Tài liệu Windows Server 2008 R2 Remote Desktop Services Resource Kit Book pdf
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (7.78 MB, 719 trang )
www.it-ebooks.info
PUBLISHED BY
M crosoft Press
A D v s on of M crosoft Corporat on
One M crosoft Way
Redmond, Wash ngton 98052-6399
Copyr ght © 2010 by Chr sta Anderson
A r ghts reserved No part of the contents of th s book may be reproduced or transm tted n any form or by any
means w thout the wr tten perm ss on of the pub sher
L brary of Congress Contro Number 2010934986
Pr nted and bound n the Un ted States of Amer ca
M crosoft Press books are ava ab e through bookse ers and d str butors wor dw de For further nfor at on
m
about nternat ona ed t ons, contact your oca M crosoft Corporat on off ce or contact M crosoft Press
Internat ona d rect y at fax (425) 936-7329 V s t our Web s te at www m crosoft com/mspress Send comments to
ms nput@m crosoft com
M crosoft and the trademarks sted at http //www m crosoft com/about/ ega /en/us/Inte ectua Property/
Trademarks/EN-US aspx are trademarks of the M crosoft group of compan es A other marks are property of
the r respect ve owners
The examp e compan es, organ zat ons, products, doma n names, e-ma addresses, ogos, peop e, p aces, and
events dep cted here n are fict t ous No assoc at on w th any rea company, organ zat on, product, doma n name,
e-ma address, ogo, person, p ace, or event s ntended or shou d be nferred
Th s book expresses the author’s v ews and op n ons The nformat on conta ned n th s book s prov ded w thout
any express, statutory, or mp ed warrant es Ne ther the authors, M crosoft Corporat on, nor ts rese ers, or
d str butors w be he d ab e for any damages caused or a eged to be caused e ther d rect y or nd rect y by
th s book
Acquisitions Editor: Mart n De Re
Developmental Editor: Karen Sza
Project Editor: Va er e Woo ey and Megan Sm th-Creed
Editorial Production: Custom Ed tor a Product ons, Inc
Technical Reviewer: A ex Jusch n; Techn ca Rev ew serv ces prov ded by Content Master, a member of CM
Group, Ltd
Cover: Cover Des gn Tom Draper Des gn; I ustrat on Todd Daman
Body Part No X17-21601
www.it-ebooks.info
I dedicate this book to my family, who has always been supportive, always pushes me to do
my very best I can do, and always has a “Go team!” waiting when I really need one.
—Chr sta
I dedicate this book to Elizabeth Nelson Lyda and Michael B. Smith for taking me under your
wing back in the day, and for always believing in me. You were great mentors and are great
friends.
—Kr st n
www.it-ebooks.info
www.it-ebooks.info
Contents at a Glance
Acknowledgments
Introduction
xv
xvii
CHAPTER 1
Introducing Remote Desktop Services
CHAPTER 2
Key Architectural Concepts for Remote Desktop Services
39
CHAPTER 3
Deploying a Single Remote Desktop Session Host Server
117
CHAPTER 4
Deploying a Single Remote Desktop Virtualization
Host Server
175
CHAPTER 5
Managing User Data in a Remote Desktop Services
Deployment
225
CHAPTER 6
Customizing the User Experience
291
CHAPTER 7
Molding and Securing the User Environment
363
CHAPTER 8
Securing Remote Desktop Protocol Connections
401
CHAPTER 9
Multi-Server Deployments
423
CHAPTER 10
Making Remote Desktop Services Available from
the Internet
507
CHAPTER 11
Managing Remote Desktop Sessions
589
CHAPTER 12
Licensing Remote Desktop Services
643
Index
677
www.it-ebooks.info
1
www.it-ebooks.info
Contents
Acknowledgments
Introduction
Chapter 1
xv
xvii
Introducing Remote Desktop Services
1
Where D d RDS Come From? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
C tr x Mu t W n
2
W ndows NT, Term na Server Ed t on
2
W ndows 2000 Server
3
W ndows Server 2003
3
W ndows Server 2008
4
W ndows Server 2008 R2 and RDS
4
The Evo v ng Remote C ent Access Exper ence
6
What Can You Do w th RDS?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
mproved Secur ty for Remote Users
8
Prov s on ng New Users Rap d y
9
Enab ng Remote Work
9
Br ng ng W ndows to PC Unfr end y Env ronments
10
Bus ness Cont nu ty and D saster Recovery
11
Support ng Green Comput ng
11
mproved Command L ne Support
12
RDS for W ndows Server 2008 R2: New Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
The Chang ng Character of RD Sess on Host Usage
13
New RDS Techno ogy n W ndows Server 2008 R2
19
RDS Ro es n W ndows Server 2008 R2
24
How Other Serv ces Support RDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
The C ent Connect on
33
Host ng VMs
34
Authent cat ng Servers w th Cert ficates
34
Enab ng WAN Access and D sp ay ng Remote Resources
34
Updat ng User and Computer Sett ngs
35
Funct ona ty for RDS Scr pters and Deve opers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
What do you think of this book? We want to hear from you!
M crosoft s nterested n hear ng your feedback so we can cont nua y mprove our
books and earn ng resources for you. To part c pate n a br ef on ne survey, p ease v s t:
microsoft.com/learning/booksurvey
vii
www.it-ebooks.info
Chapter 2
Key Architectural Concepts for Remote Desktop
Services
39
Know Your App cat on De very System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
RD Sess on Host Servers
40
RD V rtua zat on Host Servers
40
Re evant W ndows Server 2008 R2 nterna s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
W ndows Server 2008 R2 s 64 B t On y
41
How Does an RD Sess on Host Server Do e Out Processor
Cyc es?
43
How Do RD Sess on Host Servers Use Memory More
Effic ent y?
45
How Does D sk Affect App cat on De very?
56
How Does V rtua zat on Affect Resource Usage?
59
Determ n ng System Requ rements for RD Sess on Host Servers . . . . . . . . . . . . . . . 66
Des gn ng a L ve Test
69
Execut ng the Tests
70
Us ng the RD Load S mu at on Too
77
An A ternat ve to Fu Test ng: Extrapo at on
91
Other S z ng Quest ons
95
Support ng C ent Use Profi es. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
C ent Hardware: PC or Th n C ent?
99
What s the Best L cense Mode ?
100
What App cat ons Can Run on an RD Sess on Host Server?
101
What Vers on of Remote Desktop Connect on Do Need?
109
What Ro e Serv ces Do Need to Support My Bus ness?
114
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Chapter 3
Deploying a Single Remote Desktop Session Host Server 117
How RD Sess on Host Servers Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Serv ces Support ng RD Sess on Host
117
Creat ng and Support ng a Sess on
119
nsta ng an RD Sess on Host Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
nsta ng an RD Sess on Host Server Us ng the Adm n strat ve
Too s nterface
134
nsta ng an RD Sess on Host Server from the Command L ne
142
Essent a RD Sess on Host Configurat on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
A ocat ng Processor T me
145
Enab ng P ug and P ay Red rect on w th the Desktop Exper ence
150
Adjust ng Server Sett ngs w th Remote Desktop Configurat on
150
nsta ng App cat ons on an RD Sess on Host Server. . . . . . . . . . . . . . . . . . . . . . . . 164
Wh ch App cat ons W Work?
165
Stor ng App cat on Spec fic Data
168
Avo d ng Overwr t ng User Profi e Data
170
Popu at ng the Shadow Key
171
viii
Contents
www.it-ebooks.info
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Chapter 4
Deploying a Single Remote Desktop Virtualization Host
Server
175
What s VD ?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
How M crosoft VD Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
The Centra Ro e of the RD Connect on Broker
179
D scover ng a VM
181
Broker ng a Connect on
182
Orchestrat ng a VM
184
Connect ng to a VM Poo
185
Connect ng to a D sconnected Sess on
186
Ro ng Back a VM
186
Connect ng to a Persona Desktop
187
nsta ng Support ng Ro es for VD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
nsta ng the RD V rtua zat on Host
190
nsta ng RD V rtua zat on Host Ro e Serv ce v a W ndows PowerShe 192
nsta ng RD Connect on Broker
193
Configur ng RD Web Access
195
Configur ng the RD Connect on Broker Server
197
Sett ng Up VMs
203
Creat ng Poo s
209
Ass gn ng Persona Desktops
212
Configur ng Persona and Poo ed VM Propert es
216
Us ng RemoteApp for Hyper V for App cat on Compat b ty. . . . . . . . . . . . . . . . . 218
Configur ng RemoteApp on Hyper V
220
Can You Use RemoteApp for Hyper V Without RDS?
222
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Chapter 5
Managing User Data in a
Remote Desktop Services Deployment
225
How Profi es Work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Types of Profi es
227
How Profi es Are Created
228
Profi e Contents Externa to the Reg stry
233
Stor ng Profi es
239
Prov d ng a Cons stent Env ronment
241
Des gn Gu de nes for User Profi es. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Ba ance F ex b ty and Lockdown
243
Use Fo der Red rect on
244
Compartmenta ze When Necessary
244
Prevent Users from Los ng F es on the Desktop
245
Up oad Profi e Reg stry Sett ngs n the Background
246
Contents
www.it-ebooks.info
ix
Speed Up Logons
246
Dep oy ng Roam ng Profi es w th Remote Desktop Serv ces. . . . . . . . . . . . . . . . . . 248
Creat ng a New Roam ng Profi e
248
Convert ng an Ex st ng Loca Profi e to a Roam ng Profi e
254
Custom z ng a Defau t Profi e
255
Us ng Group Po cy to Manage Roam ng Profi es
257
Us ng Group Po cy to Define the Roam ng Profi e Share
267
Speed ng Up Logons
268
Centra z ng Persona Data w th Fo der Red rect on
275
Shar ng Persona Fo ders Between Loca and Remote Env ronments
278
Shar ng Fo ders Between W ndows Server 2003 and W ndows Server 2008
R2 Roam ng Profi es
279
Sett ng Standards w th Mandatory Profi es
281
Convert ng Ex st ng Roam ng Profi es to Mandatory Profi es
283
Creat ng a S ng e Mandatory Profi e
284
Creat ng a Safe Read On y Desktop
286
Decrease Logon T mes w th Loca Mandatory Profi es
286
Profi e and Fo der Red rect on Troub eshoot ng T ps. . . . . . . . . . . . . . . . . . . . . . . . . 287
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
CHAPTER 6 Customizing the User Experience
291
How Remot ng Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
What Defines the Remote C ent Exper ence?
293
The Foundat on of RDP: V rtua Channe s and PDUs
296
Bas c Graph cs Remot ng
299
Advanced Graph cs Remot ng
305
Mov ng the C ent Exper ence to the Remote Sess on. . . . . . . . . . . . . . . . . . . . . . . . 307
Wh ch C ent Dev ces Can You Add to the Remote Sess on?
307
Pros and Cons of Red rect ng Resources
313
Dev ce and F e System Red rect on
314
P ay ng Aud o
326
How the RDC Vers on Affects the User Exper ence or Doesn t
330
Pr nt ng w th RDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Pr nt ng to a D rect y Connected Pr nter
335
Pr nt ng v a Red rected Pr nters
337
Pr nt ng from Remote Desktop Serv ces
344
When You Cannot Use RD Easy Pr nt
350
Contro ng Pr nter Red rect on
354
Troub eshoot ng Pr nt ng ssues
358
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Chapter 7
Molding and Securing the User Environment
363
Lock ng Down the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
x
Contents
www.it-ebooks.info
Restr ct ng Dev ce and Resource Red rect on
Prevent ng Users from Reconfigur ng the Server
Prevent ng Access to the Reg stry
C os ng Back Doors on RD Sess on Host Servers
Contro ng L brar es
365
367
368
369
375
Prevent ng Users from Runn ng Unwanted App cat ons . . . . . . . . . . . . . . . . . . . . . 376
Us ng Software Restr ct on Po c es
378
Us ng AppLocker
381
Creat ng a Read On y Start Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Keep ng the RD Sess on Host Server Ava ab e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
A ow ng or Deny ng Access to the RD Sess on Host Server
393
L m t ng the Number of RD Sess on Host Server Connect ons
393
Sett ng Sess on T me L m ts
394
Tak ng Remote Contro of User Sess ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Chapter 8
Securing Remote Desktop Protocol Connections
401
Core Secur ty Techno og es. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Transport Layer Secur ty
402
Credent a Secur ty Serv ce Prov der
405
Us ng RDP Encrypt on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Understand ng Encrypt on Sett ngs
409
Choos ng Encrypt on Sett ngs
410
Authent cat ng Server dent ty (Server Authent cat on). . . . . . . . . . . . . . . . . . . . . . . 410
Estab sh ng a Kerberos Farm dent ty
411
Creat ng Test Cert ficates for a Server Farm
411
Authent cat ng C ent dent ty w th Network Leve Authent cat on (NLA). . . . . . . 415
Speed ng Logons w th S ng e S gn on
416
Configur ng the Secur ty Sett ngs on the RD Sess on Host Server . . . . . . . . . . . . . 417
Configur ng Connect on Secur ty Us ng RD Sess on Host Configurat on 417
Configur ng Connect on Secur ty Us ng Group Po cy
419
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Chapter 9
Multi-Server Deployments
423
Key Concepts for Mu t Server Dep oyments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
RD Sess on Host Farms
424
RemoteApp nterna s
424
Server S de Components
426
C ent S de Components
427
RemoteApp Programs and Mu t p e Mon tors
428
Creat ng and Dep oy ng a Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
Contents
www.it-ebooks.info
xi
D str but ng n t a Farm Connect ons
Connect on Broker ng n a Farm Scenar o
RDS Farm Connect on Broker ng n Act on
Dep oy ng RD Sess on Host Farms
Perm t RD Sess on Host Servers to Jo n RD Connect on Broker
Jo n RD Sess on Host Servers to a Farm
432
433
434
439
440
447
Pub sh ng and Ass gn ng App cat ons Us ng RemoteApp Manager. . . . . . . . . . . 454
Add ng App cat ons to the A ow L st
455
Configur ng G oba RemoteApp Dep oyment Sett ngs
457
Ed t ng RemoteApp Propert es
464
Ma nta n ng A ow L st Cons stency Across the Farm
469
Configur ng T meouts for RemoteApp Sess ons
471
S gn ng A ready Created RDP F es
472
Sett ng S gnature Po c es
474
D str but ng RemoteApp Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
D str but ng RDP F es
475
D str but ng MS F es
476
De ver ng RemoteApp Programs and VMs Through RD Web Access. . . . . . . . . . 478
RD Web Access Sources
478
nsta ng the RD Web Access Ro e Serv ce
481
Configur ng RD Web Access
482
Custom z ng RD Web Access
488
Troub eshoot ng RD Web Access Perm ss ons
496
Us ng the RD Web Access Webs te
497
Us ng RemoteApp And Desktop Connect ons
502
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Chapter 10 Making Remote Desktop Services Available from the Internet
507
How RD Gateway Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Understand ng RD Gateway Author zat on Po c es
509
RD Gateway Requ rements
510
nsta ng RD Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
nsta ng RD Gateway Us ng W ndows PowerShe
515
Creat ng and Ma nta n ng RD Gateway Author zat on Po c es
515
Creat ng an RD CAP
516
Creat ng an RD RAP
519
Mod fy ng an Ex st ng Author zat on Po cy
521
Configur ng RD Gateway Opt ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Tun ng RD Gateway Propert es
522
Us ng RD Gateway Computer Groups to Enab e Access to a Server Farm 530
Bypass ng RD Gateway for nterna Connect ons
533
Us ng Group Po cy to Contro RD Gateway Authent cat on Sett ngs
533
Mon tor ng and Manag ng Act ve RD Gateway Connect ons
534
xii
Contents
www.it-ebooks.info
Creat ng a Redundant RD Gateway Configurat on. . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Us ng NLB to Load Ba ance RD Gateway Servers
537
Prevent ng Sp t SSL Connect ons on RD Gateway
542
Ma nta n ng dent ca Sett ngs Across an RD Gateway Farm
543
Us ng NAP w th RD Gateway
554
Troub eshoot ng Dec ned Connect ons
573
P ac ng RD Web Access and RD Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
RD Web Access for Externa Access
576
RD Gateway ns de the Pr vate Network
578
RD Gateway n the Per meter Network
579
RD Gateway n the nterna Network and Br dged
581
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Chapter 11 Managing Remote Desktop Sessions
589
ntroduc ng RD Sess on Host Management Too s. . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
The Remote Desktop Serv ces Manager
591
Command L ne Too s
595
Connect ng Remote y to Servers for Adm n strat ve Purposes
598
Manag ng RD Sess on Host Servers from W ndows 7
599
Organ z ng Servers and VMs n the Remote Desktop Serv ces Manager. . . . . . . . 600
Mon tor ng and Term nat ng Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Mon tor ng App cat on Use
603
Term nat ng App cat ons
604
Mon tor ng and End ng User Sess ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Sw tch ng Between Sess ons
606
C os ng Orphaned Sess ons
608
Prov d ng He p w th Remote Contro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
Enab ng Remote Contro v a Group Po cy
612
Enab ng Remote Contro v a RD Sess on Host Configurat on
614
Shadow ng a User Sess on
615
Troub eshoot ng Sess on Shadow ng
617
Prepar ng for Server Ma ntenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619
D sab ng New Logons
619
Send ng Messages to Users
621
Shutt ng Down and Restart ng RD Sess on Host Servers
624
App y ng RDS Management Too s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
D fferent at ng RemoteApp Sess ons from Fu Desktop Sess ons
631
Aud t ng App cat on Usage
633
Aud t ng User Logons
639
C os ng Unrespons ve App cat ons
640
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
Contents
www.it-ebooks.info
xiii
Chapter 12 Licensing Remote Desktop Services
643
The RDS L cens ng Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
RDS L cens ng. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
VD L cens ng. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
L cense Track ng and Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
How RD L cense Servers Ass gn RDS CALs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
Sett ng Up the RDS L cens ng nfrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651
nsta ng RD L cense Server
652
RD L cense Server Connect on Methods
653
Act vat ng the L cense Server
653
Background: How RDS CALs Are T ed to an RD L cense Server
657
Add ng L cense Servers to AD DS
660
nsta ng RDS CALs
660
Configur ng RD Sess on Host Servers to Use RD L cense Servers
662
Configur ng RD L cense Servers to A ow Commun cat on From
RD Sess on Host Servers
663
M grat ng RDS CALs from One L cense Server to Another. . . . . . . . . . . . . . . . . . . . 663
Rebu d ng the RD L cense Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
Back ng Up an RD L cense Server and Creat ng Redundancy. . . . . . . . . . . . . . . . . . 665
Manag ng and Report ng L cense Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
Revok ng RDS CALs
670
Restr ct ng Access to RDS CALs
671
Prevent ng L cense Upgrades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
Us ng the L cens ng D agnos s Too . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
Add t ona Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
ndex
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
What do you think of this book? We want to hear from you!
M crosoft s nterested n hear ng your feedback so we can cont nua y mprove our
books and earn ng resources for you. To part c pate n a br ef on ne survey, p ease v s t:
microsoft.com/learning/booksurvey
xiv
Contents
www.it-ebooks.info
Acknowledgments
T
h s book sn’t the work of just two peop e We owe many thanks to the comb ned efforts of a ot of peop e at M crosoft, our terr fic set of ed tors, and the
greater commun ty (A th s sa d, any errors n th s book are the so e respons b ty
of the authors )
One of the best th ngs about work ng at M crosoft s that a ot of very smart (and
very he pfu ) peop e work there, and we are gratefu for the ns ghts of these peop e
Throughout th s book, you’ find D rect from the Source s debars contr buted by
members of the product team We a so extend our heartfe t thanks to the members
of the product team who sat down w th us to exp a n the finer deta s of how
someth ng worked From the Remote Desktop V rtua zat on (RDV) team, we’d ke
to thank N raj Agarwa a, James Baker, Ara Bernard , Tad Brockway, V kash Bucha,
Yuvraj Budhraja, Hammad Butt, Rommy Channe, Mun ndra Das, S v a Doomra,
Sam m Erdogan, Rajesh Ganta, Cost n Hag u, A Henr quez, Trav s Howe, O ga
Ivanova, Gop kr shna Kannan, Sergey Kuz n, Rob Le tman, Raghu L ngampa y, Meher
Ma akapa , Benjam n Me ster, Ranjana Rath nam, Rajesh Rav ndranath, Ray Reskus ch,
Sr ram Sampath, Bhaskar Swarna, and Janan Venkateswaran Even peop e from other
teams got nvo ved Many thanks to Ky e Beck, Jeff Heatton, M chae K eef, T mothy
Newton, Mark Russ nov ch, Tom Sh nder, Makarand Patwardhan, Bohdan Ve ushchak,
Pau Vo osen, and Jon Wojan for your nva uab e ass stance We’d a so ke to thank
Chr sta’s manager, Ashw n Pa ekar, for h s support dur ng th s project
RDS expert se sn’t m ted to peop e at M crosoft, e ther Remote Desktop
Serv ces MVPs as we as MVPs and experts from other d sc p nes a so p tched n
to contr bute D rect from the F e d s debars and exp a n the ntr cac es of re ated
techno og es Many thanks go to Jan que Carbone, Br an Eh ert, Ross Harvey,
He ge K e n, Russ Kaufmann, Shay Levy, Br an Madden, Patr ck Rouse, Greg Sh e ds,
M chae Sm th, and M tch Tu och
The great team at M crosoft Press had a huge hand n turn ng th s project from
an dea nto the book you ho d n your hands We’d ke to thank Mart n De Re at
M crosoft Press for ask ng us to wr te the first ed t on of the book n the first p ace,
Megan Sm th-Creed at Custom Ed tor a Product ons, Inc , for great ed t ng and
project management on th s ed t on, and A ex Jusch n for tech ed t ng the book
The rest of the ed tor a team at Custom Ed tor a Product ons, Inc , d d a terr fic
job of copyed t ng and proofing th s text Thank you a !
F na y, we’d ke to thank our fr ends and fam es for the r support dur ng
th s b g project We cou dn’t have done t w thout you We prom se to ta k about
someth ng e se now
xv
www.it-ebooks.info
www.it-ebooks.info
Introduction
W
e come to the Windows Server 2008 R2 Remote Desktop Services Resource
Kit! Th s s a deta ed techn ca resource for p ann ng, dep oy ng, and runn ng M crosoft Remote Desktop Serv ces (RDS) Because some features of RDS
are brand new, th s book s va uab e both for those comp ete y new to RDS and
those who have used Term na Serv ces ( ts former name) n prev ous vers ons of
M crosoft W ndows
W th n th s resource k t, you’ find n-depth nformat on about the mprovements n RDS ntroduced n W ndows Server 2008 R2 Th s book comb nes undery ng arch tectura concepts w th pract ca hands-on nstruct ons that a ow you to
set up a work ng RDS ecosystem, understand why t’s work ng, and g ve you some
gu dance about how to fix t when t’s not You’ a so find deta ed nformat on
and task-based gu dance on manag ng a aspects of RDS, nc ud ng dep oy ng
RD Sess on Host servers, ntegrat ng RDS ro e serv ces w th other key parts of the
W ndows Server 2008 R2 operat ng system, and extend ng the reach of RDS to
outs de the corporate network F na y, the compan on med a nc udes add t ona
too s and documentat on that you can use to manage and troub eshoot RDS ro e
serv ces A though we ment on some th rd-party too s n the course of th s book,
th s book s fundamenta y about runn ng RDS us ng on y the too s found n the
operat ng system You can do what we’ve done here us ng only W ndows Server
2008 R2 Nor do we get nto extens ve d scuss on of any of the th rd-party too s
that many peop e use w th nat ve Remote Desktop Serv ces For examp e, many
peop e w th h gh-comp ex ty RDS dep oyments use management software from
C tr x or Quest or other RDS partners, but we don’t d scuss t here because t’s not
nc uded w th the operat ng system
ON THE COMPANION MEDIA See the team partner page at
/>for a list of companies that make products complementing or expanding
on Remote Desktop Services in Windows Server 2008 R2.
What’s New in Remote Desktop Services in
Windows Server 2008 R2?
Remote Desktop Serv ces n W ndows Server 2008 R2 took a ot of the mprovements added n W ndows Server 2008 and added the features peop e had asked
for Want nat ve support for VDI? It’s added to RD Connect on Broker Want
xvii
www.it-ebooks.info
fewer ogons, secur ty fi ter ng, s mp fied d scovery of ava ab e app cat ons and
v rtua mach nes (VMs)? It’s n the new vers on of RD Web Access Want to address
prob ems d scovered v a Network Access Po c es (NAP), not just shut peop e out
of the network? It’s n the new ed t on of RD Gateway Want mproved app cat on
compat b ty? See RD Sess on Host for IP address v rtua zat on and dynam c fa r
share schedu ng that proact ve y prevents one sess on from tak ng a the processor cyc es Want to stop nsta ng pr nter dr vers on both sess ons and VMs? Easy
Pr nt now works for both v rtua zat on opt ons
For those who went stra ght to W ndows Server 2008 R2 from W ndows Server
2003, et’s take a ook at what the new features add to the former mode of a
term na server and a cense server
Simplified Application Delivery and Display
Term na Serv ces n W ndows Server 2003 presented a remote app cat ons from
a desktop, comp ete y separat ng the d sp ay of oca and remote app cat ons
RemoteApp programs ( ntroduced n W ndows Server 2008) aunch from a server,
but ntegrate w th the oca desktop so they ook ke they’re runn ng oca y
Not on y do the app cat ons ntegrate better w th the oca desktop, they’re
eas er to find and d str bute, thus mak ng t eas er to support a arger and more
comp ex dep oyment One of the ssues n enab ng remote access s how to get
the most comp ete and up-to-date set of remote resources to your user base Th s
s espec a y true when you’re prov d ng access to nd v dua app cat ons, not to a
fu desktop Us ng RDS Web Access, you can present nks to nd v dua app cat ons or to ent re desktops and know that these nks w a ways be up to date In
W ndows Server 2008 R2, RD Web Access can present RemoteApp programs from
more than one farm as we as VMs It a so, however, supports secur ty fi ter ng
so that you can manage an aggregated source for a remote resources but on y
d sp ay to peop e the ones they shou d use
Improved Farm Support
The Sess on D rectory serv ce n W ndows Server 2003 offered the beg nn ng of
farm support, but was on y ava ab e for Enterpr se SKUs and d dn’t nc ude any
oad ba anc ng— t just kept track of where connect ons had gone In W ndows
Server 2008 R2, RD Connect on Broker s ava ab e on the Standard SKU, supports
oad ba anc ng, and can broker connect ons to both sess ons and VMs
xviii
ntroduct on
www.it-ebooks.info
Secure Internet Access
One of the key benefits of Remote Desktop Serv ces s ts ab ty to support mob e
workers We had a great (and extreme y t nerant) tech ed tor, RDS MVP A ex
Jusch n, for th s ed t on of the book He’s got a great descr pt on of how he used
Remote Desktop Serv ces wh e comp et ng h s part
In your book you can mention that I have been reviewing your
book all over the world using the RDP protocol to connect to my
home in Dublin via 3G or WiFi . I’ve worked while on a smelly
Kebap Bus in Poland, in a freezing hotel in Latvia, while being
driven in a high-end coach in Estonia, on the ferry to England, in
a pub in Ireland, on a train going down the coast from Belfast,
while tasting wine in France, sitting in a nice Brasserie on the
island of Jersey, eating Belgian chocolate in Brussels, on a plane
to Germany, on a bench with a beautiful view in Zurich, in a café
near the Berlin Wall, in a prison in Finland (ok, hotel, but it used
to be a prison), and on the highest point of Germany (Zugspitze).
In W ndows Server 2003, Term na Serv ces d dn’t support secure Internet access except across v rtua pr vate networks In W ndows Server 2008 R2, Remote
Desktop Serv ces supports connect v ty over Secure Sockets Layer (SSL) v a RD
Gateway RD Gateway a ows you to set up d fferent ru es for oca and remote
access and does not requ re any c ent-s de setup Introduced n W ndows Server
2008, n R2, RD Gateway now enforces dev ce and resource red rect on dec s ons
made at the gateway and supports NAP remed at on
Simpler and Broader Device Redirection
RDS assumes that a ot of peop e w be work ng from computers w th oca resources, and that those peop e won’t want to be cut off from the r resources when
they’re work ng n the r sess on or VM It a so assumes that the server adm n strators don’t want to spend more t me than necessary mak ng these resources
ava ab e
A though pr nter red rect on, as t’s been known n ear er vers ons of Term na
Serv ces, st works as t d d, Easy Pr nt, ntroduced n W ndows Server 2008, he ps
s mp fy pr nter red rect on Rather than requ r ng adm n strators to nsta pr nter
dr vers on the server, Easy Pr nt a ows red rected pr nters to use the dr vers a ready nsta ed on the c ent computer In W ndows 2008 R2, RD Easy Pr nt works
w th even more pr nter types and works from both sess ons and VMs
ntroduct on
www.it-ebooks.info
xix
Part of the r ch remote work exper ence s us ng oca dev ces Support for
oca dev ces has been expanded through the P ug and P ay Dev ce Red rect on
Framework, ntroduced n W ndows Server 2008
Simplified License Management
Per-user cens ng was ntroduced n W ndows Server 2003 but d dn’t nc ude any
track ng, so you cou dn’t eas y te f you were n comp ance W ndows Server
2008 R2 a ows you to track Per-User RDS CAL usage Add t ona y, the L cens ng
D agnost cs feature can he p you reso ve cens ng ssues W ndows 2008 R2 RD
L cense servers can now m grate censes from one server to another w thout the
he p of the M crosoft C ear nghouse Th s can be done even f a cense server s
out of comm ss on
Th s s on y a part a st of new features—Chapter 1, “Introduc ng Remote
Desktop Serv ces,” descr bes the Remote Desktop Serv ces features n W ndows
Server 2008 R2, and the rest of the book exp a ns how to use them But these are
some of the h gh ghts that show how the ro e has expanded n management and
user exper ence
ON THE COMPANION MEDIA The authors will post data that is rel-
evant to the Windows Server 2008 R2 Remote Desktop Services Resource
Kit on the book’s blog, located at You can
find this link on the companion media.
How This Book Is Structured
Our goa n wr t ng th s book s to he p you set up a work ng Remote Desktop
Serv ces farm, as we as VDI poo ed and persona VMs us ng a the p eces n the
operat ng system, wh e understand ng the greater context of the c rcumstances
under wh ch Remote Desktop Serv ces s usefu , how t works, and how W ndows
Server 2008 R2 compares to prev ous vers ons Th s book has twe ve chapters
■
■
xx
Chapter 1, “Introduc ng Remote Desktop Serv ces,” exp a ns where RDS
came from and how t has evo ved as a p atform, what new features are
ava ab e n th s atest terat on, and what you can accomp sh w th th s new
vers on of the product It a so exp a ns how other serv ces support RDS
Chapter 2, “Key Arch tectura Concepts for Remote Desktop Serv ces,” d ves
nto RDS nterna s and re evant W ndows Server 2008 R2 nterna s It a so
shows you how to determ ne the hardware and software you w need to
support th s product n your env ronment
ntroduct on
www.it-ebooks.info
■
■
■
■
■
■
■
■
■
■
Chapter 3, “Dep oy ng a S ng e Remote Desktop Sess on Host Server,”
shows you how RD Sess on Host servers work, and how to nsta and configure th s ro e serv ce
Chapter 4, “Dep oy ng a S ng e Remote Desktop V rtua zat on Host Server,”
exp a ns what VDI s, how M crosoft VDI works, and how to nsta and configure a RD V rtua zat on Host and the support ng ro es
Chapter 5, “Manag ng User Data n a Remote Desktop Serv ces Dep oyment,” d scusses the d fferent types of profi es that work w th RDS and how
to dep oy and troub eshoot user profi e so ut ons and fo der red rect on
Chapter 6, “Custom z ng the User Exper ence,” d scusses how remot ng
works, promot ng good c ent exper ence n the remote sess on, and how
to pr nt from RDS sess ons
Chapter 7, “Mo d ng and Secur ng the User Env ronment,” exp a ns why
you shou d ock down the RDS env ronment and how you shou d do t, and
descr bes how to prov de remote ass stance to users from w th n the user
sess on
Chapter 8, “Secur ng Remote Desktop Protoco Connect ons,” d scusses
RDP encrypt on, server and c ent authent cat on, and how to configure
secur ty sett ngs on the RD Sess on Host server
Chapter 9, “Mu t -Server Dep oyments,” ntroduces key concepts for mu t server dep oyments, shows how to create RD Sess on Host farms, and exp a ns how to pub sh app cat ons and d sp ay resources through RD Web
Access
Chapter 10, “Mak ng Remote Desktop Serv ces Ava ab e from the Internet,”
shows you how to nsta and configure RD Gateway to prov de access to
RemoteApps, desktop sess ons, and poo ed and persona VMs to users
ocated outs de the corporate network
Chapter 11, “Manag ng Remote Desktop Sess ons,” shows you how to
mon tor and term nate processes and users sess ons runn ng on an RD
Sess on Host server, how to prov de he p w th remote contro , and how to
dra n RD Sess on Host servers for ma ntenance
Chapter 12, “L cens ng Remote Desktop Serv ces,” d scusses the new RDS
cens ng parad gm, nc ud ng both RDS and VDI cens ng Th s chapter exp a ns how censes are tracked and enforced; how RD L cense server ass gn
RDS CALs; how to nsta , configure, and ma nta n RDS L cense servers; how
to d agnose cens ng ssues w th the L cens ng D agnos s too ; and how to
m grate censes from one server to another
ntroduct on
www.it-ebooks.info
xxi
Document Conventions
The fo ow ng convent ons are used n th s book to h gh ght spec a features or
usage
Reader Aids
The fo ow ng reader a ds are used throughout th s book to po nt out usefu deta s
READER AID
MEANING
Caut on
Warns you that fa ure to take or avo d a spec fied act on
can cause ser ous prob ems for users, systems, data ntegr ty, and so on
Note
Underscores the mportance of a spec fic concept or
h gh ghts a spec a case that m ght not app y to every
s tuat on
On the
Compan on Med a
Ca s attent on to a re ated scr pt, too , temp ate, job a d,
or URL on the compan on CD that he ps you perform a
task descr bed n the text
Sidebars
The fo ow ng s debars are used throughout th s book to prov de added ns ght,
t ps, and adv ce concern ng d fferent Remote Desktop Serv ces features
NOTE Sidebars are provided by individuals in the industry as examples
for informational purposes only and may not represent the views of their
employers. No warranties, express, implied, or statutory, are made as to the
information provided in sidebars.
SIDEBAR
D rect from
the Source
Contr buted by experts from the product group who prov de “from-the-source” ns ght nto how Remote Desktop
Serv ces works, best pract ces, and troub eshoot ng t ps
D rect from
the F e d
Contr buted by experts externa to the product group
who have rea -wor d exper ence work ng w th Remote
Desktop Serv ces Some experts are M crosoft fie d eng neers; others are M crosoft MVPs or other experts
How It Works
xxii
MEANING
Prov des un que g mpses of Remote Desktop Serv ces
features and how they work
ntroduct on
www.it-ebooks.info
Command-Line Examples
The fo ow ng sty e convent ons are used n document ng command- ne examp es
throughout th s book
STYLE
MEANING
Bold font
Used to nd cate user nput (characters that you type
exact y as shown)
Italic font
Used to nd cate var ab es for wh ch you need to supp y a spec fic va ue (for examp e, file name can refer to
any va d fi e name)
Monospace font
Used for code samp es and command- ne output
%Var ab eName%
Used for env ronment var ab es
Companion Media
In add t on to the book tse f, you a so get a CD that conta ns some great too s
and other resources System requ rements for runn ng the CD are at the back of
th s book The CD nc udes the fo ow ng resources
Links
The compan on med a nc udes many nks to URLs that ead to more nformat on
about Remote Desktop Serv ces-re ated top cs, Remote Desktop Serv ces
resources, partner web s tes, and more Some of the URLs are referenced
throughout the book and some are not
Management Scripts
On the compan on med a, you w find a co ect on of scr pts ustrat ng ways
to work w th Remote Desktop Serv ces us ng W ndows PowerShe and VBScr pt
We’ve a so nc uded st ngs n re evant ocat ons n the book so that you can better understand how these scr pts support the funct ona ty you’re ook ng for A though these scr pts are ntended as samp es nstead of fin shed products, they do
usefu work such as a ow ng you to eas y determ ne the shadow ng perm ss ons
on a server or prov d ng app cat on-usage meter ng not prov ded n the GUI
Find Additional Content Online As new or updated mater a becomes ava ab e that comp ements your book, t w be posted on ne The type of mater a
you m ght find nc udes updates to book content, art c es, nks to compan on
content, errata, samp e chapters, and more Th s webs te s ava ab e at
and s updated per od ca y
ntroduct on
www.it-ebooks.info
xxiii
Support for This Book
Every effort has been made to ensure the accuracy of th s book As correct ons
or changes are co ected, they w be added the O’Re y Med a webs te To find
M crosoft Press book and med a correct ons
1. Go to
2. In the Search box, type the ISBN for the book, and c ck Search
3. Se ect the book from the search resu ts, wh ch w
take you to the book’s
cata og page
4. On the book’s cata og page, under the p cture of the book cover, c ck
V ew/Subm t Errata
If you have quest ons regard ng the book or the compan on content that are
not answered by v s t ng the book’s cata og page, p ease send them to M crosoft
Press by send ng an ema message to
We Want to Hear from You
We we come your feedback about th s book P ease share your comments and
deas v a the fo ow ng short survey
/>Your part c pat on w he p M crosoft Press create books that better meet your
needs and your standards
NOTE We hope that you will give us detailed feedback via our survey. If
you have questions about our publishing program, upcoming titles, or
Microsoft Press in general, we encourage you to interact with us via Twitter
at For support issues, use only the email
address shown above.
xxiv
ntroduct on
www.it-ebooks.info
CHAPTER 1
Introducing Remote
Desktop Services
■
Where D d RDS Come From? 2
■
What Can You Do w th RDS? 7
■
RDS for W ndows Server 2008 R2: New Features 12
■
How Other Serv ces Support RDS 32
■
Funct ona ty for RDS Scr pters and Deve opers 35
Y
ou m ght be read ng th s book for any of a number of reasons Perhaps you’re an o d
hand at M crosoft Term na Server and are nterested n see ng what Remote Desktop Serv ces (RDS) n M crosoft W ndows Server 2008 R2 can do for you You m ght have
nsta ed W ndows Server 2008 R2 and are now nterested n what a these web accesses,
gateways, and Remote Desktop Sess on Host servers do Maybe you have heard about
RDS and are nterested n how you m ght benefit by ncorporat ng t nto your env ronment For that matter, you m ght be wonder ng how RDS compares to other remote
access techno og es n W ndows Server 2008 R2
Wh chever reason you have to be nterested n RDS, th s book s for you
Th s chapter sets the stage for the rest of the book To understand the evo ut on of M crosoft Term na Serv ces (now ca ed Remote Desktop Serv ces), you have to understand
where t came from and the ecosystem n wh ch t operates To understand what you can
do w th the ro es and ro e serv ces, you have to understand the essent a goa s of RDS n
W ndows Server 2008 R2 and the scenar os that t’s des gned for And, because RDS sn’t
an end n tse f but a p ece of the broader W ndows nfrastructure, you’ see how RDS
ro es nteract w th other techno og es, ke W ndows Server 2008 Hyper-V and IIS
After read ng th s chapter, you’ understand the fo ow ng
■
Why Term na Serv ces s now known as Remote Desktop Serv ces
■
What W ndows Server 2008 R2 nc udes for support ng a RDS env ronment
■
What scenar os the RDS ro e serv ces are ntended to support
■
What k nds of new techno ogy enab e those new scenar os
■
How RDS ro e serv ces nteract w th each other
1
www.it-ebooks.info
