VirtualizationAdmin.com

Frequently Asked Windows Terminal Services Questions!

FAQ topic 

[12] Frequently Asked Asp Questions!
Updated: Jun 07, 2000
[188] Frequently Asked Citrix Questions!
Updated: Oct 10, 2006
[3] Frequently Asked Sco Tarentella Questions!
Updated: Aug 16, 2002
[260] Frequently Asked Windows Terminal Services Questions!
Updated: Aug 03, 2006
1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
HOW TO: Secure Communication Between a Client and Server with Terminal Services 

PSS ID Number: Q306561

Article Last Modified on 03-14-2002

The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server

IN THIS TASK


Summary

This step-by-step article describes how to secure communications between a client computer and a server by using Windows 2000 Terminal Services.

Windows 2000 Terminal Services supports three levels of encryption: Low, Medium, and High. The default encryption level is Medium, which is likely to be appropriate for most networks. The encryption levels include:

  • Low: This level secures the user logon information and data that is sent to the server, but not the data that is sent from the server to the client. Microsoft recommends that you use this encryption level if the network is secure (for example, an intranet).

  • Medium: This level encrypts the data transmission in both directions. Microsoft recommends that you use this encryption level if the network is not secure and is located outside North America (because of 128-bit export restrictions). Note that if you connect to a Windows 2000-based server that runs Terminal Services set to Low or Medium encryption and you use version 4.0 of the Terminal Services client, your data is encrypted by using a 40-bit key. If you are using version 5.0 of the Terminal Services client, your data is encrypted by using a 56 bit-key.

  • High: This level encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America.

back to the top

To Secure Communications

To modify the encryption setting:
  1. Click Start, point to Programs, point to Administrative Tools, point to Terminal Services Items, and then click Terminal Services Configuration.
  2. Start the Terminal Services Configuration snap-in in Microsoft Management Console (MMC).
  3. Click the Connections branch, and then double-click the connection whose encryption level you want to change.
  4. Click the General tab.
  5. In the Encryption level box, click the appropriate encryption level.
  6. Click OK.
NOTE: The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.

back to the top


References

For additional information about how to activate a License server, click the article number below to view the article in the Microsoft Knowledge Base:

Q306622 HOW TO: Activate a License Server by Using Terminal Services Licensing in Windows 2000
For additional information about how to connect a client computer to Terminal Services, click the article number below to view the article in the Microsoft Knowledge Base:
Q306566 HOW TO: Connect Clients to Terminal Services By Using a Terminal Services Client in Windows 2000
back to the top
How do I Use IPSec Policy to Secure Terminal Services Communications in Windows 2000? 

PSS ID Number: Q315055

Article Last Modified on 04-22-2002

The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

IN THIS TASK


Summary

You can use Windows 2000 Terminal Services to gain access to programs in a multiple-user Terminal server environment. Communications between the Terminal Services client computer and the server that has Terminal Services enabled can contain sensitive information; therefore, you may want to optimize security between the Terminal Services client and the Terminal server. This step-by-step article describes how to configure the Terminal server to require varying degrees of encryption by using the RC4 algorithm to secure Terminal Services communications.

Many organizations use standardized Internet Protocol security (IPSec) for network security. You can configure IPSec policies on Terminal servers to force all Terminal Services communications to be protected by IPSec.

This article assumes that you are configuring computers that are a part of a domain structure. If the computer is not part of a domain structure, you may also have to configure encryption and authentication services.

For additional information about troubleshooting IPSec, click the article number below to view the article in the Microsoft Knowledge Base:

Q257225 Basic IPSec Troubleshooting in Windows 2000
To enable IPSec protection for Terminal Services:
  1. Create an IPSec filter list to match Terminal Services packets.
  2. Create an IPSec policy to enforce IPSec protection, and then enable the policy.
  3. Enable the Client (respond-only) policy on the Terminal Services clients.

back to the top

How to Create the IPSec Filter List for Terminal Services Communications

  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Click to expand Security Settings, right-click IP Security Policies, and then click Manage IP filter lists and filter actions.
  3. Click the Manage IP Filter Lists tab, and then click Add.
  4. Type terminal services in the Name box, and then type for terminal services connections in the Description box.
  5. Click to clear the Use Add Wizard check box, and then click Add .
  6. Click the Addressing tab, click My IP Address in the Source address box, and then click Any IP Address in the Destination address box.

    After you complete this step, the filter is applied to outbound packets.
  7. Verify that the Mirrored check box is selected.

    If this check box is selected, a packet filter is created to match inbound packets. All IPSec-secured communications must be protected in both directions; you cannot have unidirectional IPSec security.
  8. Click the Protocol tab, click TCP in the Select a protocol type box, and then click From this port
  9. Type 3389 in the From this port box, click To any port, and then click OK.
  10. Click Close, and then click Close.
back to the top

How to Create and Enable IPSec Policy to Secure Terminal Services Communications

  1. Start the Local Security Settings Microsoft Management Console (MMC), right-click IP Security Policies in the left pane, and then click Create IP Security Policy.

  2. After the IP Security Policy Wizard starts, click Next.

  3. On the IP Security Policy Name page, type secure terminal services connection in the Name box, and then click Next.

  4. Click to clear the Activate the default response rule check box, and then click Next.

  5. On the Completing the IP Security Policy Wizard page, verify that the Edit properties check box is selected, and then click Finish.

  6. Click the Rules tab, click to clear the Use Add Wizard check box, and then click Add.

  7. Click the IP Filter List tab, and then click Terminal Services IP Filter List.

  8. Click the Filter Action tab, and then click Require Security.

  9. Click Apply, and then click OK.

  10. Verify that the Terminal Services Filter List check box is selected, and then click Close.

  11. Right-click the new policy, and then click Assign.

back to the top

How to Ensure That Clients Respond to the Terminal Server`s Requests for Security

  1. Click Start, point to Programs, point to the Administrative Tools, and then click Local Security Policy.

  2. Click to expand Security Settings in the left pane, right-click the Client (respond only) policy, and then click Assign.

back to the top

Troubleshooting

To verify that IPSec is working, use the IPSec Monitor utility.

For additional information about IPSec Monitor, click the article number below to view the article in the Microsoft Knowledge Base:
Q313195 HOW TO: Use IPSec Monitor
back to the top
How do I Use the Terminal Services Version Limiter TSVER Tool in Windows 2000 Terminal Services? 

PSS ID Number: Q320189

Article Last Modified on 08-6-2002

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server

IN THIS TASK


Summary

This article describes how to use the Terminal Services Version Limiter (Tsver) tool to turn on version checking and to limit access to a Terminal Server based on the client version in Microsoft Windows 2000 Terminal Services.

back to the top

Overview of Tsver

The Terminal Services Version Limiter (Tsver) tool is available in the Microsoft Windows 2000 Server Resource Kit. Tsver is an administrative tool that you can use to turn on or turn off Terminal Services client version checking, and to edit or to enforce client version policy numbers. This tool provides a way for you to control which clients can connect to the server based on the client version.

With Tsver, you can perform the following tasks:
  • Turn on or turn off Terminal Services client version checking.

  • Specify which client versions are allowed to connect to the server and which client versions are disallowed to connect to the server.

  • Create a custom message to send to users who try to connect to the server with a client version that is disallowed.

  • Record all failed logon attempts in the Security log of Event Viewer.

back to the top

How to Turn On Version Checking

To turn on version checking, follow these steps:
  1. Install the Windows 2000 Server Resource Kit.
  2. Click Start, and then click Run.
  3. Type tsver in the Open box, and then click OK.
  4. Click Next.
  5. Click Enable Version Checking, and then click Next.
  6. Specify which client versions you want to allow or disallow on your Terminal Server. To do so, use either of the following methods:

    • In the Available client versions list, click the version number that you want, and then click the appropriate button to allow or disallow the version number or numbers that you selected.

      -or-

    • In the appropriate boxes, type the versions that you want to allow or disallow.

  7. Click Next.
  8. If you want to create a custom message to send to users who try to connect by using a client version that is disallowed, follow these steps:

    1. Click Enable Customized Messages.
    2. In the Message Title box, type the title of your message.
    3. In the Message Text box, type the text that you want.
    NOTE: If you do not specify a custom message, users who try to connect by using a client version that is disallowed, receive the following error message:

    ClientIPAddress ComputerName The administrator of ServerName has set a policy which prevents your version of the RDP client, VersionNumber, from connecting to this server. Please contact the administrator of ServerName to determine what version of the RDP client you should be using. This session will terminate in 30 seconds.
  9. Click Next, and then click Finish.
back to the top

How to Turn Off Version Checking

To turn off version checking, follow these steps:
  1. Click Start, and then click Run.
  2. Type tsver in the Open box, and then click OK.
  3. Click Next.
  4. Click Disable Version Checking, click Next, and then click Finish.
back to the top

How to Identify the Terminal Services Client Version Number

To identify the version number of a 32-bit Terminal Services client that is installed on a client computer, follow these steps:
  1. Click Start, point to Programs, point to Terminal Services Client, and then click Terminal Services Client.
  2. In the Terminal Services Client dialog box, click About.

    The version number of the Terminal Services client that is installed on the computer is displayed in the About Terminal Services Client dialog box.
back to the top

References

For additional information about Terminal Services tools in the Windows 2000 Resource Kit, click the article number below to view the article in the Microsoft Knowledge Base:

Q240444 Useful Terminal Services Resource Kit Utilities
For additional information about how to connect clients to Terminal Services by using a Terminal Services Client in Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:
Q306566 HOW TO: Connect Clients to Terminal Services By Using a Terminal Services Client in Windows 2000
For more information about the Windows 2000 Server Resource Kit, visit the following Microsoft Web site:
http://www.microsoft.com/windows2000/techinfo/reskit/default.asp#section1
For more information about Windows 2000 Terminal Services, see the Terminal Services Online Documentation at the following Microsoft Web site:
http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_termsrv_topnode.htm
back to the top
HOW TO: Use a Handheld PC or a Pocket PC as a Mobile Terminal 

PSS ID Number: Q314537

Article Last Modified on 05-23-2002

The information in this article applies to:

  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

Summary

Increasingly, users of wireless mobile devices require access to the functionality of their desktop computers. Windows XP and Windows 2000 permit you to do this. By using the Handheld PC or the Pocket PC, you can connect to an application server and run programs just as if you were sitting at the server computer itself. Connections to application servers can be made across wireless local area networks (LANs), or across the Internet by using virtual private networking (VPN).

To use the Handheld PC and the Pocket PC as remote terminals, you must first set up an application server. Generally, your application server will be your regular desktop computer in your office. If the Windows Terminal Services client software is not installed on your Handheld PC or the Pocket PC, you must install it. After it is installed, the Terminal Services client software permits you to connect to the application server and run programs.

This article explains how to use the Handheld PC and the Pocket PC as remote terminals to desktop computers that are running Windows XP Professional, Windows 2000 Server, and Windows 2000 Advanced Server.

back to the top

How to Turn On Remote Terminals

To set up an application server, use one of the following methods, as appropriate to your situation.

Windows 2000 Server and Windows 2000 Advanced Server

  1. Insert your Windows 2000 Server or Windows 2000 Advanced Server CD-ROM into your computer`s CD-ROM or DVD-ROM drive.
  2. Click Start, point to Settings, and then click Control Panel.
  3. In Control Panel, click Add/Remove Programs.

    The Add/Remove Programs dialog box appears.
  4. Click Add/Remove Windows Components.

    The Windows Components Wizard starts.
  5. Click Terminal Services and Terminal Services Licensing, and then click Next.

    After the software is copied to your computer`s hard disk, Terminal Services Setup starts automatically.
  6. In Terminal Services Setup, click Application Server mode.
  7. The next screen to appear prompts you to specify application permissions. For the more secure application environment, select Permissions compatible with Windows 2000 Users.
  8. In the Terminal Services Licensing Setup dialog box, specify whether you want the license server to serve your whole enterprise or your domain/workgroup, and then specify the location of the database. Click Next, and then click Finish.
  9. Log off your computer, and then leave it running when you leave your office.
back to the top

Windows XP Professional

  1. Click Start, point to Settings, and then click Control Panel.
  2. Click the Remote tab, and then click to select the Allow users to connect remotely to this computer check box.
  3. Make sure that you have the proper permissions to connect to your computer remotely, and then click OK.
  4. Log off your computer, and then leave it running when you leave your office.
back to the top

How to Install and Configure the Client Software

The Windows Terminal Services client software can connect to both Windows XP Remote Desktop servers and Windows 2000 application servers.

How to Install the Terminal Services Client Software

The Terminal Services client software is preinstalled on the Handheld PC 2000 and the Pocket PC 2000. To download the Terminal Services client software for other versions of the Handheld PC, visit the following Microsoft Web site:
http://www.microsoft.com/mobile/downloads/ts-license.asp
back to the top

How to Connect to the Corporate Network

Before you can connect to an application server, you must create a connection to the server on your wireless device. See your Handheld PC or Pocket PC documentation for details. When you create the connection, you must specify the connection type. For connections across corporate networks, use your device`s wireless network adapter.

If you are connecting across the Internet, you must create two connections. The first is to your Internet service provider (ISP), and the second is a VPN connection to your corporate network. You must use both to connect to your corporate network.

back to the top

How to Configure the Terminal Services Client Software

After you have established the connection (or connections) to your corporate network, you must use the Terminal Services Connection Manager to create a connection to your application server. The Terminal Services Connection Manager is installed with the Terminal Services client software.

back to the top

How to Start a Remote Session

To start a remote session, first connect to your corporate network. Next, connect to your application server. You can then run programs on the application server.
  1. Connect to your corporate network. If you are using a wireless LAN, activate the connection to it. If you are connecting across the Internet, first connect to your ISP, and then use the VPN connection to connect to your corporate network.
  2. Tap the Terminal Services connection that you created with the Connection Manager.
  3. Supply your logon credentials when you are prompted for them.
back to the top

How to End a Remote Session

To end a remote session, log off the application server, and then disconnect from your corporate network.

back to the top
How do I Server Publish a Terminal Server with ISA while also running Terminal Services on the ISA Server? 

PSS ID Number: Q294720

Article Last Modified on 08-1-2002

The information in this article applies to:

  • Microsoft BackOffice Server 2000
  • Microsoft Internet Security and Acceleration Server 2000
  • Microsoft Small Business Server 2000

Summary

This article describes how to Server Publish a Windows 2000 Terminal Server on a private Intranet to the Internet via Internet Security and Acceleration Server (ISA) where the ISA server is also running Terminal Server (either in Application Mode or Remote Admin mode). For additional information about how to access Terminal Services on the ISA server itself (not publishing other servers), click the article number below to view the article in the Microsoft Knowledge Base:

Q275210 How to Allow Access to Terminal Services on ISA
The present article discusses ways to Server publish a Terminal Server when you have multiple public IP addresses bound to the external interface of your ISA server.

There is a brief discussion at the end of this article on how to publish Terminal Servers if you have only one external IP address available. However, you will be unable to use the Web-based Terminal Services Advanced Client (TSAC) in this situation.

There may be other options to give users access to the Terminal Server on the private Local Access Network (LAN) that are not discussed in this article, but that should be considered. These include Remote Access Service (RAS) and Virtual Private Network (VPN) connections to the private network.

More Information

If you have Terminal Services installed on a multi-homed ISA Server (installed by default on Small Business Server (SBS) 2000 and Back Office Server (BOS) 2000; installed optionally on Windows 2000 Server), that Terminal Server listens on all network interfaces by default.

This will cause any request for a Terminal Server that hits the external interface of the ISA server to be answered by the Terminal Services running on the ISA server.

In order to Server Publish a Windows 2000 Terminal Server on a private Intranet to the Internet via Internet Security and Acceleration Server (ISA) where the ISA server is also running Terminal Server, perform the following steps.

Step One: Create a Protocol Definition

To create a protocol definition, perform the following steps.
  1. Click Start, point to Programs, click Microsoft ISA Server, and then click to open the ISA Management MMC.
  2. Click to expand Servers and Arrays, click to expand your array, and then expand Policy Elements.
  3. Right click Protocol Definitions, click New, and then click Definition.
  4. Give this definition a name, for example, "Inbound Terminal Server", and then click Next.
  5. In the Port field, type 3389, in Protocol type, click to select TCP, in the Direction field, click to select Inbound, and then click Next.
  6. Under Secondary Connections, click No, click Next, and then click Finish.

Step Two: Publish the Terminal Server

To publish the Terminal Server, perform the following steps.
  1. In the ISA Management console, click Publishing, right click Server Publishing Rules, and then click New Rule.
  2. Give this rule a name, for example, "Inbound Terminal Server publishing", and then click Next.
  3. In the IP address of internal server field, enter the IP address of the internal server. If you want this rule to enable Terminal Server Access to the ISA server, type its Internal IP address. If this is for another computer behind the ISA server on the LAN, type that computer`s IP address.
  4. In the External IP address on ISA Server field, type the external IP address on the ISA server that this publishing rule will use, and then click Next.
  5. Under Protocol Settings, in the Apply the rule to this protocol field, click to Inbound Terminal Server protocol definition you created earlier, and then click Next.
  6. Click the Client Type this request should apply to (for example, Any Request), click Next, and then click Finish.
  7. Repeat this step for each internal server you wish to publish, using a unique internal and external IP address for each rule.
  8. If the Terminal Server is on the same segment as the internal interface of the ISA server, then the default gateway on the Terminal Server must point to the internal interface of the ISA server. If the Terminal Server is on a remote segment from the internal interface of the ISA server, then the ISA server must be an edge router to the Internet. If the ISA server is not an edge router (i.e. all traffic to the Internet flows through ISA server), then you will need to add specific routes to the routers so that the Terminal Server can route packets back to the ISA Server and on to the Internet.

Step Three: Bind Terminal Services on the ISA Server to the Internal Adapter on the Server

To bind Terminal Services on the ISA Server to the internal adapter on the server, perform the following steps:
  1. Click Start, point to Programs, click Administrative Tools, and then click Terminal Services Configuration.
  2. Click the Connections folder, and then click the RDP-TCP connection.
  3. Right click this connection and click Properties.
  4. Click the Network Adapter tab and click to select the Internal network adapter in the Network Adapter check box.
NOTE: By default, Terminal Services binds to All network adapters configured with this protocol. Therefore, you will need to set it specifically to the internal adapter.

If you have only one IP address available on the external Interface of the ISA server, you can still access multiple Terminal Servers on your LAN using the Terminal Services Client (but not the TSAC). You will need to change the port the Terminal Server listens on, then create Protocol Rules and Publishing Rules for that server on that port. For additional information about how to change the listening port of a Terminal Server, click the article number below to view the article in the Microsoft Knowledge Base:
Q187623 How to Change Terminal Server`s Listening Port
When you use the Terminal Server Advanced Client (TSAC) (Web Based) you will need to go to the Web Server running the TSAC Package at the following Microsoft Web site, and then enter the IP address or DNS name of the Terminal Server:
http://server/tsweb
How do I Locate a Phone Number for the Microsoft Clearinghouse in my area? 

PSS ID Number: Q291795

Article Last Modified on 03-14-2002

The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

IN THIS TASK


Summary

This article describes how to locate the appropriate phone number for the Microsoft Clearinghouse for your country or region by using the Terminal Services Licensing tool.

back to the top

Locate Phone Number when Terminal Services Licensing Server is Running

If you have already activated your Terminal Services Licensing Server, follow these steps locate the appropriate phone number for the Microsoft Clearinghouse for your country or region:
  1. Start the Terminal Services Licensing tool from Administrative Tools.
  2. Right-click your server in the right pane, and then click Properties.
  3. On the Connection Method tab, click Telephone in the list.
  4. Click to select your country or region, and then click OK.
  5. Right-click your server in the right pane, click Install Licenses, and then click Next.
  6. The Microsoft Clearinghouse phone number for your selected country or region will be displayed on this screen. Make a note of the phone number, and then click Cancel.
  7. To change your activation method back to the original value, right-click your server in the right pane, click Properties, change the value on the Connection Method tab, and then click OK.
back to the top

Locate Phone Number when Terminal Services Licensing Server is not Running

If you have not activated your Terminal Services Licensing Server, follow these steps to locate the appropriate phone number for the Microsoft Clearinghouse for your country or region:
  1. Start the Terminal Services Licensing tool from Administrative Tools
  2. Right-click your server in the right-hand pane, click to choose Activate Server, and then click Next.
  3. On the Connection Method screen, click to choose Telephone from the drop-down list, and then click Next
  4. Click to select your country or region, and then click Next.

    The Microsoft Clearinghouse phone number for your selected Country/Region is displayed.
back to the top
What is Loopback Processing of Group Policy? 

PSS ID Number: Q231287

Article Last Modified on 07-24-2002

The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional

Summary

Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.


More Information

To set user configuration per computer:

  1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
  2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.
This policy directs the system to apply the set of GPOs for the computer to any user who logs on to a computer affected by this policy. This policy is intended for special-use computers (for example, computers in public places, laboratories, and classrooms), where you must modify the user policy based on the computer that is being used.

NOTE: Loopback is supported only in a purely Windows 2000 based environment. Both the computer account and the user account must be in Active Directory. If a Microsoft Windows NT 4.0 based domain controller manages either account, the loopback does not function. The client computer must be a Windows 2000 based computer.

When users work on their own workstations, you may want to have Group Policy settings applied based on the location of the user object. Therefore, it is recommended that you configure policy settings based on the organizational unit (OU) in which the user account resides. However, there may be instances when a computer object resides in a specific OU, and the user settings of a policy should be applied based on the location of the computer object instead of the user object.

NOTE: You cannot filter the application of user settings by denying or removing the AGP and Read rights from the computer object specified for the loopback policy.

Normal user Group Policy processing specifies that computers located in their OU have the GPOs applied in order during computer startup. Users in their OU have GPOs applied in order during logon, regardless of which computer they log on to.

In some cases, this processing order may not be appropriate (for example, when you do not want applications that have been assigned or published to the users in their OU to be installed while they are logged on to the computers in some specific OU). With the Group Policy loopback support feature, you can specify to other ways to retrieve the list of GPOs for any user of the computers in this specific OU:
  • Merge Mode
    In this mode, when the user logs on, the user`s list of GPOs is gathered normally by using the GetGPOList function. The GetGPOList function is then called again, using the computer`s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer`s GPOs to have higher precedence than the user`s GPOs. In this example, the list of GPOs for the computer is added to the user`s list.

  • Replace Mode
    In this mode, the user`s list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
What Group Policy Objects are available for Terminal Services? 

PSS ID Number: Q294751

Article Last Modified on 10-18-2001

The information in this article applies to:

  • Microsoft Windows XP Professional

Summary

This article discusses Group Policy objects that are related to Terminal Services.


More Information

By using the Microsoft Management Console (MMC) and the Group Policy snap-in, many server-side settings related to Terminal Services can be set and changed in the following folder locations:

  • Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services

  • Local Computer Policy\User Configuration\Administrative Templates\Windows Components\Terminal Services

Under the Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services folder, the following settings can be made:
  • Limit users to one remote session

  • Allow screensaver

  • Limit number of connections

  • Limit maximum color depth

  • Do not allow new client connections

  • Do not allow local administrators to customize permissions

  • Remove windows security item from Start menu

  • Remove disconnect item from Shut Down dialog

  • Set path for Terminal Services (TS) roaming profiles

  • TS user home directory

  • Remote control settings

  • Start a program on connection

Under the Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Client\Server data redirection folder, the following settings can be made:

  • Do not allow clipboard redirection

  • Allow audio redirection

  • Do not allow COM port redirection

  • Do not allow client printer redirection

  • Do not allow LPT port redirection

  • Do not allow drive redirection

  • Do not set default client printer to be default printer in a session

Under the Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Encryption and Security folder, the following settings can be made:
  • Always prompt client for password upon connection

  • Set client connection encryption level

Under the Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Temporary Folders folder, the following settings can be made:
  • Do not use temp folders per session

  • Do not delete temp folders upon exit

Under the Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Session Directory folder, the following settings can be made:

  • Session Directory active

  • Session Directory Server

  • Session Directory Cluster name

Under the Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Sessions folder, the following settings can be made:
  • Set time limit for disconnected sessions

  • Set time limit for active sessions

  • Set time limit for idle sessions

  • Allow connection from original client only

  • Terminate session when time limits are reached

Under the Local Computer Policy\User Configuration\Administrative Templates\Windows Components\Terminal Services folder, the following settings can be made:
  • Start a program on connection

  • Remote control settings

Under the Local Computer Policy\User Configuration\Administrative Templates\Windows Components\Terminal Services\Sessions folder, the following settings can be made:
  • Set time limit for disconnected sessions

  • Set time limit for active sessions

  • Set time limit for idle sessions

  • Allow connection from original client only

  • Terminate session when time limits are reached

    To find out what each of these settings does, open the MMC and Group Policy object as outlined in the following steps, select the item that you want to learn about, and then click the extended tab in the lower left of the right pane of the MMC.
To access the Group Policy MMC snap-in:
  1. Click Start.
  2. Click Run, type: MMC, and then press ENTER.
  3. Click File, and then click Add/Remove Snap-in.
  4. On the Standalone tab, click Add, and then click Group Policy.
  5. Click Add, and then click Finish.
  6. Click Close, and then click OK. Local Computer Policy is located under the console root.
How do I Customize Office XP for Terminal Server? 

PSS ID Number: Q311241

Article Last Modified on 11-28-2001

The information in this article applies to:

  • Microsoft Office XP (Setup)

Summary

With Office XP, you no longer need a special transform to install Office on a Microsoft Windows 2000 server with Terminal Services enabled, or on a Microsoft Windows NT 4.0 Terminal Server computer. Office XP Setup detects that it is being run under Terminal Services, and Setup preconfigures all the correct options.

Because of the multiuser nature of the Terminal Services computer and users` restricted access to the server, Office XP Setup, by default, installs all features to one of the following installation states:

  • Run from My Computer - Most features are set to this state because they work well in the Terminal Services environment. Features that normally default to Installed on First Use are set to Run from My Computer.
  • Not Available - A few features are set to this state. These are features that do not perform well in the Terminal Services environment, typically because they use additional animation that generates excess data traffic between the Terminal Services computer and the Terminal Client computer. These features should be left set to Not Available, so that they are not installed.
If you want to accept the default Office configuration, you do not need to modify the Setup feature tree. However, if there are Office features that your users do not need, you can improve overall performance and conserve disk space by customizing the installation, so that Office Setup does not install these features on the Terminal Services computer.

If you do not want an Office XP feature installed on Terminal Server, use the Custom Installation Wizard to configure the feature state as Not Available or Not Available, Hidden, Locked. You also must select the Do Not Migrate Previous Installation State check box. It is recommended that the feature be set to Hidden when it is not installed (especially on Windows NT).

More Information

To customize an Office installation, use the Custom Installation Wizard in the Microsoft Office XP Resource Kit to create a custom transform (.mst file). When you install Office with this transform, the Office features set to Not Available are not installed.

  1. Start the Custom Installation Wizard (CIW).
  2. On the Set Feature Installation States screen, select the feature that you do not want to install.
  3. Set the installation state of the selected feature to Not Available, Hidden, Locked.
  4. Select the Do Not Migrate Previous Installation State check box.

    NOTE: The Do Not Migrate Previous Installation States check box must be selected for each feature that is set to Not Available, Hidden, Locked.
  5. Repeat steps 2 through 4 for each feature that you do not want to install.
  6. Click Next, and then set the options that you want in the remaining screens of the wizard.
  7. Click Finish. Note the sample command line that is provided, and then click Exit.
  8. Install Office XP with the transform.
For more information about how to use the Custom Installation Wizard to create a transform, browse to the following Microsoft Web site:
http://www.microsoft.com/office/ork/xp/appndx/appa04.htm
For more information about deploying Office XP on Microsoft Windows Terminal Services, browse to the following Microsoft Web site:
http://www.microsoft.com/office/ork/xp/one/deph02.htm
How do I Locate a Phone Number for the Microsoft Clearinghouse in my area? 

PSS ID Number: Q291795

Article Last Modified on 03-14-2002

The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

IN THIS TASK


Summary

This article describes how to locate the appropriate phone number for the Microsoft Clearinghouse for your country or region by using the Terminal Services Licensing tool.

back to the top

Locate Phone Number when Terminal Services Licensing Server is Running

If you have already activated your Terminal Services Licensing Server, follow these steps locate the appropriate phone number for the Microsoft Clearinghouse for your country or region:
  1. Start the Terminal Services Licensing tool from Administrative Tools.
  2. Right-click your server in the right pane, and then click Properties.
  3. On the Connection Method tab, click Telephone in the list.
  4. Click to select your country or region, and then click OK.
  5. Right-click your server in the right pane, click Install Licenses, and then click Next.
  6. The Microsoft Clearinghouse phone number for your selected country or region will be displayed on this screen. Make a note of the phone number, and then click Cancel.
  7. To change your activation method back to the original value, right-click your server in the right pane, click Properties, change the value on the Connection Method tab, and then click OK.
back to the top

Locate Phone Number when Terminal Services Licensing Server is not Running

If you have not activated your Terminal Services Licensing Server, follow these steps to locate the appropriate phone number for the Microsoft Clearinghouse for your country or region:
  1. Start the Terminal Services Licensing tool from Administrative Tools
  2. Right-click your server in the right-hand pane, click to choose Activate Server, and then click Next.
  3. On the Connection Method screen, click to choose Telephone from the drop-down list, and then click Next
  4. Click to select your country or region, and then click Next.

    The Microsoft Clearinghouse phone number for your selected Country/Region is displayed.
back to the top
1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

Receive all the latest articles by email!

Receive Real-Time & Monthly MSTerminalServices.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an MSTerminalServices.org member!

Discuss your Terminal Services & Citrix issues with thousands of other SBC experts. Click here to join!

Solution Center

Follow TechGenix on Twitter