Using Remote Desktop CHAPTER 27
1353
When enabling Remote Desktop on a computer, you must also authorize which users will
be allowed to remotely connect to that computer using RDC. By default, only administrators
are authorized to remotely connect to the host computer. Authorize additional users by fol-
lowing these steps:
1.
Click the Select Users button to open the Remote Desktop Users dialog box.
2.
Click Add and then either specify or find user accounts in AD DS (or on the local com-
puter on stand-alone host computers) and add them to the list of Remote Desktop
Users authorized to access the host computer using Remote Desktop. This adds the
selected users to the Remote Desktop Users local group on the host computer.
Enabling Remote Desktop Using Group Policy
You can also use Group Policy to enable Remote Desktop on host computers. To enable
Remote Desktop on all computers in a specified organizational unit (OU), open the Group
Policy object (GPO) linked to the OU using Group Policy Object Editor, enable the following
policy setting and add users to the Remote Desktop Users group:
Computer Configuration\Policies\Administrative Templates\Windows Components
\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow Users To
Connect Remotely Using Remote Desktop Services
Enabling Remote Desktop on computers using Group Policy also enables the Allow Con-
nections From Computers Running Any Version Of Remote Desktop (Less Secure) option on
the computers targeted by the GPO. To enable Remote Desktop using the Allow Connections
Only From Computers Running Remote Desktop With Network Level Authentication (More
Secure) option instead, you must enable the following policy setting in addition to the
preceding one:
Computer Configuration\Policies\Administrative Templates\Windows Components
\Remote Desktop Services\Remote Desktop Session Host\Security\Require User
Authentication For Remote Connections By Using Network Level Authentication
note

By default, when the first policy setting is enabled but the second setting is not
configured, local administrators on the targeted computers have the ability to change
the Remote Desktop security level on their computers to Allow Connections Only From
Computers Running Remote Desktop With Network Level Authentication (More Secure)
if desired. When the second policy setting is enabled, the option Allow Connections From
Computers Running Any Version Of Remote Desktop (Less Secure) on the Remote tab is
unavailable and appears dimmed.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1354
Configuring and Deploying Remote Desktop Connection
After you have enabled Remote Desktop on the host computer, you must configure the RDC
client software on the client computer. You can configure RDC in several ways:
n
Click Start, click All Programs, click Accessories, and then click Remote Desktop
Connection. This opens the Remote Desktop Connection UI, shown in Figure 27-10.
n
Type mstsc at a command prompt or in the Search box to open the Remote Desktop
Connection UI, or type mstsc followed by various parameters to customize how the
RDC client software will run. For help with Mstsc.exe parameters, type mstsc /? at a
command prompt.
n
Use Notepad to manually edit an *.rdp file previously saved from the Remote Desktop
Connection UI. For more information, read the section titled “Configuring Remote
Desktop Connection Using Notepad” later in this chapter.
n
Configure those Remote Desktop Services Group Policy settings that apply to Remote
Desktop.
FIGURE 27-10
The Remote Desktop Connection client UI shows configuration options both hid-

den and displayed.
Table 27-9 summarizes the configuration options available on the different tabs of the
Remote Desktop Connection client UI.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1355
TABLE 27-9
Configuration Options for Remote Desktop Connection Client
TAB SETTING NOTES
General Logon Settings: Computer Specifies the FQDN or IP address (can be IPv4
or IPv6) of the host computer.
Logon Settings: User Name Specifies the user account to be used to
establish the Remote Desktop session. This is
displayed only when credentials from previous
Remote Desktop sessions have been saved.
Logon Settings: Always
Ask For Credentials
Select this check box to require the user to
always supply credentials. This is displayed
only when credentials from previous Remote
Desktop sessions have been saved.
Connection Settings Saves the current configuration of RDC client
as an *.rdp file or opens a previously saved
*.rdp file.
Display Display Configuration Changes the size of your remote desktop.
Use All My Monitors For
The Remote Session
Configures the Remote Desktop session
monitor layout to match the current client-side
configuration.

Colors Specifies color depth for your remote desktop.
Display The Connection
Bar When In Full-Screen
Mode
Makes it easier to use Remote Desktop in full-
screen mode without needing to remember
keyboard shortcuts.
Local
Resources
Remote Audio Controls where remote audio is played back
and whether it should be recorded.
Keyboard Specifies how Windows key combinations,
such as Alt+Tab, behave when used from
within a Remote Desktop session.
Local Devices And
Resources: Printers
Prints to network computers connected to
the host computer from within the Remote
Desktop session without having to install
additional drivers.
Local Devices And
Resources: Clipboard
Shares a clipboard between the client and host
computers.
Local Devices And
Resources: More
Redirects additional devices local to the host
computer to the remote client including serial
ports, smart cards, disk drives, and supported
PnP devices such as media players and digital

cameras.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1356
TAB SETTING NOTES
Programs Start A Program Specifies a program that should automatically
start when your Remote Desktop session is
established.
Experience Performance: Choose Your
Connection Speed To
Optimize Performance
Specifies the connection speed closest to
actual available network bandwidth to obtain
the optimal mix of functionality and perfor-
mance for your Remote Desktop session.
Desktop Background
Font Smoothing
Desktop Composition
Show Window Contents
While Dragging
Menu And Window
Animation
Visual Styles
Persistent Bitmap Caching
Enables or disables each desktop user
interface feature that is indicated.
Reconnect If Connection Is
Dropped
Specifies that the RDC client should attempt
to re-establish a connection with the remote

host if the connection between them is
unexpectedly terminated.
Advanced Server Authentication:
Authentication Options
Specifies whether unauthenticated Remote
Desktop sessions should be allowed; if they
are allowed, specify whether a warning mes-
sage should be displayed. For more informa-
tion, see the sidebar titled “Remote Desktop
Connection Server Authentication” later in this
chapter.
Connect From Anywhere:
Settings
Configures Remote Desktop Gateway (RD
Gateway) settings to allow RDC clients to
connect to remote computers behind
corporate firewalls.
note
In enterprise environments, administrators can also preconfigure RDC client con-
figurations and save them as Remote Desktop files (*.rdp files). These *.rdp files can then
be deployed to users as e-mail attachments or copied from a network share using a logon
script.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1357
Remote Desktop Connection Server Authentication
R
DC includes a Server Authentication setting that ensures that you are
connecting to the remote computer or server that you intend to connect to.
To configure Server Authentication for an RDC, open the Properties dialog box of

your connection, click the Advanced tab, and click Settings. Then select one of the
following three options:
n
Connect And Don’t Warn Me (Least Secure) Lets you connect even if RDC
can’t verify the identity of the remote computer.
n
Warn Me (More Secure) Lets you choose whether to continue with the
connection when RDC can’t verify the identity of the remote computer.
n
Do Not Connect (Most Secure) Prevents you from connecting to the
remote computer when RDC can’t verify the remote computer’s identity.
The default setting for Server Authentication is Warn Me.
Configuring Remote Desktop Connection from the Command Line
To use the RDC client from the command line or custom shortcut, type mstsc followed by the
appropriate command-line switches. For example, to initiate a Remote Desktop session using
a custom display resolution of 1680 × 1050, type mstsc /w:1680 /h:1050 at a command
prompt.
You can use the /span switch to initiate a Remote Desktop session that spans across
multiple monitors. Note that when both the /span and /h: /w: switches are present, the /span
switch takes precedence. In addition, when the /span option is selected, the slider for adjust-
ing remote desktop size is unavailable on the Display tab so that users cannot change their
initial settings, which can cause confusion.
New in Windows 7 is the /multimon switch, which configures the Remote Desktop session
monitor layout to match the current client-side configuration.
Using the /public switch runs Remote Desktop in public mode. When an RDC client is run-
ning in public mode, it does not persist any private user data (such as user name, password,
domain, and so on) either to disk or to the registry on the computer on which the client is
running, nor does the client make use of any saved private data that may exist on the com-
puter (a trusted sites list, the persistent bitmap cache, and so on). This means that the client
essentially functions as if there were no registry or secondary storage present for storing pri-

vate data. A client running in public mode still honors Group Policy settings, however. Finally,
the /console switch used in previous versions of Mstsc.exe was removed in Windows Vista SP1
and has been replaced with the /admin switch. For more information about this, see the fol-
lowing sidebar, titled “Direct from the Source: Replacement of /console by /admin.”
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1358
note
For more help with Mstsc.exe parameters, type mstsc /? at a command prompt.
diReCt FRoM tHe SoURCe
Replacement of /console by /admin
Mahesh Lotlikar, SDE II
Remote Desktop Services Team
I
n Windows Server 2003, the /console option for Mstsc.exe was used for several
purposes. With the introduction of the /admin option in Windows Vista SP1 and
Windows Server 2008, the /console option has now been deprecated. The follow-
ing examples illustrate the /console switch’s significance in previous versions of
Windows and why the scenario does not apply for Windows 7, Windows Vista SP1 or
later versions, Windows Server 2008, and Windows Server 2008 R2.
First, in earlier versions of Windows such as Windows XP and Windows Server 2003,
the /console option was used to connect to the session on the physical console
(session 0), because some applications could not install and run in any session other
than session 0. In Windows Vista and Windows Server 2008, the Windows features
are re-architected, so that only services run in session 0 and applications do not
need to run in session 0. Therefore, the administrator does not need the /console
option for this purpose.
Second, in earlier versions of Windows, the /console option was also used for the
purpose of reconnecting to and resuming work in the user session on the physical
console. In Windows Vista and Windows Server 2008, this option is not required to

reconnect to the existing session on the physical console. (The blog post referenced
at the end of this sidebar includes details on console behavior differences.)
Third, in Windows Server 2003, the /console option was used for administering the
Remote Desktop Session Host remotely without consuming a client access license
(CAL). In Windows Server 2008, /admin option serves this purpose.
Thus, you do not need the /console option while connecting to Windows Vista or
Windows Server 2008, and you can now use the /admin switch to connect to the
physical console of Windows Vista or Windows Server 2003.
For more information, see the following post on the Remote Desktop Services
Team Blog:
administration-in-windows-server-2008.aspx.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1359
Configuring Remote Desktop Connection Using Notepad
You can also configure a saved RDC client by opening its *.rdp file in Notepad and editing it.
For example, to configure a saved RDC client to use a custom display resolution of 1680 ×
1050, change the lines specifying screen resolution to read as follows.
desktopwidth:i:1680
desktopheight:i:1050
As a second example, to configure a saved RDC client to span a Remote Desktop session
across multiple monitors, add or change the following line:
span:i:0
to
span:i:1
Configuring Remote Desktop Using Group Policy
You can also use Group Policy to manage some aspects of how Remote Desktop works. You
can find the policy settings for managing Remote Desktop in two locations:
n
Per-computer policy settings can be found under Computer Configuration\Policies

\Administrative Templates\Windows Components\Remote Desktop Services
n
Per-user policy settings can be found under User Configuration\Policies\Administrative
Templates\Windows Components\Remote Desktop Services
Table 27-10 lists Group Policy settings that affect Remote Desktop. Policies that were
introduced earlier in Windows Vista are marked with an asterisk (*), and policies that are new
in Windows 7 are marked with two asterisks (**). (Additional policy settings found in these
locations apply only to Remote Desktop Session Hosts or only when an RDC client is used to
connect to a Remote Desktop Session Host.) If a computer and user policy setting are identi-
cal, the computer setting takes precedence if configured.
To use the Group Policy settings in this table, configure them in a GPO linked to an OU
where the host computers (the computers that have Remote Desktop enabled) are located.
For additional Group Policy settings that affect Remote Desktop, see the section titled
“Enabling Remote Desktop Using Group Policy” earlier in this chapter.
note
The folder layout of the Group Policy settings for Remote Desktop Services—under
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote
Desktop Services and User Configuration\Policies\Administrative Templates\Windows
Components\Remote Desktop Services—has been reorganized in Windows 7 for ease of
discoverability, but the registry keys are still the same. All policy settings common to both
Windows Vista and Windows XP, even if located under different folders, will still be applied
to all computers in the targeted OU.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1360
TABLE 27-10
Group Policy Settings That Affect Remote Desktop
FOLDER POLICY SETTING NOTES
Remote Desktop
Connection Client

Do Not Allow
Passwords To Be
Saved
Prevents users from saving their credentials
in the RDC client. Windows Vista saves the
password using Credential Manager instead
of saving it within the *.rdp file as in earlier
versions of Windows.
Remote Desktop
Session
Host\Connections
Automatic
Reconnection
Enables RDC clients to attempt to automati-
cally reconnect when underlying network
connectivity is lost.
Allow Users To
Connect Remotely
Using Remote
Desktop Services
Enables Remote Desktop on the targeted
computer.
Deny Logoff Of An
Administrator Logged
In To The Console
Session
Prevents an administrator on the client
computer from bumping an administrator
off of the host computer.
Remote Desktop

Session Host\Device
and Resource
Redirection
Allow Audio And
Video Playback
Redirection
Enables redirection of the remote computer’s
audio and video output in a Remote
Desktop session. (This policy was named
Allow Audio Redirection in Windows Vista
and earlier versions.)
Allow Audio
Recording
Redirection
Enables recording of audio to the remote
computer during a Remote Desktop session.
**Limit Audio
Playback Quality
Enables limiting of audio quality to improve
the performance of a Remote Desktop
session over a slow link.
Do Not Allow
Clipboard Redirection
Prevents sharing of a clipboard.
Do Not Allow COM
Port Redirection
Prevents redirection of serial port devices.
Do Not Allow Drive
Redirection
Prevents redirection of disk drive resources.

Do Not Allow LPT
Port Redirection
Prevents redirection of parallel port devices.
*Do Not Allow
Supported Plug
And Play Device
Redirection
Prevents redirection of supported PnP
media players and digital cameras.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1361
FOLDER POLICY SETTING NOTES
Do Not Allow Smart
Card Device Redirec-
tion
Prevents redirection of smart card readers.
Remote Desktop
Session Host\Printer
Redirection
Do Not Set Default
Client Printer To Be
Default Printer In A
Session
Prevents users from redirecting print jobs
from the remote computer to a printer
attached to their local (client) computer.
Do Not Allow Client
Printer Redirection
Prevents the client default printer from

automatically being set as the default
printer for the Remote Desktop session.
Remote Desktop
Session Host\Remote
Session Environment
Limit Maximum Color
Depth
Enables specifying a maximum color
depth to improve performance of a Remote
Desktop session over a slow link.
**Limit Maximum
Display Resolution
Enables specifying a maximum display
resolution to improve performance of a
Remote Desktop session over a slow link.
**Limit Maximum
Number Of Monitors
Enables specifying a maximum number
of monitors to improve performance of a
Remote Desktop session over a slow link.
**Optimize Visual
Experience For
Remote Desktop
Services Sessions
Enables optimizing the Remote Desktop
session for either multimedia or text.
Enforce Removal
Of Remote Desktop
Wallpaper
Prevents wallpaper from being displayed in

the Remote Desktop session.
Remove “Disconnect”
Option From Shut
Down Dialog
Removes the Disconnect button from the
Start menu but doesn’t prevent the remote
user from disconnecting the session using
other methods.
Remote Desktop
Session Host\Security
Set Client Connection
Encryption Level
Specifies the level of encryption used to
protect RDP traffic between the client and
host computers. The options available are
High (128-bit), Low (56-bit), and Client
Compatible (highest encryption level
supported by the client). When this policy
setting is Not Configured, the default
encryption level used is Client Compatible.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1362
FOLDER POLICY SETTING NOTES
Always Prompt For
Password Upon
Connection
Requires remote users to always enter a
password to establish a Remote Desktop
session with the targeted computer.

*Require Use Of
Specific Security
Layer For Remote
(RDP) Connections
Specifies whether the client should attempt
to authenticate the host computer during
establishment of the Remote Desktop ses-
sion. The options available are:
n
DP, which means that no computer-
level authentication is required.
n
SSL (TLS 1.0), which means that the
client tries to use Kerberos or
certificates to authenticate the host
computer; if this fails, the session is
not established.
n
Negotiate, which first attempts to
authenticate the host using Kerberos
or certificates; if this fails, the session is
still established.
When this policy setting is Not Configured,
the default authentication method used is
Negotiate.
*Require User
Authentication For
Remote Connections
By Using Network
Level Authentication

Requires client computers to be running
Windows Vista or Windows XP SP2 with the
downloadable RDC 6.0 client installed. (This
policy was named Require User Authentica-
tion Using RDP 6.0 For Remote Connections
in Windows Vista and earlier versions.)
*Server Authenti-
cation Certificate
Template
Lets you specify a certificate template to be
used for authenticating the host computer.
Remote Desktop
Session Host\Session
Time Limits
Terminate Session
When Time Limits
Are Reached
Forcibly logs the remote user off of the
Remote Desktop session when the session
time limit has been reached.
Set Time Limit
For Disconnected
Sessions
Forcibly logs the remote user off of the
Remote Desktop session when the session
time limit for disconnected sessions has
been reached.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1363

FOLDER POLICY SETTING NOTES
Set Time Limit For
Active But Idle
Remote Desktop
Services Sessions
Specifies a time limit for no activity in
Remote Desktop sessions. When the time
limit is reached, the session is disconnected,
but the remote user is not logged off. If,
however, the Terminate Session When
Time Limits Are Reached policy is enabled,
the user is disconnected and then forcibly
logged off.
Set Time Limit For
Active Remote
Desktop Services
Sessions
Specifies a time limit for Remote Desktop
sessions. When the time limit is reached, the
session is disconnected, but the remote user
is not logged off. If, however, the Terminate
Session When Time Limits Are Reached
policy is enabled, the user is disconnected
and then forcibly logged off.
Establishing a Remote Desktop Session
After the host computer has been configured to enable Remote Desktop for authorized users
and the RDP client software has been configured and deployed on the client computer, the
user can initiate establishment of a Remote Desktop session with the remote host computer
by using one of the following methods:
n

Double-click the desired *.rdp file (or a shortcut to this file) and (if required) click Yes.
Then specify your credentials for connecting to the host computer (if required).
n
Open a command prompt and type mstsc rdp_file, where rdp_file is the name of the
desired *.rdp file (specifying the path may be required) and (if required) click Yes. Then
specify your credentials for connecting to the host computer, if required.
When a Remote Desktop session has been established, the client can end the session in
two ways:
n
By disconnecting This ends the Remote Desktop experience on the client computer
but leaves the session running on the host computer so that the client can reconnect
later if desired. Any applications running in the session on the host continue to run
until this session is terminated, either by the user on the client (who must reconnect
and then log off) or by a user logging on interactively to the host.
n
By logging off This ends the Remote Desktop experience on the client computer
and terminates the session on the host computer as well.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1364
note
You can also remotely shut down the host computer to which you are remotely
connected, or you can put it into Sleep mode. To do this from within a Remote Desktop
session, click the taskbar, press Alt+F4, and then choose the option you want to select. You
can also open a command prompt in your Remote Desktop session and type shutdown
-s -t 0 to immediately shut down the host computer or shutdown -r -t 0 to immediately
restart it. (Be sure to save any open files first.)
Improving Remote Desktop Performance
If available network bandwidth between a client computer and the remote host computer is
limited, you can improve a Remote Desktop experience by reducing the color depth on the

Display tab of the RDC client from its default 32-bit value. You can also selectively disable
desktop experiences on the Experience tab to further improve Remote Desktop performance.
If you routinely transfer large files, submit large print jobs, or perform other bandwidth-
intensive actions over a Remote Desktop connection, you may be able to improve the per-
formance of a Remote Desktop experience by configuring display data prioritization on the
host computer. Display data prioritization is designed to ensure that the screen performance
aspect of a Remote Desktop experience is not adversely affected by such bandwidth-intensive
actions. Display data prioritization works by automatically controlling virtual channel traffic
between the client and host computer by giving display, keyboard, and mouse data higher
priority than other forms of traffic.
The default setting for display data prioritization is to allocate 70 percent of available
bandwidth for input (keyboard and mouse) and output (display) data. All other traffic, includ-
ing use of a shared clipboard, file transfers, print jobs, and so on, is allocated by default only
30 percent of the available bandwidth of the network connection.
You can manually configure display data prioritization settings by editing the registry on a
host computer running Windows Vista or later versions. The registry entries for display data pri-
oritization are the following values, which are found under HKLM\SYSTEM\CurrentControlSet
\Services\TermDD. (If these DWORD values are not present, you can create them.)
n
FlowControlDisable Set this value to 1 to disable all display data prioritization and
handle all requests on a first-in-first-out (FIFO) basis. The default value of this setting is
0.
n
FlowControlDisplayBandwidth Specify a relative bandwidth priority for display and
input data up to an allowed value of 255. The default value of this setting is 70.
n
FlowControlChannelBandwidth Specify a relative bandwidth priority for all other
virtual channels up to an allowed value of 255. The default value of this setting is 30.
n
FlowControlChargePostCompression Determine whether flow control will calcu-

late bandwidth allocation based on pre-compression bytes (if the value is 0) or post-
compression bytes (if the value is 1). The default value for this setting is 0.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1365
By default, the ratio of FlowControlDisplayBandwidth to FlowControlChannelBandwidth is
70 to 30 or 70:30. This means that 70 percent of available bandwidth is reserved for display
and input traffic, and the remaining 30 percent will be used for other types of traffic. If
your Remote Desktop experience is being degraded during large file transfers and other
bandwidth-intensive activity, you might change FlowControlDisplayBandwidth to 85 and
FlowControlChannelBandwidth to 15, which allocates 85 percent of available bandwidth for
display and input traffic while reserving only 15 percent for other traffic.
note
You must reboot your host computer for these registry changes to take effect.
Troubleshooting Remote Desktop Sessions
If you have trouble establishing a Remote Desktop session with the host computer, do the
following:
n
Verify that Remote Desktop has been enabled on the host computer.
n
Verify that you are using credentials that have been authorized for remotely connecting
to the host computer.
n
Verify that you have the correct FQDN or IP address of the remote computer.
n
Verify network connectivity with the remote computer by using the ping command.
If you are missing expected functionality during a Remote Desktop session, do the
following:
n
Check whether the host computer is running an older version of Windows such as

Windows XP Professional Edition or Windows Server 2003.
n
Verify that you have the latest version of Remote Desktop Connection client software
installed on your computer.
n
Verify that Group Policy is not locking down some aspect of Remote Desktop function-
ality that you expected to experience.
note
For additional troubleshooting guidance, read Chapter 31, “Troubleshooting Net-
work Issues.” When working through the troubleshooting processes in this chapter, keep in
mind that RDP uses TCP port 3389.
Configuring and Using RemoteApp and Desktop
Connection
RemoteApp and Desktop Connection requires configuration on both the server and client
side. On the server side, you need a Windows Server 2008 R2 server that has the Remote
Desktop Services role installed together with the following role services:
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1366
n
Remote Desktop Session Host
n
Remote Desktop Web Access
n
Remote Desktop Connection Broker
In addition, if you want users on client computers to also be able to connect to virtual
machines using RemoteApp and Desktop Connection, you must install the Remote Desktop
Virtualization Host role service, which also requires installing the Hyper-V role to the server.
For guidance on configuring RemoteApp and Desktop Connection on the server side,
refer to steps 1 and 2 in the “Deploying RemoteApp Programs to the Start Menu by

Using RemoteApp and Desktop Connection Step-by-Step Guide” found at
You will also need to import the
SSL certificate for the Remote Desktop Web Access server to your client computers before the
users of these computers can use RemoteApp and Desktop Connection. For information on
how to import certificates, see step 3 of the above guide.
After you have configured your servers and have installed certificates on your clients, you
can configure RemoteApp and Desktop Connection on the client side by following these
steps:
1.
Open RemoteApp and Desktop Connection from Control Panel.
2.
Click Set Up A New Connection With RemoteApp And Desktop Connections to launch
the New Connection wizard.
3.
Type the URL to the Remote Desktop Web Access server in the Connection URL box:
4.
Click Next to add connection resources for the RemoteApp And Desktop Connection
(be sure to enter your credentials if prompted to do so). When the connection resources
have been added, the details of the RemoteApp And Desktop Connection will be dis-
played.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1367
5.
Click Finish to complete the wizard.
6.
To view all RemoteApp And Desktop Connections that have been added to the client,
open RemoteApp And Desktop Connections again from Control Panel.
7.
You can now access your RemoteApp programs from the RemoteApp and Desktop

Connections folder of your Start menu.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 27 Connecting Remote Users and Networks
1368
8.
You can even access them by searching for them using Start menu search.
9.
When you start a RemoteApp program, a balloon notification above the system tray
icon indicates that a RemoteApp program is being used.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Using Remote Desktop CHAPTER 27
1369
Administrators can create a RemoteApp and Desktop Connection client configuration file
(.wcx) and distribute it to users so they can automatically configure the RemoteApp and Desk-
top Connection. Administrators can also use scripts to run the client configuration file silently
on the client so that the RemoteApp and Desktop Connection is set up automatically when
the user logs on to her Windows 7 computer.
To create a .wcx configuration file, follow these steps:
1.
Open Remote Desktop Connection Manager on your Remote Desktop Connection
Broker server.
2.
Right-click on the root node in the console tree and select Create Configuration File.
3.
In the Create Configuration File dialog box, type the URL to the Remote Desktop Web
Access server in the RAD Connection Feed URL box.
4.
Click Save, then distribute the configuration file to users as e-mail attachments, by
placing them on a network share, or by using scripts.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

CHAPTER 27 Connecting Remote Users and Networks
1370
For more information on RemoteApp and Desktop Connection, see the Remote
Desktop Services section of Microsoft TechNet at
/cc770412.aspx.
Summary
Windows 7 includes new remote connectivity technologies, such as VPN Reconnect,
DirectAccess, and BranchCache. These technologies and others, such as Remote Desktop,
have been enhanced in Windows 7 to make them more reliable, more secure, and easier to
use and manage.
Additional Resources
These resources contain additional information and tools related to this chapter.
Related Information
n
General information concerning virtual private networks on Microsoft platforms can
be found at />n
General information concerning DirectAccess can be found at
/directaccess/.
n
General information concerning BranchCache can be found at
/>n
General information concerning Remote Desktop Services in Windows Server 2008 R2
and Windows 7 can be found at
/cc770412.aspx.
n
The white paper, “Networking Enhancements for Enterprises,” at
/>b083-3334ddd1ef86&DisplayLang=en.
n
The Routing and Remote Access Blog can be found at
/rrasblog/.

n
The Remote Desktop Services Team Blog can be found at />n
The white paper, “Step-by-Step Guide: Deploying SSTP Remote Access” can be
found at />3fb9d1f37063/Deploying%20SSTP%20Remote%20Access%20Step%20by%20Step%20
Guide.doc.
On the Companion Media
n
Get-Modem.ps1
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1371
CHAPTER 28
Deploying IPv6
n
Understanding IPv6 1371
n
IPv6 Enhancements in Windows 7 1388
n
Configuring and Troubleshooting IPv6 in Windows 7 1392
n
Planning for IPv6 Migration 1406
n
Summary 1414
n
Additional Resources 1414
L
ike the Windows Vista operating system before it, the Windows 7 operating system
has a new Next Generation Transmission Control Protocol/Internet Protocol (TCP/IP)
stack with enhanced support for Internet Protocol version 6 (IPv6). This chapter provides
you with an understanding of why IPv6 is necessary and how it works. The chapter de-
scribes the IPv6 capabilities in Windows 7, Windows Vista, and Windows Server 2008 and

outlines how to migrate the IPv4 network infrastructure of your enterprise to IPv6 using
IPv6 transition technologies, such as Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP). Finally, the chapter describes how to configure and manage IPv6 settings in
Windows 7 and how to troubleshoot IPv6 networking problems.
Understanding IPv6
The need for migrating enterprise networks from IPv4 to IPv6 is driven by a number of
different technological, business, and social factors. The most important of these are:
n
The exponential growth of the Internet is rapidly exhausting the existing IPv4
public address space. A temporary solution to this problem has been found in
Network Address Translation (NAT), a technology that maps multiple private
(intranet) addresses to a (usually) single, public (Internet) address. Unfortunately,
using NAT-enabled routers can introduce additional problems, such as breaking
end-to-end connectivity and security for some network applications. In addition,
the rapid proliferation of mobile IP devices is accelerating the depletion of the
IPv4 public address space.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 28 Deploying IPv6
1372
n
The growing use of real-time communications (RTC) on the Internet, such as Voice over
IP (VoIP) telephony, instant messaging (IM), and audio/video conferencing, exposes
the limited support for Quality of Service (QoS) currently provided in IPv4. These new
RTC technologies need improved QoS on IP networks to ensure reliable end-to-end
communications. The design of IPv4 limits possible improvements.
n
The growing threats faced by hosts on IPv4 networks connected to the Internet can be
mitigated considerably by deploying Internet Protocol security (IPsec), both on private
intranets and on tunneled connections across the public Internet. However, IPsec was
designed as an afterthought to IPv4 and is complex and difficult to implement in many

scenarios.
IPv6, developed by the Internet Engineering Task Force (IETF) to solve these problems,
includes the following improvements and additions:
n
IPv6 increases the theoretical address space of the Internet from 4.3 × 10
9
addresses
(based on 32-bit IPv4 addresses) to 3.4 × 10
38
possible addresses (based on 128-bit
IPv6 addresses), which most experts agree should be more than sufficient for the
foreseeable future.
n
The IPv6 address space is designed to be hierarchical rather than flat in structure,
which means that routing tables for IPv6 routers can be smaller and more efficient
than for IPv4 routers.
n
IPv6 has enhanced support for QoS that includes a Traffic Class field in the header to
specify how traffic should be handled and a new Flow Label field in the header that
enables routers to identify packets that belong to a traffic flow and handle them
appropriately.
n
IPv6 now requires IPsec support for standards-based, end-to-end security across the
Internet. The new QoS enhancements work even when IPv6 traffic is encrypted using
IPsec.
Understanding how IPv6 works is essential if you plan to benefit from IPv6 by deploying it
in your enterprise. The following sections provide an overview of key IPv6 concepts, features,
and terminology.
note
For more detailed information on IP concepts, features, and terminology, see the

white paper titled “Introduction to IP Version 6” at
/details.aspx?FamilyID=CBC0B8A3-B6A4-4952-BBE6-D976624C257C&displaylang=en.
Another good reference for learning IPv6 is the book, Understanding IPv6, 2nd Edition, by
Joseph Davies (Microsoft Press, 2008).
Understanding IPv6 Terminology
The following terminology is used to define IPv6 concepts and describe IPv6 features:
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.