Terminal Services in Windows Server 2008 were enhanced by many new features. In this post, I summarized some of the more general improvements. In the next post in this series, I will write about the TS enhancements related to multi-user mode. These posts are partly a summary of Mitch Tulloch's Terminal Services chapter in his Windows Server 2008 book.
- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
Notice that the distinctions between TS feature types regarding multi-user mode and remote administration mode are not strict. Also note that some of the new features of the new Remote Desktop Connection (RDC) 6.0 TS client work with Windows Server 2003, too. For the sake of completeness I also included them in this post.
Network Level Authentication
The new RDC client authenticates against the server before a Terminal Services session is established. This reduces the risk of man-in-the-middle attacks. In Windows Server 2008, it is possible to allow connections only if Network Level Authentication is enabled.
You can configure the RDC 6 client to warn you to stop the connection process if Server Authentication fails.
The maximum display resolution is 4096x2048 now. Furthermore, 16:9 and 16:10 displays are now supported. You can't use full screen mode with previous RDC versions. It possible to work with 32 bit color mode and ClearType font smoothing.
Display Data Prioritization
Keyboard, mouse and display data has a higher priority now than other RDP data. So if you are transferring a huge file or print a large document using RDP, your desktop won't freeze, anymore.
Users can work with a desktop similar to the one they know from Windows XP or Vista. The latter only works together with Windows Server 2008. Desktop Experience is a feature you can add with Server Manager in Windows Server 2008.
If the client is a Vista machine you can even use Aero as long as the client's hardware supports it and Desktop Experience is installed on the server. However, this only works if the Terminal Services are running in administration mode or the host is a Vista machine. You can enable Desktop Composition thru the RDC client's Experience tab.
Plug and Play Device Redirection Framework
Plug and play devices supporting device redirection can be accessed from a TS session. It would be nice if this works like USB devices under VMware Workstation. Unfortunately this is not the case. I just tried it with a relatively new USB stick and it didn't work, probably because the driver of the memory stick doesn't support device redirection.
TS Easy Print
This new feature allows you to use your local printer in a TS session even if the printer driver is not available on the server. It is interesting to note that TS Easy Print makes use of XPS (XML Paper Specification), Microsoft's alternative to PDF.
If client and server belong to a Windows domain, you can configure the client to authenticate against Terminal Services with the same credentials used to logon on the client machine. This only works if the client runs Windows Vista and the server Windows Server 2008. I have been waiting for this feature for a long time, already. Unfortunately, the configuration is a bit complicated. You have to specify all servers for SSO in advance using Group Policy. I rather preferred a setting in the RDC client configuration for this feature.
Subscribe to 4sysops newsletter!
Changes in Remote Administration
There are several noteworthy changes with respect to Remote Administration. I will post an article about this topic soon, since this is the most interesting part for systems administrators. Most notable is that the distinction between console and terminal sessions has been abolished more or less and that admins now get a disconnect dialog informing them that someone else is trying to connect to the server if the two available licenses are already occupied.