ADSI Access to User Parameters
Under Win2K, the only Terminal Services parameter of a user object that was accessible from the command line was the Terminal Services Profile Path attribute accessing this attribute required the TSPROF tool. WS2K3 exposes all Terminal Services attributes to ADSI. Using the Windows Script Host WSH and your preferred scripting language, you can now easily configure users' Terminal Services settings. I'll discuss the ADSI objects and provide some sample scripts in Chapter 4, but for now, here is...
Terminal Services Manager
When you launch the Terminal Services Manger administrative tool, you are presented with a list of all servers that have Terminal Services enabled in the domain. Using this tool, you can easily see to which servers users are connected, from which client devices they're accessing the servers, and which processes and applications they are running in their sessions. Figure 4.16 shows the Terminal Services Manger interface. pf TS2K3 - Terminal Services Manager lt amp RDP-Tcp listener -SJj Console...
triCerat Tei
If you are installing Terminal Server Licensing on a server in AD, you are presented with two options for the mode of the server Domain Workgroup and Enterprise. The mode selected determines how the licensing service advertises itself to the terminal servers. If you are in a workgroup or non-AD domain, the Enterprise option is not available. I will explain the discovery process in the next section, but for now, you should understand that an Enterprise license server will be discoverable by...
Usrlogoncmd
The first section of the USRLOGON.CMD script calls SETPATHS.CMD. Listing 5.1 shows this section. Call SystemRoot Application Compatibility Scripts SetPaths.Cmd If SETPATHS FAIL Goto Done Listing 5.1 The first section of USRLOGON.CMD. The SETPATHS.CMD subscript checks to make sure that the registry keys for the user's application environment are in place. The registry keys for the current user variables can be found in the Folders subkey, and the keys for all user variables are in the same...
Restrict Each User to One Setting
The last setting to be considered is Restrict each user to one session. Enabling this setting will prevent users from establishing multiple sessions on the server, which will help conserve resources on the server by only allowing each user to take up the overhead of a single session and run all required applications within that session. Keep in mind that if you are going to be offering direct access to individual applications outside of a desktop environment, your users might need the ability...
ThirdParty Load Balancers
Although Microsoft NLB is robust, easy to configure and manage, and is free with all editions of WS2K3, there are many reasons to consider a third-party load balancer for your terminal server environment. Perhaps you need to distribute your servers across multiple subnets. Or you need more that 32 servers to support the number of users in your environment. Maybe you are using Session Directory and want to enable connection tokens so that you can hide the physical IP addresses of your terminal...
RDP Protocol Enhancements
Some of the biggest changes in WS2K3 Terminal Services from previous versions come in the enhancements made to RDP. The protocol now supports several new resource redirection abilities. You might be familiar with some of them if you have been using Windows XP's Remote Desktop ability. These enhancements bring RDP up to par with Citrix's ICA protocol in many ways. You are now able to redirect client drives, audio output, clipboard, ports, time zone, and Windows keys for example, ALT TAB . RDP...
License Assignment
Every time a client connects to a terminal server, the license server is contacted to either validate an existing license or issue a new license. The type of licenses that a terminal server will issue is determined by its licensing mode Per Device or Per User. You can set the mode through either the Terminal Services Configuration administration tool or by Group Policy. The default is Per Device mode, unless you are upgrading Win2K terminal server that is in Internet Connector mode, in which...
install and Execute Modes
For registry and INI file mapping to work, the system must be in the proper mode for either application installation or execution. To switch the server into install mode, simply invoke the Add New Programs Wizard in the Add Remove Programs Control Panel applet. To switch back to execute mode, close the wizard. If you try to run a SETUP.EXE program from outside the Control Panel, the terminal server will correct you by sending the error message that Figure 5.4 shows. Figure 5.4 Attempting to run...
triCerat Gyu
You must ensure the Terminal Services Session Directory Service is running on the specified session directory server. Network adapter and IP address session directory should redirect users to 192.168.1.105 I ntel R 32559 Fast E thernet LO M with Alert on LAN - Network Load Balancing Filter Di w l IP address redirection uncheck for routing token redirection Figure 3.14 Session Directory settings for a terminal server. Figure 3.14 Session Directory settings for a terminal server. Here you enter...
triCerat Yri
Jane Doe doesn't have a network home directory, so her templates should be stored in her user profile folder. In Jane's session, the HOMEDRIVE variable resolves to C and HOMEPATH resolves to WTSRV Profiles Jane.Doe. Once again, we can't use variables in the registry key, so we don't have an easy way to reference Jane's profile directory. The Administrator has set ROOTDRIVE W in the script, so once again USRLOGON.CMD connects W directly to Jane's profile directory, and we can use W in the...
Application Compatibility Script Installation
Some applications require post-installation modifications or on-the-fly changes upon user logon. These changes are made by using an application compatibility script. You have already seen the list of application compatibility scripts that Microsoft provides for Terminal Services, and I'll use one of these applications as an example Netscape Communicator 4.5. We begin, as with any other application, with the Add New Programs Wizard. Install Netscape as you normally would, then click Finish to...
INI File Mapping
Before Windows 95, all settings for the system and applications were stored in INI files initialization files . Legacy applications will occasionally use these files today. Unlike the registry, which has separate areas for per-user and per-machine settings, INI files are global, so changes made by one user would affect everyone on the terminal server. In addition, most terminal servers are configured so that non-administrative users don't have adequate rights to make changes to these...
Custom Installation
Some software manufacturers take Terminal Services into account when writing their programs and provide you with instructions about how to install their applications on a terminal server. As an example, let's go through the process of installing an application that was designed with Terminal Services in mind Microsoft Office 2000. Office 2000 in its raw form has a number of problems when running on Terminal Services Install on First Use Because users don't have the rights to install components...
Configuring Session Directory
To take advantage of the Session Directory feature, all terminal servers in the cluster must be running WS2K3 Enterprise or Datacenter edition. The Session Directory server can use any edition of WS2K3. You can even create the Session Directory on one of the terminal servers in the cluster, although it is not recommended because that would prevent you from taking that terminal server offline for software installations upgrades without impacting the entire cluster. To configure Session...
Resultant Set of Policy
With a complex domain that employs many Group Policies and combinations of standard and loopback processing, it becomes very difficult to keep track of the net effect of the GPOs and to fully predict the result of moving a user or computer from one OU to another. To help with this challenge, Microsoft provides the Resultant Set of Policy tool RSOP.MSC . You can access this tool from a Run command to retrieve the RSOP of the current user and computer this information is helpful in identifying...
triCerat Asa
Next, look at the HKEY_CURRENT_USER Software key to determine whether the application configured any registry keys. If so, look for the same types of values here and make notes of any that you find. Also check whether the keys were mirrored in the Terminal Server section of the HKEY_LOCAL_MACHINE hive. If not, you should create a .REG file of the application's HKEY_CURRENT_USER Software key by selecting regedit's Export Registry File option from the Registry menu. You will need this file later...
Application Compatibility Scripts
Many applications don't take Terminal Services into account and store user-customizable components on the C drive of the computer. These components can include templates, macros, and dictionary files. On a workstation, if a user modifies any of these files, the change would also affect any other user that logs on to the same computer. But on a terminal server, changes would also affect any other users logged on simultaneously. This behavior can create problems when these files are in use by one...
Terminal Services Compatibility Flags
When you install an application, Terminal Services creates a compatibility flag registry key, which Figure 5.15 shows, that instructs Terminal Services about which type of program the application is MS-DOS, 16-bit, 32-bit . If you're installing a legacy application that will not run on Terminal Services, you can change this flag so that Terminal Services makes adjustments when the application is launched. Figure 5.15 The compatibility flags registry values. Figure 5.15 The compatibility flags...
triCerat Eib
fe C WINDOWS Application Compatibility 5cripts Install Address C WINDOW5 Application Compatibility 5cripts Install Template eudora4.cmd msvs6.cmd outlk98.cmd Figure 5.5 Application compatibility scripts provided by Microsoft. As you can see, Microsoft only includes application compatibility scripts for Eudora 4, Visual Studio 6, and Outlook 98. If you are still using other legacy applications in your environment such as Office 97, Project 95, and so on you might want to copy the application...