Remote
Desktop allows you to manage from one central location multiple Windows
Server machines that may physically sit in different regional offices.
By
default, remote access to your Windows Server 2008 server is disabled.
You need to enable this feature to be able to access the server
remotely. While this is an easy task, it does differ a little from the
process in Windows 2000/2003 Server. Follow these steps to enable
remote access:
1. | Right-click
Computer, in the Start menu, and select Properties. The Windows
2000/2003 Server Properties dialog box does not appear; instead, a
System Control Panel appears (see Figure 1). The System Control Panel gives you a nice overview of your server that has the following sections:
- Windows Edition: This shows the edition of Server 2008 that you are running and what service pack level you have installed.
- System: This shows your processor, RAM, and system type (32 or 64-bit).
- Computer Name, Domain, and Workgroup Settings:
If you click the Change Settings link in this area, you can change the
server name and join or remove the server from a domain or workgroup.
- Windows Activation:
If you are running an evaluation copy of Windows Server 2008, in this
section you can see how long your evaluation period has before it
expires. If you have purchased the same edition of Windows Server, you
can add the product key here by clicking on the Change Product Key link.
Figure 1. The System Control Panel.
|
2. | Click
the Remote Settings link in the Tasks section at the top left of the
System Control Panel. The other two links, Device Manager and Advanced
System Settings, take you to the same dialog box but directly into
their respective tabs.
|
3. | When the Systems Properties dialog box appears, if needed, select a setting other than Don’t Allow Connections to This Computer:
- Allow Connection from Computer Running Any Version of Remote Desktop (less secure): This option allows any Windows OS to connect to the server.
- Allow Connection from Computers Running Remote Desktop with Network Level Authentication (more secure):
This option allows connections only from clients running at least
Remote Desktop version 6 and supports the new Credential Security
Support Provider (CredSSP). Windows Vista and Windows XP with Service
Pack 3 meet these requirements. However, with Windows XP, Service Pack
3 you need to enable this functionality by updating the registry on the
client. (See http://support.microsoft.com/kb/951608 for instructions.)
Note
Network
Level Authentication is a new authentication technology that allows a
user’s credentials to be authenticated prior to launching Remote
Desktop and getting to the logon screen. This can help prevent
malicious attacks on the server.
|
4. | To
allow users to connect to your server, give them permission. Click the
Select Users button and then add local or domain users to the local
Remote Desktop Users group. Notice that local administrators do not
need to be added here because they already have the permissions needed
to connect.
|
5. | Click OK three times, and you have enabled users to connect to this server via Remote Desktop.
|
Not
surprisingly, there are multiple ways to enable Remote Desktop
connections. You can accomplish this with Group Policy and also while
installing the Terminal Services role.
When
you have enabled Windows Server 2008 to accept Remote Desktop
connections, you connect from your client workstation as follows:
1. | Select Start, Run and enter mstsc.
|
2. | Provide your credentials.
|
3. | Click OK, and you’re connected. (Yep, it’s as easy as 1, 2, 3.)
|
4. | To disconnect, log off the Remote Desktop session.
|
The
edition of Windows Server 2008 you have installed dictates how many
concurrent connections are allowed. How can you tell how many
connections are active at any given time? The Terminal Services Manager
helps with that. You can get to this tool by selecting Administrative
Tools, Terminal Services, Terminal Services Manager (see Figure 2).
This tool enables you not only to view who is connected but also to log
them off and disconnect their session or send them a message. You might
wonder what the difference is between logging off and disconnecting. A
user can close his or her connection to a server without logging off;
this allows his or her applications to continue
to run. Also, upon reconnecting, that person is put back where he or
she left off. When logging off the session, you are no longer running
any applications under that session. Another way to see who is
connected is to use the User tab of the Task Manager, from which you
can also disconnect, log off, or send a message to users.
Figure 2. Terminal Services Manager.
From
time to time, you will find that you are unable to connect because all
the allowed connections are being used. How can you see who is
connected? In this case, you can use the Terminal Services Manager to
connect to a remote computer. There is, however, a command-line tool, Query User, you use while you are connected to another server. Here’s how you use it:
1. | Connect to another server on your domain.
|
2. | Get to a command prompt by entering cmd in the Run box under the Start menu.
|
3. | Enter Query User /server:<servername>. The output gives you the following information (see Figure 3):
User name Session name ID State Idle time Logon time
|
Figure 3. Query User results.
Now
you know who is connected to the server, but say that you are working
on a critical issue and must connect to this server. How will you be
able to log off one of the users? Follow these steps:
1. | At
the command prompt type logoff /<server:servername> <ID>,
where <ID> corresponds to the ID number associated with the user
you want to log off, which you found when using the Query User command.
|
2. | Run the Query User
command again to confirm that the user has been logged off. The user
who was connected and then logged off receives a message that his or
her connection has been terminated.
|
You can now connect to the server via a Remote Desktop connection.
Note
You
will want to make sure the user you are disconnecting is not currently
working on any critical process; he or she may even be logged on to
work on the issue you are responding to. If possible, try to
communicate to the user that you are logging him or her off prior to
doing so.