Microsoft Terminal Services

From ThinManager Knowledge Base
Jump to: navigation, search

This article covers Terminal Server configuration, Microsoft User creation, and the Terminal Services Configuration console as an aid in terminal services management.
This Tech Note is provided because of customer requests. It is not a replacement for information from Microsoft.

Contents

Role of Terminal Server

A terminal server is a Windows 2003 that has terminal services enabled. This allows the server to act like a mainframe in a client/server architecture. A client logs into the terminal server and starts a session. Keystrokes and mouse movements are sent from the client to the session on the terminal server. All processing takes place on the terminal server and the resulting graphics are sent to the client for display.

ThinManager Servers vs. Terminal Servers

A ThinManager Ready thin client will connect to a ThinManager Server to get its firmware and configuration. The configuration sends the thin client to the terminal server(s) to start a session(s). Both ThinManager and Terminal Services are needed. They can be on separate computers or installed on the same computer.

Terminal Services Configuration

Any Windows Server can be configured to be a terminal server.

  • Build a Windows 2003 Server. A clean install is better than converting an existing server.
  • Enable Terminal Services in the Windows Components Wizard by selecting Start > Control Panel > Add/Remove Programs > Add/Remove Windows Components and checking the Terminal Services checkbox.
  • Select the Permission Compatibility during the Terminal Services installation. Most HMIs require the default Relaxed Security because the Full Security setting requires users to have administrative rights. This can be changed in the Server Settings of the Terminal Services Configuration Console as described in section 3.2.

Virtual Memory

Setting Virtual Memory to have the same Initial Size as its Maximum Size may increase performance, as the server doesn’t need to keep changing the size of its page files. Setting the Virtual Memory page file to twice the size of the physical memory should also increase performance.

  • Go to Control Panel > System > the Advanced Tab > Performance Settings to launch the

Performance Options.

  • Select the Virtual Memory Change button on the Advanced tab.
  • Set the Initial size and Maximum size to the same value to speed performance.

Changing the virtual memory requires a computer reboot.

Microsoft Users

domain accounts or local accounts on each terminal server.

  • Create a unique user account for each terminal or user in the Computer Management console (Start > Program Files > Administrative Tools > Computer Management). Highlight the Users folder in System Tools/Local Users and Groups and select Action > New User from the menu.
  • Add the users to either the Remote Desktop Users group or the Administrators group to allow

access to the terminal server.

  • Some HMIs also require that users also be members of the Power User group to run successfully.
  • Apply any group policies as needed.
  • Windows 2003 activates a secure screen saver for each user by default requiring CTL+ALT+DEL to unlock. Users of touch screens will want to deactivate this, either in each user account or in the Group Policy Editor (gpedit.msc) at User Configuration > Administrative Templates > Control Panel > Display.

Terminal Services Configuration Console

The Terminal Services Configuration console provides tools for configuring the connection between terminals and the terminal server. It can be opened by selecting Start > Program Files > Administrative Tools > Terminal Services Configuration or by typing tscc.msc at a command prompt

Connections – RDP-tcp Properties

The Connections folder in the tree will show the connection protocols. Highlight Connections on the left and double-click on RDP-tcp on the right to launch the RDP-tcp Properties page.

Allow Audio Mapping for Terminal Sound

  • Sound redirection to terminals is turned off by default.
  • Select the Client Settings tab and unselect Audio Mapping to allow sound to be redirected to the terminal.
  • Any users will need to log out and login to apply the change.

End Disconnected Sessions

Many users will want to keep disconnected sessions on the server to allow a user to reconnect to an existing session. If desired, the terminal server can be configured to delete disconnected sessions from the terminal server to reduce the resource and to have the terminals start fresh sessions when they reconnect.

  • Select the Sessions tab, select the Override user settings and set the End a disconnected session parameter.
  • Any users will need to log out and login to apply the change.

Server Settings

The Server Settings folder in the tree contains server configuration. Highlight Server Settings on the left to display the settings. The following settings are of interest.

Licensing

In Windows 2000, each device using terminal services, whether a PC or thin client, required a TS CAL (Terminal Services Client Access License). One needed a TS CAL for each device. This is the Per Device model.
Microsoft introduced a second method of assigning TS CALS in Windows 2003 called the Per User mode. This requires that each user have a TS CAL. This user could use several devices, one at a time.
The Licensing setting allows the terminal server to use the default Per Device mode or change to the Per User mode. Once the Per User mode is selected you cannot go back to Per Device.


Note: If you have a scenario with 10 thin clients that login with 10 unique user accounts (as recommended) then it doesn’t matter if you use Per User or Per Device as both require 10 TS CALs. However, if you have 5 thin clients login automatically but have 5 thin clients set as shared workstations where 20 people might login, the Per User mode would require 25 TS CALs instead of 10 Per Device TS CALs.


Active Desktop

The Active Desktop is turned off by default to lower bandwidth demands on the system.

Permission Capability

Windows 2000 increased security to prevent users from accessing the registry, system root, and .ini files. This is the Full Security mode.
Some applications, like many HMIs, require that the user access the registry, system root, and .ini files. If the terminal server is set to the Windows 2000 style Full Security then users must be administrators to run these applications.
If you find that an application requires administrative rights and you don’t want to grant administrative privileges to your users you can switch to the Relaxed Security mode by double-clicking the Permission Compatibility setting.

Restrict Each User to One Session

Windows 2000 terminal servers had problems with users having multiple disconnected sessions on the server. Windows 2003 addressed this issue by limiting each user account to a single session. If a second terminal tries to connect with the same user account, the single session will keep switching between terminals as both terminals try to run it.
The Restrict Each User to One Session setting prevents the accumulation of disconnected sessions and is a good idea to keep enforced.


Note: MultiSession from ACP works with the Restrict Each User to One Session set to Yes as long as each session has a different application specified in AppLink. You can run one desktop, Word, Excel, and Internet Explorer in separate sessions as a user on one server, but not two Word Application Groups on the same Terminal Server.


License Server Discovery Mode

In Windows 2000 Microsoft recommended a single Terminal Services License Server (TSLS) on a network. It had to be the Domain Controller if the terminal servers were in a domain.
Windows 2003 provides more freedom through the use of the License Server Discovery Mode setting. The terminal server can be left at the default Automatic setting if there is a single Terminal Server Licensing Server.
If the network has multiple Terminal Server Licensing Servers then the desired TSLS can be listed in the Use these license servers field. Multiple Terminal Server Licensing Servers can be specified to provide a backup license server.

Personal tools
Namespaces

Variants
Actions
Navigation
Events
Toolbox