular Microsoft technology subject matter. e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or analog device. f.
Licensed Content means the materials accompanying these license terms. The Licensed Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student Content, (iii) classroom setup guide, and (iv) Software. There are different and separate components of the Licensed Content for each Course. Software means the Virtual Machines and Virtual Hard Disks, or other software applications that may be included with the Licensed Content. Student Content means the learning materials accompanying these license terms that are for use by Students and Trainers during an Authorized Training Session. Student Content may include labs, simulations, and courseware files for a Course. Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer and b) such other individual as authorized in writing by Microsoft and has been engaged by an Authorized Learning Center to teach or instruct an Authorized Training Session to Students on its behalf.
g.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location. i.
j.
k. Trainer Content means the materials accompanying these license terms that are for use by Trainers and Students, as applicable, solely during an Authorized Training Session. Trainer Content may include Virtual Machines, Virtual Hard Disks, Microsoft PowerPoint files, instructor notes, and demonstration guides and script files for a Course. l.
Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as a base virtual hard disk or differencing disks) for a Virtual Machine that can be loaded onto a single computer or other device in order to allow end-users to run multiple operating systems concurrently. For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content.
m. Virtual Machine means a virtualized computing experience, created and accessed using Microsoft Virtual PC or Microsoft Virtual Server software that consists of a virtualized hardware environment, one or more Virtual Hard Disks,
and a configuration file setting the parameters of the virtualized hardware environment (e.g., RAM). For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content.
n.
you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these license terms.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and electronic), Trainer Content, Student Content, classroom setup guide, and associated media. License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center location or per Trainer basis.
3. INSTALLATION AND USE RIGHTS. a. Authorized Learning Centers and Trainers: For each Authorized Training Session, you may:
i. either install individual copies of the relevant Licensed Content on classroom Devices only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of copies in use does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by classroom Devices and only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of Devices accessing the Licensed Content on such server does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session. iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to use the Licensed Content that you install in accordance with (ii) or (ii) above during such Authorized Training Session in accordance with these license terms. i. Separation of Components. The components of the Licensed Content are licensed as a single unit. You may not separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license terms will apply to the use of those third party programs, unless other terms accompany those programs.
b. Trainers:
i. Trainers may Use the Licensed Content that you install or that is installed by an Authorized Learning Center on a classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content. You may install and Use one copy of the Licensed Content on the licensed Device solely for your own personal training Use and for preparation of an Authorized Training Session. B. Portable Device. You may install another copy on a portable device solely for your own personal training Use and for preparation of an Authorized Training Session. 4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions in this agreement, these terms also apply: a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not contain the same information and/or work the way a final version of the Licensed Content will. We may change it for the final, commercial version. We also may not release a commercial version. You will clearly and conspicuously inform any Students who participate in each Authorized Training Session of the foregoing; and, that you or Microsoft are under no obligation to provide them with any further content, including but not limited to the final released version of the Licensed Content for the Course. b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to Microsoft, without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software, Licensed Content, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your feedback in them. These rights survive this agreement. c. Confidential Information. The Licensed Content, including any viewer, user interface, features and documentation that may be included with the Licensed Content, is confidential and proprietary to Microsoft and its suppliers.
i.
Use. For five years after installation of the Licensed Content or its commercial release, whichever is first, you may not disclose confidential information to third parties. You may disclose confidential information only to your employees and consultants who need to know the information. You must have written agreements with them that protect the confidential information at least as much as this agreement. Survival. Your duty to protect confidential information survives this agreement.
ii.
iii. Exclusions. You may disclose confidential information in response to a judicial or governmental order. You must first give written notice to Microsoft to allow it to seek a protective order or otherwise protect the information. Confidential information does not include information that d. becomes publicly known through no wrongful act; you received from a third party who did not breach confidentiality obligations to Microsoft or its suppliers; or you developed independently.
Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs you is the end date for using the beta version, or (ii) the commercial release of the final release version of the Licensed Content, whichever is first (beta term). Use. You will cease using all copies of the beta version upon expiration or termination of the beta term, and will destroy all copies of same in the possession or under your control and/or in the possession or under the control of any Trainers who have received copies of the pre-released version. Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta version (in either print and/or CD version) and distribute such copies to Students and/or Trainers. If Microsoft allows such distribution, you will follow any additional terms that Microsoft provides to you for such copies and distribution.
e.
f.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced Server and/or other Microsoft products which are provided in Virtual Hard Disks. A. If the Virtual Hard Disks and the labs are launched through the Microsoft Learning Lab Launcher, then these terms apply: Time-Sensitive Software. If the Software is not reset, it will stop running based upon the time indicated on the install of the Virtual Machines (between 30 and 500 days after you install it). You will not receive notice before it stops running. You may not be able to access data used or information saved with the Virtual Machines when it stops running and may be forced to reset these Virtual Machines to their original state. You must remove the Software from the Devices at the end of each Authorized Training Session and reinstall and launch it prior to the beginning of the next Authorized Training Session. B. If the Virtual Hard Disks require a product key to launch, then these terms apply: Microsoft will deactivate the operating system associated with each Virtual Hard Disk. Before installing any Virtual Hard Disks on classroom Devices for use during an Authorized Training Session, you will obtain from Microsoft a product key for the operating system software for the Virtual Hard Disks and will activate such Software with Microsoft using such product key. C. These terms apply to all Virtual Machines and Virtual Hard Disks: You may only use the Virtual Machines and Virtual Hard Disks if you comply with the terms and conditions of this agreement and the following security requirements: o o You may not install Virtual Machines and Virtual Hard Disks on portable Devices or Devices that are accessible to other networks. You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at the end of each Authorized Training Session, except those held at Microsoft Certified Partners for Learning Solutions locations.
o o o o o
You must remove the differencing drive portions of the Virtual Hard Disks from all classroom Devices at the end of each Authorized Training Session at Microsoft Certified Partners for Learning Solutions locations. You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or downloaded from Devices on which you installed them. You will strictly comply with all Microsoft instructions relating to installation, use, activation and deactivation, and security of Virtual Machines and Virtual Hard Disks. You may not modify the Virtual Machines and Virtual Hard Disks or any contents thereof. You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an Authorized Training Session will be done in accordance with the classroom set-up guide for the Course.
iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip art, animations, sounds, music, shapes, video clips and templates provided with the Licensed Content solely in an Authorized Training Session. If Trainers have their own copy of the Licensed Content, they may use Media Elements for their personal training use. iv. iv Evaluation Software. Any Software that is included in the Student Content designated as Evaluation Software may be used by Students solely for their personal training outside of the Authorized Training Session.
b. Trainers Only:
i. Use of PowerPoint Slide Deck Templates . The Trainer Content may include Microsoft PowerPoint slide decks. Trainers may use, copy and modify the PowerPoint slide decks only for providing an Authorized Training Session. If you elect to exercise the foregoing, you will agree or ensure Trainer agrees: (a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training Session, Trainers may customize and reproduce, in accordance with the MCT Agreement, those portions of the Licensed Content that are logically associated with instruction of the Authorized Training Session. If you elect to exercise the foregoing rights, you agree or ensure the Trainer agrees: (a) that any of these customizations or reproductions will only be used for providing an Authorized Training Session and (b) to comply with all other terms and conditions of this agreement. iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and use the Academic Materials. You may not make any modifications to the Academic Materials and you may not print any book (either electronic or print version) in its entirety. If you reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use You will not republish or post the Academic Materials on any network computer or broadcast in any media; You will include the Academic Materials original copyright notice, or a copyright notice to Microsofts benefit in the format provided below: Form of Notice: 2010 Reprinted for personal reference use only with permission by Microsoft Corporation. All rights reserved. Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the US and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed Content. It may change or cancel them at any time. You may not use these services in any way that could harm them or impair anyone elses use of them. You may not use the services to try to gain unauthorized access to any service, data, account or network by any means. 7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allow you to use it in certain ways. You may not
install more copies of the Licensed Content on classroom Devices than the number of Students and the Trainer in the Authorized Training Session; allow more classroom Devices to access the server than the number of Students enrolled in and the Trainer delivering the Authorized Training Session if the Licensed Content is installed on a network server; copy or reproduce the Licensed Content to any server or location for further reproduction or distribution; disclose the results of any benchmark tests of the Licensed Content to any third party without Microsofts prior written approval; work around any technical limitations in the Licensed Content; reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent that applicable law expressly permits, despite this limitation; make more copies of the Licensed Content than specified in this agreement or allowed by applicable law, despite this limitation; publish the Licensed Content for others to copy; transfer the Licensed Content, in whole or in part, to a third party; access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not been authorized by Microsoft to access and use; rent, lease or lend the Licensed Content; or use the Licensed Content for commercial hosting services or general business purposes. Rights to access the server software that may be included with the Licensed Content, including the Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft intellectual property in software or devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting. 9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed Content marked as NFR or Not for Resale. 10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as Academic Edition or AE. If you do not know whether you are a Qualified Educational User, visit www.microsoft.com/education or contact the Microsoft affiliate serving your country. 11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail to comply with the terms and conditions of these license terms. In the event your status as an Authorized Learning Center or Trainer a) expires, b) is voluntarily terminated by you, and/or c) is terminated by Microsoft, this agreement shall automatically terminate. Upon any termination of this agreement, you must destroy all copies of the Licensed Content and all of its component parts. 12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the Licensed Content and support services. 13. APPLICABLE LAW. a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort. b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country apply. 14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of using it. Microsoft gives no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this agreement cannot change. To the extent permitted under your local laws, Microsoft excludes the implied warranties of merchantability, fitness for a particular purpose and noninfringement. 16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to anything related to the Licensed Content, software, services, content (including code) on third party Internet sites, or third party programs; and claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages. Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en franais. EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie expresse. Vous pouv ez bnficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualit marchande, dadquation un usage partic ulier et dabsence de contrefaon sont exclues. LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de bnfices. Cette limitation concerne: tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects , accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre gard. EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre pays si celles-ci ne le permettent pas.
ix
Contents
Module 1: Configuring Terminal Services Core Functionality
Lesson 1: Configuring the TS Server Role Service Lesson 2: Configuring the TS Settings Lab: Configuring TS Core Functionality 1-3 1-15 1-19
xi
Course Description
This two-day instructor-led course introduces you to Microsoft Windows Server 2008 Terminal Services. The course prepares you for configuring and managing the TS rolesTS licensing, Gateway, and Web Accessas well as monitoring and troubleshooting a TS environment.
Audience
The primary audiences for this course include Technology Specialists in an enterprise environment as well as individuals who are assuming a new role requiring skills to manage connections served by a terminal server session over the intranet, extranet, and Internet.
Student Prerequisites
This course requires that you meet the following prerequisites: or Microsoft Windows Server 2003 Terminal Server experience in an enterprise environment as follows: Minimum of one year of experience in administering and supporting TS Minimum of one year of experience in administering and supporting Windows Server 2003 or Windows Server 2003 R2 Course 6420: Fundamentals of a Windows Server 2008 Network Infrastructure and Application Platform Course 6421: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure
Course Objectives
After completing this course, students will be able to: Configure the TS role. Manage TS licensing. Configure TS connection properties by using the Terminal Services Configuration snap-in and Group Policy. Configure TS Easy Print and TS RemoteApp programs. Configure the TS Web Access role service. Configure the TS Session Broker role for a load-balanced TS farm. Configure and troubleshoot TS Gateway. Maintain TS connections post installation and configure Windows System Resource Manager (WSRM) for TS.
xii
Course Outline
This section provides an outline of the course: Module 1, "Configuring Terminal Services Core Functionality" prepares you for installing and configuring the TS role. The module also introduces the new core functionality in TS, lists the considerations for using a standalone instance and a farm, and briefly explains how to configure the TS settings. Module 2, "Configuring and Managing Terminal Services Licensing" introduces you to TS Licensing and covers how the license server and terminal server need to be configured for issuing and managing licenses. The module also includes installing Per User and Per Device TS Client Access Licenses (CALs) on the license server as well as managing the licensing lifecycle. Module 3, "Configuring and Troubleshooting Terminal Services Connections" introduces the connection properties that can be set by using either the Terminal Services Configuration snap-in or Group Policy. Besides setting these properties, the module also covers configuring the authentication and encryption levels, Desktop Experience and Plug and Play (PnP) Device Redirection Framework, and Single Sign-On (SSO) for user profiles. The module ends with troubleshooting connectivity issues. Module 4, "Configuring Terminal Services RemoteApp and Easy Print" starts with discussing the types of applications that can be installed on the terminal server. The module then provides an overview of RemoteApp programs, advantages of using these programs, and the methods used to deploy them on the terminal server. Also covered in the module is TS Easy Print, which facilitates printer redirection over a TS session. Module 5, "Configuring Terminal Services Web Access and Session Broker" provides the steps for installing and configuring RemoteApp programs by using TS Web Access. The module also covers a separate role service, the TS Session Broker, which facilitates reconnection to an existing session in a loadbalanced TS farm. Module 6, "Configuring and Troubleshooting Terminal Services Gateway" explains how to install and configure the TS Gateway role service. The module also covers how to manage TS Connection Authorization Policies (CAPs) and TS Resource Authorization Policies (RAPs). Following a brief introduction to Network Access Protection (NAP), the module goes on to discuss troubleshooting TS Gateway. Module 7, "Managing and Monitoring Terminal Services" explains the tasks involved in managing and monitoring TS Connections. The module also introduces the enhanced features of WSRM and how to configure WSRM.
xiii
Course Materials
The following materials are included with your kit: Course Handbook A succinct classroom learning guide that provides all the critical technical information in a crisp, tightly-focused format, which is just right for an effective in-class learning experience. Lessons: Guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience. Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned in the module. Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its needed.
Course Companion Content on the http://www.microsoft.com/learning/companionmoc/ Site: Provides additional resources pertaining to this course. Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its needed. Resources: Include well-categorized additional resources that give you immediate access to the most up-to-date premium content on TechNet, MSDN, Microsoft Press Send Us Your Feedback Instructions: Provide you with an opportunity to send feedback on the all aspects of the course.
Student Course files on the http://www.microsoft.com/learning/companionmoc/ Site: Includes the Allfiles.exe, a self-extracting executable file that contains all the files required for the labs and demonstrations. Course evaluation At the end of the course, you will have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor.
To provide additional comments or feedback on the course, send e-mail to support@mscourseware.com. To inquire about the Microsoft Certification Program, send e-mail to mcphelp@microsoft.com.
xiv
Important: At the end of each lab, you must close the virtual machine and must not save any changes. To close a virtual machine without saving the changes, perform the following steps: 1. On the virtual machine, on the Action menu, click Close. 2. In the Close dialog box, in the What do you want the virtual machine to do? list, click Turn off and delete changes, and then click OK. The following table shows the role of each virtual machine used in this course: Virtual machine NYC-DC1 NYC-TS NYC-WEB Role A Domain Controller for woodgrovebank.com Terminal server with terminal services installed A member of the woodgrovebank.com domain
Software Configuration
The following software is installed on each VM: Windows Server 2008 Enterprise
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way.
1-1
Module 1
Configuring Terminal Services Core Functionality
Contents:
Lesson 1: Configuring the TS Server Role Service Lesson 2: Configuring the TS Settings Lab: Configuring TS Core Functionality 1-3 1-15 1-19
1-2
Co onfiguring and Troub bleshooting Windows s Server 2008 Termin nal Services
TS S in Windows Server 2008 ha as been upgra aded to incorporate improve ed features tha at are especiall ly useful fo or organization ns with branch h offices. This module m introduces the new features f in TS and prepares you for in nstalling and co onfiguring the e TS server role e service. Th he module also o includes con nsiderations fo or using a stand dalone instanc ce and a farm, as well as con nfiguring th he TS settings.
1-3
L Lesson 1
TS S in Windows Server 2008 in ncludes new co ore functionality that provide es enhanced features to rem motely de eploy and acce ess application ns. This new co ore functionality includes Remote Desktop p Connection (RDC) ( 6. .1, Remote Desktop Connect tion Display im mprovements, and Plug and Play (PnP) dev vice redirection. Th he TS server ro ole service can be installed as a standalone e instance or in n a farm with multiple terminal se ervers.
1-4
Co onfiguring and Troub bleshooting Windows s Server 2008 Termin nal Services
TS Features s
Key Points
TS S in Windows Server 2008 al llows users to connect to a server running Windows-bas sed programs or the fu ull Windows de esktop. In n addition, Win ndows Server 2008 TS also provides: nd encrypted connection between remote e users and the e resources on a local network. A secure an Support for r Embedded Point of Service e (POS) device redirection. Support for r Network Acc cess Protection n (NAP) that en nforces networ rk authentication. A new role management tool and an im mproved scalable spooler. r Microsoft Int ternet Protocol version 6 (IPv v6) that enable es peer-to-pee er and mobile Support for applications. source Manager (WSRM) too ol to manage system resourc ces by using The Windows System Res r custom resou urce policies. preconfigured policies or
Q Question : Whic ch features of Windows Serv ver 2008 TS wil ll be useful in your organizat tion? Fo or more inform mation about TS features, see s "What's New in Termina al Services for r Windows Se erver 2008" on the Microso oft TechNet Web W site.
1-5
K Points Key
Yo ou can install the t TS server role r service by using the Serv ver Manager, if i no other TS role services, such s as TS S Gateway and d TS Licensing, , are installed on o the server. If a TS role ser rvice is already y installed on the t se erver, the Term minal Services check c box will be selected and dimmed. You Y then need to select the "To " in nstall the Terminal Server role server when Terminal Serv vices is already y installed" opt tion. Fo or more inform mation about installing the e TS server role e, see "Termin nal Server Inst tallation" on th he Microsoft TechNet T Web site.
1-6
K Points Key
Tw wo types of au uthentication modes m can be used on a term minal server: ntication supp ported by passw word, smart ca ard, Windows NT LAN Mana ager (NTLM), and User authen one-time password p (OTP) ) over encrypt ted channels supported by a y Kerberos and d Secure Socke ets Layer (SSL) or Transport Layer Host level authentication Security (TL LS) certificates
cation is mostl ly used for stand-alone syste ems on the net twork. The Ker rberos authent tication NTLM authentic rotocol provid des a more secure network connection than traditional authentication a methods. pr Yo ou can also co onfigure Single e Sign-On (SSO O) on the terminal server. SSO is an access method that allows a a client to gain ac ccess to multip ple systems wit th a single set of credentials s.
Note: Besides providing N p the Basic B authentic cation method d, Windows Server 2008 also o provides Network Level Authentication A n. If you select this method, only clients running Window ws Server 008 or Microso oft Windows Vista V with RDC version 6.0, or later, will be able to conne ect to the 20 te erminal server. Fo or more inform mation about authenticatio on modes, see e "Windows Se erver 2008 Tec chnical Re eview" and "S Single Sign-On n for Terminal l Services" on the Microsoft t TechNet Web site.
1-7
TS Core Functionality
Key Points
The following are the requirements for configuring TS core functionality on the client: High resolution monitors, such as super video graphics array (SVGA) or 1680 x 1050 or 1920 x 1200 Windows portable devices Embedded POS for .NET devices
The core functionality works with: RDC 6.0 available with Windows Vista and Microsoft Windows XP RDC 6.1available with Windows Server 2008
For more information about TS core functionality, see "Whats New in Terminal Services for Windows Server 2008" on the Microsoft TechNet Web site.
1-8
K Points Key
RDC 6.1: Is available with Windows Server 2008 and Windows Vista with SP1 1. emote Desktop Protocol (RD DP) 6.1 on the client comput ter. Supports Re
rator, you can remotely conn nect to a Wind dows Server 20 008-based serv ver by using th he new As an administr /a admin switch introduced in RDC R 6.1. RDC 6.1 does not support the /co onsole switch used u in Micros soft W Windows Server 2003. Howev ver, to connect t to a physical console sessio on on Window ws Server 2003-based se erver from Win ndows Vista SP P1, you can use e the mstsc.exe/admin comm mand. Fo or more inform mation about RDC, see "Terminal Service es Core Functi ionality" on th he Microsoft Te echNet Web site. s
1-9
K Points Key
Bo oth RDC 6.0 an nd RDC 6.1 support higher-r resolution desktops and pro ovide for spann ning of multiple m monitors horizo ontally to form m a single large e desktop. Yo ou can also set a custom display resolution n in a .rdp file using the Rem moteApp Micro osoft Managem ment Co onsole (MMC) ) or at the com mmand prompt. To o set a custom m display resolu ution in a .rdp file by using a text editor, add or change the following se ettings:
desktopwidth:i:<width> desktopheight:i:<height> >
To o set a custom m display resolu ution at the co ommand prom mpt, use the ms stsc.exe comm mand as follows:
mstsc.exe /w w:<width> /h:<height>
In n the syntax, <width> and <height> are th he resolution valuesfor v exa ample, 1680 and 1050. Sp panning of a session across multiple m monitors requires: Same resolution on all the monitorsf for example, al ll monitors hav ving 1024 x 76 68 resolution a monitors Horizontal alignment of all ution of all mo onitors not to exceed e 4096 x 2048 Total resolu
ou can enable spanning of the t same sessio on across mult tiple monitors by changing the t settings in a .rdp Yo fil le or at the command prompt. To o set spanning g in a .rdp file using u a text ed ditor, add or modify m the follo owing setting:
Span:i:<num>
1-10
If <num> = 0, then monitor spanning is disabled and if <num> = 1, then monitor spanning is enabled. To set spanning at the command prompt, type the following command:
mstsc.exe /span
Question: In which scenarios, would custom display resolution and spanning help in an organization? For more information about RDC display, see "Remote Desktop Connection Display" on the Microsoft TechNet Web site.
1-11
K Points Key
In n Windows Ser rver 2008 TS, you y can further enhance the end-users experience of co onnecting to a remote de esktop with th he Desktop Exp perience feature. This feature e provides the e functionality of Windows Vista V su uch as Window ws Media Pla ayer 11, deskto op themes, and d photo management. Th he TS client co omputers with Windows Vista include the Windows W Aero o interface th hat shows: t glass window ws Translucent Customized d lightweight window w colors s Open windows in a three e-dimensional stack on the desktop d mations supporting the repositioning of wi indows Subtle anim
Note: The desktop composition feature using Windows Aero N A works fro om a Vista clien nt to a Vista te erminal se erver only. Windows Server 2008 also pro W ovides the ClearType featu ure that is now w supported ov ver RDP. This feature f w works by smoot thing the characters, thus making it easier r to read text on o LCD screens s. Because this s feature w not suppor was rted over RDP prior to Windo ows Server 200 08, text over TS T was displaye ed in low resolution. Th he smoothing of fonts is also o available on client comput ters having: Windows Vista V Windows Server 2003 wit th SP1 and SP2 2 and RDC 6.0 0 X with SP2 and RDC 6.0 Windows XP
1-12
K Points Key
Th he new PnP Re edirection Fram mework provid ded in Window ws Server 2008 8 enhances the e PnP device re edirection over r RDP. The PnP P device redire ection, howeve er, is not availa able for nested d terminal serv ver co onnections. Fo or example, a client c compute er with a PnP device d is redire ected to a session with termi inal se erver 1. The client then conn nects to anothe er session with h terminal serv ver 2 from with hin the termina al server 1 session. The PnP P device will not be availab ble for this ses ssion with term minal server 2. Windows Serv ver 2008 al lso redirects de evices that use e POS for .NET T1.11. Note: POS redir N rection is not supported s if th he terminal ser rver has x86-b based version of o Windows Se erver 20 008. Yo ou can enable POS for .NET device redirec ction by editing the .rdp file used to conne ect to the term minal se erver as follow ws:
redirectposdevices:i <va alue>
In n the above syntax, if <value e> = 0, POS for .NET device redirection is disabled d and if f the <value> =1, it is en nabled. Fo or more inform mation about device redire ection, see "Plu ug and Play Device D Redirec ction for M Media Players and a Digital Ca ameras" and "Microsoft Point of Service for f .NET Devic ce Re edirection" on n the Microsoft TechNet Web W site.
1-13
K Points Key
Th he TS sever role service can be installed on n a single serve er as a standal lone instance. Alternatively, you can im mplement a TS S farm compris sing multiple terminal server rs to facilitate load l balancing g in a large or rganization. Windows W Server 2008 provide es the TS Session Broker role e service that allows a administrators to o load balance e sessions betw ween terminal servers s in a far rm. TS Session Broker stores information related to o the state of a session. This information is s used to distribute the sessio ons evenly bet tween the term minal se ervers. Question: What problems do Q o you anticipat te if a standalo one instance is used as a term minal server in n an or rganization ha aving many bra anches?
1-14
A standalone in nstance is used d in small organizations that require minim mum administr ration. This en nvironment us sually includes one terminal server that is accessed a by a few client com mputers. La arge organizat tions require a farm installation that caters s to many bran nches. This typ pe of environm ment re equires multiple terminal ser rvers that can be b easily acces ssed by many client computers.
1-15
L Lesson 2
After installing the t TS server role r service, yo ou can start co onfiguring the TS settings acc cording to you ur or rganizations requirements. r T take maxim To mum advantag ge of TS, you need to plan what type of ap pplications you u would require to run on th he terminal ser rver. You can even e configure e a specific pro ogram to o start when yo ou start a sessi ion on the term minal server. To T enhance the e performance e of the termin nal se erver, you can restrict the nu umber of simultaneous remo ote connection n sessions on the terminal se erver. Yo ou can configu ure these settings on TS by using u the Term minal Services Configuration C snap-in.
1-16
Q Question : Whic ch program wo ould you want t to launch at the t start of a TS T session in yo our organization?
1-17
K Points Key
It is a best pract tice to configu ure the maximu um number of f sessions that can connect to t the server by b using Group Policy. Any A modificatio ons in Group Policy P should be b validated be efore applying g them to users and co omputers. As an a administrator, you can inv voke Group Po olicy by using the Active Directory Users and Co omputers snap p-in on the computer that has h the domain n controller. N Note : The recom mmended pra actice is to limit users to one remote sessio on. Q Question : What kind of prob blems do users encounter wh hen there are too t many remo ote connection ns?
1-18
K Points Key
Th he Terminal Se ervices Configu uration snap-in can be used to edit setting gs such as secu urity, session tim meouts, and encryption e leve els based on th he connection. . To configure RDP-Tcp Connections, you can use th he following ta abs in the RDP-Tcp Propertie es dialog box: General ttings Log On Set Sessions nt Environmen Security ntrol Remote con Client Settings dapter Network Ad
ome best practices for using g terminal servers: So Install only specific servic ces required in a branch offic ce environmen nt to minimize security risks. t TS session broker role se ervice that enables load balancing of sessio ons between te erminal Configure the servers in a farm. t license serv ver discovery mode m to ensur re that the terminal server ca an obtain the Configure the required lic cense from the e license server r.
Fo or more inform mation about configuring TS, T see "Windo ows Server 20 008 RC0 TS Ses ssion Broker Lo oad Balancing g Step-by-Step p Guide" and "Configuring License Settin ngs on a Terminal Se ervices" on the Microsoft TechNet Web site. s
1-19
O Overarching Scenario
Yo ou are the Win ndows Applica ation Platform Services techn nology specialist for Woodgrove Bank, which has a presence in America, Europe, the Middle East, Africa (EM MEA), and Asia a. Woodgrove Bank's inform mation te echnology (IT) department is s responsible for f maintaining g the database e, applications, , user authentication, Group Policy, an nd permissions. It is also resp ponsible for th he performanc ce of the server and enterprise in nfrastructure. Currently, you are a using simp ple RDP or any third party utility to control the remote co onsole. You install all pr rograms on all client compu uters, which is time t consumin ng. It is also difficult to main ntain and upgr rade all th he applications s on every indi ividual machin ne. Therefore, the t management has advise ed you to implement th he Windows Se erver 2008 TS environment. Installing TS would w increase productivity and a ensure optimal ut tilization of the network ban ndwidth to acc cess remote ap pplications. As a technology specialist in W Woodgrove Ban nks IT departm ment, you have e been tasked with installing g and configur ring the TS en nvironment.
1-20
Exercise Overview
In this exercise, you will install and configure the TS core functionality at the New York head office. The main tasks for this exercise are as follows: Start the 6428A-NYC-DC1-01 and 6428A-NYC-TS-01 virtual machines and log on to these machines as Administrator. 2. Install the TS server role service. 3. Configure authentication on the terminal server. 4. Configure the default credentials to be used on the terminal server. 5. Create a .rdp file and configure custom display. 6. Enable ClearType and Font smoothing. 7. Enable support for PnP redirection. 8. Install and configure WSRM. 9. Install the Desktop Experience. 10. Remotely connect to TS by using RDC. 1.