Learn Remote Desktop Services: Part 3 - Configuration
This article is part of a 3-part series about Remote Desktop Services.
In order to get started configuring RDP (and more specifically our Session Host server), open Server Manager and select "Remote Desktop Services" in the sidebar. This screen might look a bit complex at first, but it is actually quite easy to comprehend after knowing what every feature does. Confirm RDS has been deployed correctly by confirming the screen looks like this:
First off, we need to take a look at RD Session Host servers.
What is an RD Session Host?
A Remote Desktop Session Host (RD Session Host) server is the server that hosts Windows-based programs or the full Windows desktop for Remote Desktop Services clients. Users can connect to an RD Session Host server to run programs, to save files, and to use network resources on that server. Users can access an RD Session Host server by using Remote Desktop Connection or by using RemoteApp.
In other words: when you connect to an RDS server with RDP, the Session Host is the server in which you connect. It's the terminal server that hosts your session.
You can add multiple RD Session Host servers. Keep in mind, you will need to budget for this though and consider whether it will be a good investment. If you don't necessarily need the failover/load balancing, there is no obvious reason to add more RD Session Host servers. If you do think this will be a good option, you can simply add a server by adding it to your server pool, clicking "Add RD Session Host servers", and Windows Server will do the setup.
What is an RD Connection Broker?
An RD Connection Broker is a server that will allow for load balancing, failover, and reconnection in case of a failure of an RD Session Host. This is overkill for smaller corporations, though, so chances are you might not need to focus on setting up the RD Connection Broker. There is no point in using an RD Connection Broker if you don't have multiple RD Session Host servers, as this is naturally a prerequisite.
Can I add any kind of server?
You can add any kind of server related to RDS (Session Host, Web Access, Licensing, Gateway) by expanding the "Tasks" menu within the "DEPLOYMENT SERVERS" section. This allows for a lot of reliability.
Remote Desktop Services (RDS): Web Access and RemoteApp
RDS installs IIS on the server because it contains a web interface which allows users to login from their browser, use RemoteApp, and initialize RDP connections from their browser. The interface, after logging in, looks like this:
This interface allows you to download RemoteApp applications, and connect to an RDP server.
What is RemoteApp?
RemoteApp can be considered as an alternative to a terminal server. RemoteApp allows employees to download applications, and run them like they're on their own computer. For example, downloading the Calculator application from RemoteApp, looks like this:
It's impossible to tell (except for the little icon in the taskbar) that this application is not actually running on this computer, but on the server! You could, for example, add the
explorer.exe app, employees can download it, and then they'll be able to run a regular Windows Explorer window from the server, just like it's running on their own computer to access network resources.
RemoteApp applications can be added so they're available for download from the Server Manager. Go to the "Remote Desktop Services" section again, and click "Collections" in the sidebar that has appeared. RemoteApp works with "collections", which can be considered as folders to efficiently organize applications. By default, there is only one collection called "QuickSessionCollection". For this example, we're going to add a new application to the existing collection. You can do this by clicking it, under "REMOTEAPP PROGRAMS", expand "Tasks", and click "Publish RemoteApp programs". You will see a list of RemoteApp programs you can publish. For this example, we're going to add a program which is not in the list:
cmd.exe. You can add a program by clicking the "Add..." button, and finding the program. Note that you are required to use a UNC path so you can't use a path such as
C:\Program Files\program.exe. After finding the path (in case of
cmd.exe that is
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools), add the program and publish it!
Reload the Web Access page, and you can see that your program has been published! Users will now be able to download it and run it like it's run on their own computers, while it's actually on the server.
Remote Desktop Services (RDS): Adding Your First RDP User
After setting up and configuring the environment, it's time to add our first RDP user. This user will be able to connect over to the server over RDP and use it as a terminal server. Adding an RDP user after deploying RDS is as simple as adding a user in Active Directory. Right-click on your Organizational Unit ("Departments") and go to
New -> User. You will be asked for a number of different fields. The user fields (first name, last name, etc) are straightforward. The user logon name is the user's username. If you have multiple domains, remember to select the correct domain. Click "OK", and the user is created.
How do I deny a user access to RDP?
You can deny groups and/or users access to RDP per terminal server by editing the Local Security Policy. In order to access the Local Security Policy application, simply search for its alias
In order to deny access to specific users and/or groups, go to
Local Policies -> User Rights Assignment. Configure the policy setting "Deny log on through Remote Desktop Services". By clicking "Add User or Group..." and selecting a user or a group, individual access to RDP can be denied. Users that are denied access to RDP will receive the following error when trying to login to RDP:
Note that by doing this, access to the web interface and RemoteApp will not be denied and the user will still be able to login there.
Remote Desktop Services (RDS): Licensing
Remote Desktop Services are not provided free of charge by Microsoft. Because this information can change anytime, I recommend that you refer to Microsoft's website for more information about licensing, its pricing, and how to set it up:
When using RDS without licensing it, and are not only using it for administrative purposes, you are in violation of Microsoft's terms. You can inform about them on the TechNet Forums.