Thursday, May 15, 2008

Windows Terminal Services Roles –Windows Server 2008

Install the Terminal Services Roles

TS is a role that is installed from the Server Manager, while Terminal Server, TS Web Access,

TS Licensing, TS Gateway, and TS Session Broker are all role services that you can

separately select while you are installing the TS role. TS Configuration and TS Manager

are automatically installed with TS Services, while TS RemoteApp is automatically installed

with Terminal Server.

NOTE It is not recommended that you install TS on an Active Directory domain controller because

it increases your security risks and, since TS uses a lot of computer resources, it degrades AD's

performance. Running TS within an AD domain is needed for some of TS's functions, such as TS

Session Broker, and provides added capabilities to others, such as TS Licensing.

NOTE To install the TS role and the role services discussed here, if you have not already done so, you

will be told to also install Network Policy And Access Services, Web Server (IIS), and Windows Process

Activation Service. The Add Roles Wizard will automatically lead you through those additional installations.

1. If the Server Manager is not already open, click Start | Server Manager. In any

case, click Roles in the left pane of the Server Manager window and click Add

Roles in the right pane.

2. Click the role services that you want to install. For the sake of following the

discussion here, click Terminal Server, TS Session Broker (you must be in a

domain), TS Gateway (click Add Required Features), and TS Web Access (click

Add Required Role Services), and click Next.

3. Read the note about the need to install any application you want to run with

TS after installing TS and click Next.

4. Read about Network Level Authentication and decide if you want to use it. A

major factor is that it is available only with Remote Desktop Protocol (RDP) 6.0,

which is in Windows Vista and Windows Server 2008 and can be downloaded

for Windows XP SP2 and Windows Server 2003 SP1 or SP2, but it significantly

enhances security. Click your choice and click Next.

5. You are asked to determine the type of TS licensing you want to use. For the

discussion here, leave that decision to a later section in this chapter. You have

120 days to make the decision. Leave the default, Configure Later, selected and

click Next.

6. Add the users or user groups that will use TS by clicking Add, clicking

Advanced, clicking Find Now, double-clicking a user or group in the list, and

clicking OK. Repeat this as you need. When you are ready, click Next.

7. You are told that TS Gateway requires a certificate to use the Secure Sockets

Layer (SSL) protocol to encrypt transmissions and you have three options for

a certificate (see Figure 11-2), two of which are discussed here:

a. If you have a certificate on the server already, click the first option; if the

certificate is in the Windows certificate store, it will be listed. Otherwise,

click Import and follow the steps of the Certificate Import Wizard, clicking

Next as needed.

b. If you don't have a certificate, click the second option, and a self-signed

certificate will be created for you.

8. Click Next. A TS connection authorization policy (TS CAP), which allows

users to pass through a TS Gateway and access a network, and a TS resource

authorization policy (TS RAP), which allows users to pass through a TS

Gateway and utilize particular computers running Terminal Server and other

resources, are explained. Click Now to create the policies now and click Next.

9. Add the user groups that will use TS Gateway as described in Step 7 and click


10. Enter the name for your TS CAP, accept the default of using a password, and

click Next. Enter the name for your TS RAP, choose whether to use specific

computer groups you select or all computers on the network, and click Next.

11. If it is not already installed, read the introduction to Network Policy And

Access Services and click Next. Accept the default of installing the Network

Policy Server role service and click Next.

12. Read the introduction to Web Server IIS and click Next. Accept the default role

services that are checked and click Next.

13. Review the roles and role services that will be installed to implement TS and its

services. If you want to change anything, click Previous and make the change.

When you are ready, click Install. The installation process will take a few minutes.

14. Click Close, and click Yes to restart your computer. After restarting your roles,

role services will be configured and you will be given a warning message that

TS Licensing is not installed and that you have 119 days to do that (the day

you install it counts as the first day). When it is done, you will be told it was

successful. Click Close.

NOTE The warning message that TS Licensing is not installed and that you have so many days to do

that will reappear every time you restart your computer. This is called "nagware" and it is unfortunate

that Microsoft is using it.

15. Open Roles in the left column of the Server Manager and click Terminal

Services. In the right pane, you should see three informational events that tell

you that your TS RAP, TS CAP, and certificate have been created; the system

services that are running; and the role services that are installed, as shown in

No comments:

Windows 2008 Resources and Development

Windows 2008 Resources and Development
Windows 2008