Security Tab
This
tab enables you to set user permissions for all RDP connections to the
terminal server. It is recommended that you do not use this tab to
configure user access to Terminal Services; for that, use the Remote
Desktop Users group instead. You should use this tab to determine which
users should have administrative control (Full Control) of Terminal
Services.
The Security tab is shown in Figure 10.
Configuring Terminal Services Server Properties
Besides
the RDP-Tcp Properties tabs, the TSC console offers a second important
set of Terminal Services configuration options, available through the
Edit Settings area. These settings apply to the entire terminal server
only; unlike RDP-Tcp or other connection settings, they cannot be
configured to apply merely to one transport protocol or to one
particular network adapter.
The
Edit Settings area provides a summary of seven terminal server options
organized under three categories: General, Licensing, and TS Session
Broker. To change these server options, double-click any one of them.
This procedure opens a Properties dialog box whose three tabs are also
named General, Licensing, and TS Session Broker.
The options available in these three tabs are explained in the following section.
General Tab
The General tab enables you to configure the following features related to user logon sessions:
Delete Temporary Folders On Exit
When this option is enabled, as it is by default, all temporary data is
deleted when a user logs off from a Terminal Services session. Deleting
temporary data in this way decreases performance but improves privacy
because it prevents users from potentially accessing another user’s
data.
This setting functions only when the next option, Use Temporary Folders Per Session, is also enabled.
Use Temporary Folders Per Session
Enabled by default, this option ensures that a new folder to store
temporary data is created for each user session. When this option is
disabled, temporary data is shared among all active sessions. Sharing
temporary data among users can improve performance at the expense of
user privacy.
Restrict Each User To a Single Session
This option is enabled by default. When enabled, it allows only one
logon session to the terminal server per user. For instance, if you are
logged on to a server locally with the built-in Administrator account,
you cannot log on to the same computer through a Remote Desktop
connection by using the same Administrator account until you first log
off the server locally.
By
ensuring that you log off one session before beginning another, this
default setting prevents possible data loss in the user profile. It
also prevents stranded user sessions and, therefore, conserves server
resources.
User Logon Mode
The settings in the User Logon Mode area enable you to prevent new
users from logging on to the terminal server, for instance, in advance
of a maintenance shutdown. The Allow All Connections option is the
default setting. To prevent users from connecting to the terminal
server indefinitely, you can select the Allow Reconnections, But
Prevent New Logons option. To prevent users from connecting to the
server only until you reboot the server, you can select the Allow
Reconnections, But Prevent New Logons Until The Server Is Restarted
option. Note that none of these options forces a session termination.
If you need to reboot a server, you might need to end these sessions
manually.
The General tab is shown in Figure 11.
Licensing Tab
The Licensing tab, shown in Figure 12,
enables you to configure two features related to terminal server
licensing: the licensing mode and the license server discovery mode.
Terminal Services licensing mode During
the installation of the Terminal Services server role, you can specify
the licensing mode of the terminal server or select the option to
configure the licensing mode later. To set or reset the licensing mode
after installation, select the Server Properties Licensing tab, and
then choose the Per Device or Per User option in the Specify The
Terminal Services Licensing Mode area.
License server discovery mode
The license server discovery mode is the method by which a terminal
server contacts a license server to obtain TS CALs. By default, the
discovery mode is set to Automatically Discover A License Server. In
the automatic license server discovery process, a terminal server
attempts to contact any license servers published in Active Directory
services or installed on domain controllers in the local domain. As an
alternative to the automatic discovery mode, you can specify the
license server manually by selecting the Use The Specified License
Servers option and by then typing a license server name or address in
the associated text box.
TS Session Broker Settings Tab
The TS Session Broker Settings tab, shown in Figure 13,
is used to configure settings for a member server in a TS Session
Broker farm. TS Session Broker can be used to balance the session load
among servers in a farm by directing new user sessions to the server in
the farm with the
fewest sessions. TS Session Broker is also used to ensure that users
can reconnect automatically to disconnected sessions on the appropriate
farm member server.
Note: TS Session Broker and Active Directory
The server on which you install TS Session Broker must be a member of a domain.
To
configure a terminal server farm, the first step is to install the TS
Session Broker role service on a server that you want to use to track
user sessions for the entire farm. This server becomes the TS Session
Broker server. Then, you need to add the terminal servers in the farm
to the Session Directory Computers local group on the TS Session Broker
server. Finally, you have to configure the terminal servers to join the
farm by configuring the following desired options on this tab:
Join A Farm In TS Session Broker Select this check box to add the local server to a farm and to make the remaining options available for configuration.
TS Session Broker Server Name Or IP Address In this text box, type the name or IP address of the server on which you have installed the TS Session Broker role service.
Farm Name In TS Session Broker
In this text box, you must type the name of the farm that will be
shared by all farm members. This name also represents the Domain Name
System (DNS) name that clients will use to connect to the terminal
server farm. (For this reason, in the appropriate DNS server, be sure
to add multiple DNS records that correspond to this farm name and that
specify the IP address of each farm member.)
Participate In Session Broker Load-Balancing Select this check box to configure the local server to participate in the load balancing feature enabled by TS Session Broker.
Relative Weight Of This Server In The Farm
You can use this setting to give powerful servers a larger proportion
of user sessions than less powerful servers. For example, if you assign
a powerful server a weight of 200 and a less powerful server a weight
of 100, the first server will receive twice the number of sessions as
the second server.
Use IP Address Redirection (Recommended)
Session Broker can use two methods to redirect a client to a
disconnected session: IP address redirection and routing token
redirection. IP address redirection is enabled by default and is
suitable in most scenarios. This redirection method works when the
clients can connect to each terminal server in the farm directly. Clear
this check box only if your terminal services clients cannot connect to
all terminal servers in the farm and when your network load balancing
solution supports TS Session Broker routing tokens.
Select IP addresses to be used for reconnection Use this section to select the IP address that you want to enable for use in the terminal server farm.
Important: TS Session Broker and load balancing initial connections
To
distribute the initial connections to the server farm, TS Session
Broker load balancing must rely on a load balancing solution such as
DNS round-robin, Network Load Balancing, or a hardware load balancer.
Configuring Terminal Services Printer Redirection
Printer redirection
is a feature that enables the client’s printers to be used as printers
for a Terminal Services session. Although you can easily modify basic
options regarding printer redirection in the Client Settings tab of the
RDP-Tcp Properties dialog box, Group Policy contains important
additional options concerning this feature.
You
can disable or customize the behavior of printer redirection by using
Group Policy and the Group Policy Management console. To find printer
redirection configuration options in Group Policy, open a Group Policy
object (GPO), and navigate to Computer
Configuration\Policies\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Printer Redirection. Within the Printer Redirection folder, you can configure the following five policy settings:
Do Not Set Default Client Printer To Be Default Printer In A Session
By default, Terminal Services automatically designates the client
default printer as the default printer in a Terminal Services session.
You can use this policy setting to override this behavior. If you
enable this policy setting, the default printer in the Terminal
Services session will be designated as the printer specified on the
remote computer.
Do Not Allow Client Printer Redirection
This policy setting essentially disables printer redirection
completely. If you enable this policy setting, users cannot redirect
print jobs from the remote computer to a local client printer in
Terminal Services sessions.
Specify Terminal Server Fallback Printer Driver Behavior
This policy setting determines the behavior that occurs when the
terminal server does not have a printer driver that matches the
client’s printer. By default, when this occurs, no printer is made
available within the Terminal Services session. However, you can use
this policy setting to fall back to a Printer Control Language (PCL)
printer driver, to a PostScript (PS) printer driver, or to both printer
drivers.
Use Terminal Services Easy Printer Driver First
The Terminal Services Easy Printer driver enables users to print
reliably from a terminal server session to the correct printer on their
client computer. It also enables users to have a more consistent
printing experience between local and remote sessions. By default, the
terminal server first tries to use the Terminal Services Easy Printer
driver to install all client printers. However, you can use this policy
setting to disable the use of the Terminal Services Easy Printer driver.
Redirect Only The Default Client Printer
By default, all client printers are redirected to Terminal Services
sessions. However, if you enable this policy setting, only the default
client printer is redirected in Terminal Services sessions.