Today, our company setup a Server for our client (CGLC Pty Ltd.)
In today’s IT learning article, we are going to take a look at installing Terminal Services, otherwise known as Remote Desktop Services, on a Server 2008 R2 machine.
* Note: this is part of our ongoing series teaching IT administration basics, and might not apply to everybody.
What is Terminal Services (Remote Desktop Services)
Starting with Server 2008 R2, Terminal Services has been renamed to Remote Desktop Services. RDS, as it is abbreviated, allows you to have a powerful server that all your users connect to using the Remote Desktop Protocol (RDP). You can think of it as a computer that lots of people remote desktop into at the same time, however they all have there own user session and desktop, and are completely unaware of each other. All you applications are installed once and available for any user to run. The user can remote into the server using the Remote Desktop Connection Manager included in Windows or more often than not can connect from thin clients, in fact they can connect from anything that implements the Remote Desktop Protocol. If you are looking to save money and already have old machines, you should look at the recently launched OS from Microsoft called Windows Thin PC, which essentially turns your machines into thin clients.
Things to Watch Out For:
Application Licensing: Not any application can be installed on a Remote Desktop Server. A prime example is Office 2010. If you want to install Office on a RDS Server you will need the Volume License version, or you wont be able to install it
Client Access Licenses: Connecting to a RDS Server also requires licenses in the form of Per User or Per Device Client Access Licenses, this is what allows more than a single user to remote into the server. Although you will still need to purchase licenses, buying CALs is way cheaper than buying everyone a new Windows 7 license.
Note: The applications you wish to run on the Remote Desktop Server should not yet be installed, they should only be installed once you have installed the Remote Desktop Session Host Role.
Installing Remote Desktop Services
Open the Server Manager and right-click on roles, select Add Roles from the context menu
On the Introduction To Remote Desktop Services page click next, this will bring you to the Role Services page, select the Remote Desktop Session Host as well as the Remote Desktop Licensing Service and then click next.
When you get to the application compatibility page it tells you that you should install the Session Host Role before you install your applications, just click next as we have not yet installed our applications. You are then asked if you want to require NLA, this will only allow Windows clients to connect to the Remote Desktop Session Host Server, in addition they must be running a Remote Desktop Client that support Network Level Authentication. I will go ahead and require NLA and then click next.
Now you have to choose a licensing method, most of you guys wont have Remote Desktop Client Access Licenses, so you can leave your option at Configure Later this will give you unlimited access to the Remote Desktop Server for 4 Months (120 Days). However, if you do have licenses here is some information help you make your choice:
The licenses you purchased can be used either as Per User or Per Device. It is purely up to you, however if you already have a RDS Licensing Server you will have to choose the same option you chose when importing the licenses originally.
RDS Per User CAL – This means that every user that connects to the RDS Server must have a license. The user is assigned the license rather than the devices that he/she connects to the server from. This mode is a good choice if your users want to connect from a lot of different computers or devices (iPad, Home PC, Laptop, Phone etc)
RDS Per Device CAL – If your users share a common workstation this is the mode for you, the license is given to the device rather than the users, this way many people can connect from a single device. However, if they try to connect from a different device they will not be able to since their user account doesn’t have a license.
You can specify you licensing mode ( we setup Per User).
In order to defense brute-force attack, the better change 3389 port to any other port. Then it was working well.