Terminal Server Unveiled: A Comprehensive Overview of Its Functionality
08:44, 26.12.2023
Terminal server, also known as Remote Desktop Service is a powerful tool that helps companies efficiently organize complex IT infrastructure, It provides a wide range of capabilities to manage devices, user accounts, system configurations, and other aspects, and is perhaps one of the main reasons Windows Server is used. In the following article, we want to have a look at some essential functionality and configuration of the terminal server.
Supervising Remote Desktop Services
After you’ve installed and launched your remote desktop, the next step is to figure out how to perform its regular management and supervision. There are a bunch of tools that you can use that can be accessed through the start menu by going to Administrative Tools and then Remote Desktop Services. The selection of tools:
- Remote Desktop Services Manager
- Remote Desktop Session Host Configuration
- RemoteApp Manager
- Remote Desktop Web Access Configuration
- Remote Desktop Licensing Manager
- Remote Desktop Connection Manager
- Remote Desktops
Remote Desktop Services Manager and Remote Desktop Session, as well as Remote Desktop Services, are available without the need to install a Desktop Services role. Their main purpose is the management of remote connections when it comes to administration and Remote desktop services. In particular, you might need Remote desktops for administering clients in a remote manner.
Management of Remote Desktop Services
Managing Remote Desktop Services (RDS) in Windows Server 2022 involves configuring, monitoring, and maintaining the environment to ensure secure and efficient remote access. Here are some essential steps to manage RDS in Windows Server 2022:
1.Install the Remote Desktop Services Role:
Before you are able to perform the majority of actions, you’ll need to install the Remote Desktop Services Role. To do this, you’ll need a Server Manager:
- Open Server Manager.
- Select Manage from the top-right menu.
- Choose "Add roles and features."
- Follow the wizard to add the "Remote Desktop Services" role.
2. Configure RDS Deployment:
After the role is installed, the next step is to set up your RDS deployment which includes configuring RD Session Host and some other components.
- Open Server Manager.
- In the "Remote Desktop Services" section, click on "Overview."
- Click on "Tasks" and select "Edit Deployment Properties."
- Follow the wizard to configure the deployment.
The RDS manager's main purpose is to display the info on users, sessions, and processes on an RDSH server. The remote control actions allow you to work with sessions remotely.
When operating with several RD Session Host servers, you’ll be able to add them to a single console and even group them.
User Accounts, Active Sessions, and Processes
When connected to an RD Session Host server, you’ll in the first place see three tabs – Users, Sessions, and Process. Each tab is dedicated to monitoring and managing specific fields.
The Users Tabe shows every user with sessions on the server, including both those that are active as well as disconnected ones.
The Sessions tab displays every session on the server, including such supporting sessions as Console, Listener, and Services. The sessions of connected users are displayed as RDP-TCP#x (x corresponds to the number of the session).
The Processes tab displays every process on the server. Through it, you can also kill a process by right-clicking and selecting End Process.
The tabs Users and Sessions give certain additional options that can be accessed by right-clicking on the tabs. They include:
Connect that can be used to connect to a session of a user, in case the latter will be disconnected.
Reversely, Disconnect allows you to disconnect a particular user.
Send Message allows you to send messages to users of particular sessions.
Remote control is responsible for connecting and acquiring control of a remote session. This can have a series of applications in the corporate environment.
Reset is used to delete a session. One of the possible is to free system hardware resources.
Status shows the session status.
Tools for Command-Line Control
Besides using the graphic interface, you can control many aspects of your terminal server with the help of command line commands. Here are some common commands that you might find helpful. For exemplification, we assume that the user’s name is Bob and the ID of the session is 1.
logoff: This is used to log off from the session and then delete it on the RDSH server. If you need the session number, you can get it with a query session.
msg: This is used to send messages to users on an RDSH server.
query process, qprocess: These allow you to see the info about the processes that are active on an RDSH server.
query session, qwinsta: These allow you to see the info about the sessions that are active on an RDSH server.
query users, quser: These allow you to see the info about the users’ sessions that are active on an RDSH server.
Tsdiscon: All active sessions are disconnected.
Tscon: A disconnected session is connected on an RDSH server.
Tskill: Kills a specified process in a session.
Configuring the Remote Desktop Session Host
The Remote Desktop Session Host Configuration console is responsible for configuring numerous parameters of RDSH. There are three principal setting types:
RDP-Tcp Connection settings allow you to configure all connections to the RDSH server, such as security, session, remote control, etc.
Edit Settings allows you to see settings for extra areas.
Licensing Diagnoses allows you to work with issues that have to do with the RDS licensing.
In-Depth Exploration of RDP-Tcp Connections
RDP-Tcp connection properties are responsible for configuring the entire connections to the RDSH server. This encompasses the settings of security, sessions, remote control, and others.
The section “Edit settings” envisages the active settings for the 4 extra areas. A double-click on an area will display the properties including for tabs with additional features for the settings of RDP-Tcp Connection.
To see the properties of RDP-Tcp Connection, use a double click or a right click with the eventual selection of “Properties”. Properties contain 8 tabs.
RDP-Tcp connection is available without the installation of the RDSSH role. In this case, 2 admin connections are allowed. With the role installed, the number of connections becomes unlimited.
General Settings for RDP-Tcp Properties
This tab is in the first place responsible for security, supporting the RDP Security Layer as well as SSL which has a higher level of security. If this parameter is set to Negotiate, then the RDS server will first try to use SSL if it’s supported.
Choosing Between Self-signed or Trusted Certificates
When it comes to security certificates, you can choose between self-signed and a certificate from a trusted authority which will provide a higher level of security and is the generally recommended option. However, in case your server is only for internal use, you can just pick up a self-signed certificate.
Besides the type of certificate: there are four levels of encryption you can choose:
Low: The data is not encrypted when it’s transmitted from the server to the client. When it’s sent from the client to the server, 56-bit encryption is used.
Client compatible: The encryption is used in both directions, with the strongest key available on the client.
High: 128-bit encryption is applied in both directions if it’s supported. Otherwise, clients are not allowed to connect.
FIPS Compliant: Encryption in both directions with encryption method validated by FIPS 140-1, Federal Information Process Standard.
The Environment Settings in RDP-Tcp Properties
The environment settings tab is used to launch a specific application that is launched when the RDS starts.
Remote Control Configuration in RDP-Tcp
Remote control is a feature that allows the admin to control or observe a user’s actions when performing a particular task. The remote control tab allows you to enable or disable this feature. Also, you can set up whether a user’s permission for remote control is required or not as well as how much control the admin has.
Network Adapter Configuration in RDP-Tcp
This tab is useful in case your RD Session Host server has multiple homes, so it may be useful to define which network adapters should be used. You can also set the maximum number of connections running from two to unlimited.
Enhancing Security in RDP-Tcp Properties
The security tab is responsible for users’ permissions. You can select a particular group of users and grant them particular permissions. There are four levels of permissions:
Full control: This permission encompasses these permissions: query information, set information, remote control, logon, logoff, message, connect, disconnect, and virtual channels.
User access: This permission level allows these permissions: query information, logon, and connect.
Guest access: This permission level allows only logon permission.
Special permissions: Allows you to add some of the special permissions. Among them: query information, set information, remote control, logon, logoff, message, connect, disconnect, and virtual channels.