Windows Server 2008 R2 Remote Desktop Services

Microsoft

Windows Server

2008

R2

Remote

_Desktop

_Services

Resource Kit

Christa Anderson and

Kristin

L.

Griffin

Contents

Acknowledgments

_xv

Introduction _xvii

Chapter

1

_Introducing

Remote

_Desktop

Services

₁

WhereDidRDS ComeFrom? ₂ CitrixMultiWin ₂

Windows NT, Terminal Server Edition ₂

Windows2000 Server ₃

WindowsServer2003 ₃ Windows Server 2008 ₄ WindowsServer2008 R2 and RDS ₄

The

_Evolving

Remote ClientAccess

_Experience

₆

WhatCan You Do withRDS? 7

Improved Security

forRemoteUsers 8

Provisioning

NewUsers

Rapidly

9

Enabling

RemoteWork ₉

Bringing

Windowsto

_{PC-Unfriendly}

_{Environments 10}

Business

_Continuity

and Disaster

_Recovery

₁₁

Supporting

Green

Computing

11

Improved

Command-Line

_Support

₁₂ RDS forWindows Server2008R2: NewFeatures 12 The

_Changing

Characterof RD Session Host

_Usage

13 New RDS

_Technology

inWindowsServer 2008 R2 19 RDS Roles inWindowsServer 2008 R2 24 HowOtherServices

_Support

RDS ₃₂

TheClientConnection ₃₃

Hosting

VMs ₃₄

Authenticating

ServerswithCertificates ₃₄

Enabling

WANAccessand

_Displaying

Remote Resources ₃₄

Updating

Userand

_{Computer Settings}

₃₅

Functionality

for RDS

_Scripters

and

_Developers

₃₅

Summary

35

Additional Resources

36

What doyouthink of this

book?

We wantto hear from

_you!

Microsoft is interestedin_hearingyourfeedbacksowe can

continually

improveour

booksandlearningresourcesforyou. Toparticipateinabriefonline_{survey,please}visit:

microsoft.com/learning/booksurvey

Chapter

2

_Key

Architectural

_Concepts

for Remote

_Desktop

Services

39

Know Your

_{Application Delivery System}

40 RD Session Host Servers 40 RD Virtualization Host Servers 40 Relevant Windows Server 2008 R2 Internals 41 Windows Server 2008 R2 Is 64-Bit

_Only

41

How DoesanRD Session Host Server Dole Out Processor

Cycles?

43

HowDo RD Session Host Servers Use

_Memory

More

Efficiently?

45

How Does Disk Affect

Application Delivery?

56 How DoesVirtualization Affect Resource

Usage?

59

Determining System Requirements

for RDSession HostServers 66

Designing

aLive Test 69

Executing

theTests 70

Using

theRDLoad Simulation Tool 77 An Alternative toFull

_Testing:

_{Extrapolation}

91 Other

_Sizing

Questions 95

Supporting

Client Use Profiles 99

Client Hardware: PCorThin Client? 99

What's the Best License Model? 100 What

_Applications

Can I RunonanRD Session Host Server? 101

What Version of Remote

_Desktop

Connection Do I Need? 109 What Role Services Do I Needto

_{Support My}

Business? 114

Summary

114

Additional Resources 115

Chapter

3

_Deploying

a

_Single

Remote

_Desktop

Session Host Server 117

How RD Session Host ServersWork 117

Services Supporting RDSession Host 117

Creating

and

Supporting

aSession 119

Installing

anRD Session Host Server 134

Installing

anRD Session Host ServerUsing theAdministrative

Tools Interface 134

Installing

anRD Session Host Server from the Command Line 142

Essential RD Session Host

_{Configuration}

144

Allocating

Processor Time 145

Enabling

Plug

and

_Play

Redirection with the

_{Desktop Experience}

150

Adjusting

Server

_Settings

with Remote

_{Desktop Configuration}

150

Installing Applications

on an RD Session Host Server 164

Which

_Applications

Will Work? 165

Storing Application-Specific

Data 168

Avoiding Overwriting

User ProfileData 170

Populating

the Shadow Key 171

Summary

174 Additional Resources 174

Chapter

4

_Deploying

a

_Single

Remote

_Desktop

Visualization

Host

Server 175

WhatlsVDI? 175

How MicrosoftVDIWorks 178 TheCentral RoleoftheRD ConnectionBroker 179

Discovering

aVM 181

Brokering

aConnection 182

Orchestrating

aVM 184

Connecting

toaVMPool 185

Connecting

toaDisconnectedSession 186

Rolling

BackaVM 186

Connecting

toaPersonal

_Desktop

187

Installing

Supporting

Rolesfor VDI 188

Installing

theRDVisualizationHost 190

Installing

RD Virilization Host Role Service via WindowsPowerShell 192

Installing

RD Connection Broker 193

Configuring

RD Web Access 195

Configuring

the RD Connection Broker Server 197

Setting Up

VMs 203

Creating

Pools 209

Assigning

Personal

_Desktops

212

Configuring

Personal and Pooled VM

_Properties

216

Using RemoteApp

for

_Hyper-V

for

_Application

_{Compatibility}

218

Configuring RemoteApp

on

Hyper-V

220

Can YouUse

RemoteApp

for

_Hyper-V

WithoutRDS? 222

Summary 224

Additional Resources 224

Chapter

5

_Managing

User Data

ina

Remote

_Desktop

Services

_Deployment

225

How Profiles Work 226

Types

of Profiles 227

How Profiles Are Created 228 Profile Contents External tothe

_Registry

233

Storing

Profiles 239

Providing

aConsistent Environment 241

Design Guidelinesfor User Profiles 242 Balance

Flexibility

and Lockdown 243

Use FolderRedirection 244

Compartmentalize

When

_Necessary

244

Prevent Usersfrom

Losing

Filesonthe

_Desktop

245

Upload

Profile

Registry Settings

in the

_Background

246

Speed Up Logons 246

Deploying

Roaming Profiles with Remote

Desktop

Services 248

Creating

a New

Roaming

Profile 248

ConvertinganExisting Local Profiletoa

Roaming

Profile 254

Customizing

a Default Profile 255

Using Group Policy

to

_{Manage Roaming}

Profiles 257

Using Group Policy

to Definethe

_Roaming

Profile Share 267

Speeding Up Logons

268

Centralizing

PersonalDatawith Folder Redirection 275

Sharing

Personal Folders Between Local and Remote Environments 278

Sharing

Folders Between Windows Server 2003 and Windows Server 2008

R2

_Roaming

Profiles 279

Setting

Standards with

_Mandatory

Profiles 281

Converting Existing Roaming

Profilesto

_Mandatory

Profiles 283

Creating

a

Single Mandatory

Profile 284

Creating

aSafe

Read-Only Desktop

286

Decrease

Logon

Times with Local

_Mandatory

Profiles 286 Profile and Folder Redirection

_{Troubleshooting Tips}

287

Summary 288

AdditionalResources 289

CHAPTER 6

_Customizing

the User

_Experience

291

How

_Remoting

Works 291

WhatDefinesthe Remote ClientExperience? 293 The FoundationofRDP: VirtualChannelsand PDUs 296 Basic

_{Graphics Remoting}

299

Advanced

_{Graphics Remoting}

305

Moving

the Client

_Experience

tothe Remote Session 307 Which Client Devices Can You Addtothe Remote Session? 307 Pros and Cons of

_Redirecting

Resources 313 Device and File

_System

Redirection 314

Playing

Audio 326

How the RDC Version Affects the User

_{Experience—or}

Doesn't 330

Printing

with RDP 334

Printing

toa

Directly

Connected Printer 335

Printing

viaRedirected Printers 337

Printing

from Remote

Desktop

Services 344

WhenYou Cannot Use RDEasy Print 350

Controlling

Printer Redirection 354

Troubleshooting Printing

Issues 358

Summary 359

AdditionalResources 360

Chapter

7

_Molding

and

_Securing

the

User Environment 363

Locking

Down the Server 364

Restricting

Device andResource Redirection 365

Preventing

Usersfrom

Reconfiguring

the Server 367

Preventing

Access tothe

_Registry

368

Closing

Back DoorsonRD Session Host Servers 369

Controlling

Libraries 375

Preventing

Users from

_Running

Unwanted

_Applications

376

Using

SoftwareRestriction Policies 378

Using

AppLocker

381

Creating

a

Read-Only

Start Menu 391

Keeping

the RD Session Host Server Available 393

Allowing

or

Denying

Accesstothe RDSession Host Server 393

Limiting

theNumber of RD Session Host ServerConnections 393

Setting

Session Time Limits 394

Taking

Remote Control of User Sessions 394

Summary

398

AdditionalResources 398

Chapter

8

_Securing

Remote

_Desktop

Protocol

Connections

401

Core

_{Security Technologies}

402

Transport Layer Security

402

Credential

_Security

ServiceProvider 405

Using

RDP

_Encryption

409

Understanding Encryption Settings

409

Choosing

Encryption Settings

410

Authenticating

Server

_{Identity (Server Authentication)}

410

Establishing

aKerberos Farm

Identity

411

'

_Creating

Test Certificates foraServer Farm 411

Authenticating

Client

_Identity

withNetwork LevelAuthentication(NLA) 415

Speeding Logons

with

_{Single Sign-on}

. 416

Configuring

the

_{Security Settings}

ontheRDSession Host Server 417

Configuring

Connection

Security Using

RD Session Host

_{Configuration}

417

Configuring

Connection

_{Security Using Group}

_Policy

₄₁₉

Summary

420

Additional Resources ₄₂₁

Chapter

9

Multi-Server

_Deployments

423

Key Concepts

forMulti-Server

Deployments

423

RD Session Host Farms ₄₂₄

RemoteApp

Internals 424

Server-Side

_Components

426 Client-Side

_Components

₄₂₇

RemoteApp Programs

and

Multiple

Monitors 428

Creating

and

_Deploying

aFarm ₄₃₁

Distributing

Initial Farm_Connections

432

Connection

_Brokering

inaFarmScenario ₄₃₃ RDS FarmConnection

_Brokering

in Action ₄₃₄

Deploying

RDSessionHostFarms ₄₃₉

PermitRD Session Host ServerstoJoin RD_{Connection Broker 440}

JoinRD Session Host Serverstoa Farm ₄₄₇

Publishing

and

_Assigning

_Applications

Using RemoteApp Manager

454

Adding

Applications

to theAllowList ₄₅₅

Configuring

Global

_{RemoteApp Deployment}

_Settings

₄₅₇

Editing RemoteApp

Properties

₄₆₄

Maintaining

AllowList

_Consistency

Acrossthe Farm 469

Configuring

Timeoutsfor

_RemoteApp

_Sessions

471

Signing

Already-Created

RDP Files ₄₇₂

Setting Signature

Policies

474

Distributing RemoteApp

Programs

₄₇₅

Distributing

RDP Files

475

Distributing

MSI Files

476

Delivering RemoteApp

Programs

and VMs

_Through

_{RD Web Access}

478

RD Web_{Access Sources}

478

Installing

theRD WebAccessRoleService ₄₈₁

Configuring

RD Web Access ₄₈₂

Customizing

RD WebAccess ₄₈₈

Troubleshooting

RDWebAccess Permissions ₄₉₆

Using

the RDWebAccess Website

497

Using RemoteApp

And

_Desktop

Connections ₅₀₂

Summary

505

AdditionalResources

506

Chapter

10

_Making

Remote

_Desktop

_{Services Available}

_from

_{the Internet}

507

How RD

Gateway

Works

507

Understanding

RD

_Gateway

_{AuthorizationPolicies}

509 RD

_{Gateway Requirements}

510

Installing

RD

_Gateway

512

Installing

RD

_Gateway

_{Using WindowsPowerShell}

515

Creating

and

_Maintaining

RD

_Gateway

_{Authorization Policies 515}

Creating

anRDCAP ₅₁₆

Creating

an RDRAP ₅₁₉

Modifying

an

Existing

Authorization

Policy

521

Configuring

RD

Gateway

Options ₅₂₁

Tuning

RD

_{Gateway Properties}

522

Using

RD

_Gateway

_Computer

_Groups

_toEnable

Access toaServer Farm 530

Bypassing

RD

_Gateway

for_{Internal Connections}

533

Using Group Policy

to ControlRD

_Gateway

_{Authentication}

_Settings

₅₃₃

Monitoring

and

Managing

Active RD

_Gateway

_{Connections 534}

Creating

aRedundantRD

_{Gateway Configuration}

537

Using

NLB toLoad-BalanceRD

_Gateway

Servers 537

Preventing Split

SSL ConnectionsonRD

_Gateway

542

Maintaining

Identical

_Settings

AcrossanRD

_Gateway

Farm 543

Using

NAP with RD

_Gateway

554

Troubleshooting

DeclinedConnections 573

Placing

RDWebAccess and RD

_Gateway

576

RDWeb Access for ExternalAccess 576

RD

Gateway

Inside thePrivateNetwork 578 RD

_Gateway

in thePerimeterNetwork 579 RD

_Gateway

in the Internal Network and

_Bridged

581

Summary

586

AdditionalResources 586

Chapter

11

_Managing

Remote

_Desktop

Sessions

589

Introducing

RD Session Host

_Management

Tools 590 The Remote

_Desktop

Services

Manager

591 Command-LineTools 595

Connecting Remotely

to Servers for Administrative

_Purposes

598

Managing

RDSessionHost ServersfromWindows 7 599

Organizing

ServersandVMsin theRemote

_Desktop

Services

_Manager

600

Monitoring

and

_Terminating

Processes 602

Monitoring

Application

Use 603

Terminating Applications

604

Monitoring

and

_Ending

User Sessions 605

Switching

Between Sessions 606

Closing Orphaned

Sessions 608

Providing Help

with Remote Control 610

Enabling

Remote Control via

_{Group Policy}

612

Enabling

Remote Control via RD Session Host

_{Configuration}

614

Shadowing

aUser Session 615

Troubleshooting

Session

_Shadowing

617

Preparing

for Server Maintenance 619

Disabling

New

_Logons

619

Sending Messages

toUsers 621

Shutting

Downand

_Restarting

RDSession HostServers 624

Applying

RDS

_Management

Tools 631

Differentiating

RemoteApp Sessions from Full

Desktop

Sessions 631

Auditing Application

Usage 633

Auditing

User Logons 639

Closing Unresponsive Applications

640

Summary 641

Additional Resources 642

Chapter

12

Licensing

Remote

Desktop

Services

643

The RDS

Licensing

Model 644

RDS

_Licensing

644

VDI

_Licensing

646

License

Tracking

andEnforcement 648

HowRD License ServersAssignRDSCALs 648

Setting Upthe RDS

_Licensing

Infrastructure 651

Installing

RD License Server 652

RDLicense ServerConnection Methods 653

Activating

the License Server 653

Background:

How RDS CALs AreTiedto an RD License Server 657

Adding

LicenseServers to AD DS 660

Installing

RDS CALs 660

Configuring

RD Session Host Servers to Use RD License Servers 662

Configuring

RD License Servers toAllow Communication From

RDSessionHost Servers 663

Migrating

RDSCALs fromOne License Server toAnother 663

Rebuilding

the RDLicenseServer Database 665

Backing Up

anRDLicense Serverand

_Creating

_Redundancy

665

Managing

and

_Reporting

License

_Usage

667

Revoking

RDS CALs 670

RestrictingAccess to RDS CALs 671

Preventing

License

_Upgrades

673

Using

the

_Licensing

_Diagnosis

Tool 673

Summary

675

Additional Resources 675

Index 677

books andlearningresources foryou.To_participateinabrief onlinesurvey,

please

visit: What do you

think of

this book? Wewant to hear from

_you!

Microsoft is interested inhearingyour feedbackso we can

continually

_improveour

books andlearningresources foryou.To_participateinabrief onlinesurvey,

please

microsoft.com/learning/booksurvey