There are several tools and methods that can be used to configure Terminal Services configuration, user settings, connections and sessions - you may already be familiar with some of them:
- Terminal Services Manager
- Terminal Services Configuration Tool
- Terminal Services Command Line Tools
- Terminal Services Group Policies
- Terminal Services WMI Provider
- Terminal Services extension to Local Users and Groups
- Active Directory Users and Computers
Additionally, connections settings that are not configured at the group, computer or user level can be set in the Remote Desktop Client application on a per-session basis.
In mixed Windows environments, it may be necessary to use a combination of tools. For example, you may configure your Windows Server 2008 Terminal Servers through Group Policies, and use the Terminal Services Configuration tool to configure servers that are running previous versions of Windows. Similarly there will be cases where two or more connections are present on the same computer, and where it is preferred to configure each connection separately. In this case, Group Policy would not be the ideal method. You would use the Terminal Services Configuration tool instead as it allows you to configure Terminal Services settings on a per-connection basis.
Let's take a look at some of the different tools individually - beginning with the Terminal Services Manager:
The Terminal Services Manager MMC snap-in may be used to perform the following tasks on local or remote Terminal Servers:
- Remotely control a user's session
- Display information about server, sessions, users and processes
- Connect to and disconnect from sessions
- Monitor sessions
- Reset sessions
- Send messages to users
- Log off users
- Terminate processes
One thing to note is that the
Favorites
feature that was present in the Terminal Services Manager on Windows Server 2003 has been enhanced and renamed to
Groups
in the Terminal Services Manager on Windows Server 2008. Instead of being restricted to a single
Favorites
group for specific Terminal Servers, you now have the ability to create multiple groups that you can organize based on your own preferences - an example is shown below. In addition to providing the ability to create groups and manually add Terminal Servers to the groups in the Terminal Services Manager console, you can now also import a list of Terminal Servers from a Session Broker farm by using the
Import from TS Session Broker
option as shown below:
In Windows Server 2003, Terminal Services Manager was implemented in TSAdmin.exe. In Windows Server 2008, Terminal Services Manager is implemented as an MMC snap-in ( TSAdmin.msc , TSAdmin.dll ).
The Terminal Service Configuration MMC snap-in may be used to configure the properties of the Terminal Services listener(s) defined on the server as well the settings for temporary folder, security and licensing. The default Terminal Services listener is named RDP-Tcp. In Windows Server 2008, the Terminal Services Configuration snap-in is implemented in TSConfig.msc (and TSConfig.dll ). In previous versions of Windows, the Terminal Services Configuration console was implemented in TSCC.msc . The Terminal Services Configuration console may be used to perform the following actions on local or remote servers:
- Name a connection
- Specify a connection type
- Specify a connection transport and transport properties
- Set the maximum number of sessions allowed
- Enable or disable logons through the connection
- Set connection time-outs
- Set the encryption level
- Set whether to disconnect broken connections
- Enable or disable session remote control
- Enable or disable automatic logons
- Specify a program to run when a user logs on
- Override user profile settings for wallpaper
- Set permissions on the connection
- Set client device mapping and connection parameters
There are also several command-line tools that can be used to perform administrative functions. The table below lists the various command-line tools:
| Command | Description |
| Change | Changes TS settings for logons, COM port mappings and install mode |
| Change logon | Enables or disables logons from client sessions on a Terminal Server, or displays current logon status |
| Change port | Lists or changes the COM port mappings to be compatible with MS-DOS applications |
| Change user | Changes the install mode for the terminal server |
| Chglogon | Enables or disables logons from client sessions on a Terminal Server, or displays current logon status |
| Chgport | Lists or changes the COM port mappings to be compatible with MS-DOS applications |
| Chguser | Changes the install mode for the Terminal Server |
| Flattemp | Enables or disables flat temporary folders |
| Logoff | Logs off a user from a session on a TS and deletes the session from the server |
| Msg | Sends a message to a user on a Terminal Server |
| Mstsc | Creates connections to Terminal Servers or other remote computers |
| Qappsrv | Displays a list of Terminal Servers on the network |
| Qprocess | Displays information about processes that are running on a Terminal Server |
| Query | Displays information about processes, sessions and Terminal Servers |
| Query process | Displays information about processes that are running on a Terminal Server |
| Query session | Displays information about sessions on a Terminal Server |
| Query termserver | Displays a list of Terminal Servers on the network |
| Query user | Displays information about user sessions on a Terminal Server |
| Quser | Displays information about user sessions on a Terminal Server |
| Qwinsta | Displays information about sessions on a Terminal Server |
| Reset session | Enables you to reset (delete) a session on a Terminal Server |
| Rwinsta | Enables you to reset (delete) a session on a Terminal Server |
| Shadow | Enables you to remotely control an active session of another user on a Terminal Server |
| Tscon | Connects to another session on a Terminal Server |
| Tsdiscon | Disconnects a session from a Terminal Server |
| Tskill | Ends a process running in a session on a Terminal Server |
| Tsprof | Copies the Terminal Services user configuration information from one user to another |
There are also some command-line tools that have been deprecated in Windows Server 2008
| Command | Description |
| Tsshutdn | Shuts down a Terminal Services server |
| Register | Registers a program so that it has special execution characteristics |
| Cprofile | Removes user-specific file associations from a user's profile |
Since TSSHUTDN.EXE is not included with Windows Server 2008, the recommended method for shutting down or restarting a Windows Server 2008 Terminal Server is by using SHUTDOWN.EXE. When shutting down or restarting a Windows Server 2008 Terminal Server, any logged-on users will see a dialog indicating that a shutdown is in process and that they will be logged off from their Terminal Server session.
Before we wrap up, let's take a look at a couple of management tools that can be used to manage Terminal Services properties programmatically - the ADSI Extension for Terminal Services and the Terminal Services WMI Provider. The Active Directory Services Interface (ADSI) extension for Terminal Services user configuration is a library implemented in TSUSEREX.DLL . Administration of Terminal Services -specific user properties is possible using the methods implemented by the extension. The methods allow configuration of the properties that are available in the Terminal Services extension interface that adds the following Terminal Services-specific tabs to the properties sheet of a user account:
- Remote Control
- Terminal Services Profile
- Environment
- Sessions
The ADSI extension for Terminal Services user configuration supports the examination and manipulation of Terminal Services user properties stored in the Directory Services database. The extension also supports configuration of user properties that are stored in the Active Directory, through the Lightweight Directory Access Protocol (LDAP) API. ADSI provides an interface to Active Directory that also allows administrators to create scripts tailored to Terminal Services configuration requirements using the Terminal Services ADSI extension.
Moving on to the Terminal Services WMI provider in Windows Server 2008, this provider enables Terminal Server administration using WMI interfaces. The Terminal Services WMI provider allows administrators to create customized scripts for configuring, managing and querying Terminal Servers. It contains properties and methods that can perform the same tasks as the traditional Terminal Services configuration tools and command-line utilities, but remotely and via scripted applications. The Terminal Services Configuration WMI provider is implemented in tscfgwmi.mof and tscfgwmi.dll . A description of some of the classes associated with the WMI provider are listed below:
| WMI Class | Description |
| Win32_TerminalService | The Win32_TerminalService class is a subclass of the Win32_Service class and inherits all its properties and methods. In addition, Win32_TerminalService represents the Element property of the Win32_TerminalServiceToSetting Association |
| Win32_TSSessionDirectory | Defines the configuration for Win32_TSSessionDirectorySetting. This includes properties such as Session Broker store, Cluster Name and Additional parameters |
| Win32_TerminalServiceSetting | Defines the configuration for TerminalServerSetting, including properties such as Terminal Server Mode, Licensing, Active Desktop, Permissions Capability, Deletion of Temporary folders and per-session Temporary folders |
| Win32_Terminal | Associates a TerminalSetting and its several configuration setting groups such as General, Logon, Session, Environment, Remote Control, Client, Network Adapter and Permission |
| Win32_TSGeneralSetting | Defines the configuration for properties such as Protocol, Transport, Comment, Windows Authentication and Encryption Level |
| Win32_TSLogonSetting | Defines the configuration for properties such as ClientLogonInfoPolicy, UserName, Domain and Password |
| Win32_TSClientSetting | Defines the configuration for properties such as connection policy, Windows printer mapping, COM port mapping etc |
A comprehensive list of the WMI classes for Terminal Services is available online - the link is below in the Additional Resources section.
With that, we will wrap up this post. Tomorrow we'll discuss Terminal Services Network Level Authentication and Encryption. Until next time ...
Additional Resources:
| Share this post : |
|
|
|
|
|
Microsoft