In my first article about the new features of Terminal Services in Windows Server 2008, I discussed some general enhancements. Today, I will examine the improvements regarding its multi-user mode.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
You probably know that in multi-user mode, users connect via RDP to a Windows server to work remotely with desktop applications. To configure multi-user mode in Windows Server 2008, you have to add the Terminal Server role with Server Manager. Note: You can try some of the features discussed here also in single-user mode.
Terminal Services RemoteApp
This feature allows users to launch a single application on a Terminal Server. That means they don't get a full blown remote desktop with Start Menu, Explorer and so on. The application runs on the server, but is more or less indistinguishable from a desktop application. With the RemoteApp manager, you can configure which applications you want to deploy this way. You also use the RemoteApp manager to create a MSI or RDP file which has to be launched on the user desktop. If you worked with Citrix Metaframe, you know this feature under the term "seamless desktop integration".
Terminal Services Web Access
In Windows Server 2003, this feature was called Remote Desktop Web Connection. We never used it because we are working with Citrix Metaframe which has more sophisticated capabilities in this field. With TS Web Access however, Microsoft is catching up. As far I can see now, its major enhancement is that TS Web Access can be combined with TS RemoteApp. This way, you can launch single apps running on a Windows Server 2008 host from a web page. Just click on a web link and have your Excel 2007 started as if it were running locally. On Vista machines, it is not necessary anymore to download the RDP ActiveX control, because the RDC 6 client already supports TS Web Access. On XP machines, you have to install the RDC 6 client first.
Terminal Services Gateway
This new feature of Windows Server 2008 enables you to connect to TS by tunneling RDP over HTTPS (HTTP with SSL encryption). In some cases, this might make VPN superfluous. A nice feature of TS Gateway is that it works together with NAP (Network Access Protection), another new feature of Windows Server 2008. So you can restrict TS access to certain constraints such as the availability of updated antivirus software on the client. This is an interesting feature, considering that users can access local drives in a TS session.
Terminal Services Licensing
TS Licensing offers two new interesting features. For one, you can now also issue Per-User TS CALs. Windows Server 2003 only supports Per-Device licenses. Second, it is possible now to revoke CALs. However, this only works for Per-Device licenses. Another restriction is that the number of devices in revoked state cannot exceed 20 percent. A device is in revoked state, if its TS CAL was reclaimed by an admin. It stays in this state until the original expiration period is expired. This restriction shall prevent misuse of the revocation feature.
Terminal Services WMI Provider
Like many other components in Windows Server 2008, TS WMI (Windows Management Instrumentation) offers many enhancements. Most interesting is that you can now write a script that monitors the usage of TS licenses and informs you if certain thresholds are met.
Terminal Services Session Broker
The TS Session Broker (formerly called TS Session Directory) allows users to reconnect to a certain server in a load-balanced Windows Server terminal server farm. New in Windows Server 2008 is that TS Session Broker already includes load balancing. So you don't need Microsoft Network Load Balancing (NLB) or a third-party load balancer. Another change is that the TS Session Broker is now available in the Standard Edition of Windows Server 2008. TS Session Directory required at least Windows Server Enterprise Edition.
Subscribe to 4sysops newsletter!
Terminal Services Draining
Did it ever happen to you that you sent messages to TS users because you had to reboot the server, but they just ignored your request to log off? And even if they gave in, usually new users tend to logon just at that very moment where you were about to push the reset button. You could prevent new logons with the chglogon.exe /disable command. However, this also prevents users from accessing a disconnected TS session to save their work. The so-called drain mode in Windows Server 2008 solves this problem. Chglogon.exe /drain only prevents users from logging on if they have no disconnected session on the Terminal Server and administrators are still allowed to logon using mstsc /admin. You can also set TS in to drain mode with the TS Configuration UI.