Install the Terminal Services Roles
TS is a role that is installed from the Server Manager, while Terminal Server, TS Web Access,
TS Licensing, TS Gateway, and TS Session Broker are all role services that you can
separately select while you are installing the TS role. TS Configuration and TS Manager
are automatically installed with TS Services, while TS RemoteApp is automatically installed
with Terminal Server.
NOTE It is not recommended that you install TS on an Active Directory domain controller because
it increases your security risks and, since TS uses a lot of computer resources, it degrades AD's
performance. Running TS within an AD domain is needed for some of TS's functions, such as TS
Session Broker, and provides added capabilities to others, such as TS Licensing.
NOTE To install the TS role and the role services discussed here, if you have not already done so, you
will be told to also install Network Policy And Access Services, Web Server (IIS), and Windows Process
Activation Service. The Add Roles Wizard will automatically lead you through those additional installations.
1. If the Server Manager is not already open, click Start | Server Manager. In any
case, click Roles in the left pane of the Server Manager window and click Add
Roles in the right pane.
2. Click the role services that you want to install. For the sake of following the
discussion here, click Terminal Server, TS Session Broker (you must be in a
domain), TS Gateway (click Add Required Features), and TS Web Access (click
Add Required Role Services), and click Next.
3. Read the note about the need to install any application you want to run with
TS after installing TS and click Next.
4. Read about Network Level Authentication and decide if you want to use it. A
major factor is that it is available only with Remote Desktop Protocol (RDP) 6.0,
which is in Windows Vista and Windows Server 2008 and can be downloaded
for Windows XP SP2 and Windows Server 2003 SP1 or SP2, but it significantly
enhances security. Click your choice and click Next.
5. You are asked to determine the type of TS licensing you want to use. For the
discussion here, leave that decision to a later section in this chapter. You have
120 days to make the decision. Leave the default, Configure Later, selected and
click Next.
6. Add the users or user groups that will use TS by clicking Add, clicking
Advanced, clicking Find Now, double-clicking a user or group in the list, and
clicking OK. Repeat this as you need. When you are ready, click Next.
7. You are told that TS Gateway requires a certificate to use the Secure Sockets
Layer (SSL) protocol to encrypt transmissions and you have three options for
a certificate (see Figure 11-2), two of which are discussed here:
a. If you have a certificate on the server already, click the first option; if the
certificate is in the Windows certificate store, it will be listed. Otherwise,
click Import and follow the steps of the Certificate Import Wizard, clicking
Next as needed.
b. If you don't have a certificate, click the second option, and a self-signed
certificate will be created for you.
8. Click Next. A TS connection authorization policy (TS CAP), which allows
users to pass through a TS Gateway and access a network, and a TS resource
authorization policy (TS RAP), which allows users to pass through a TS
Gateway and utilize particular computers running Terminal Server and other
resources, are explained. Click Now to create the policies now and click Next.
9. Add the user groups that will use TS Gateway as described in Step 7 and click
Next.
10. Enter the name for your TS CAP, accept the default of using a password, and
click Next. Enter the name for your TS RAP, choose whether to use specific
computer groups you select or all computers on the network, and click Next.
11. If it is not already installed, read the introduction to Network Policy And
Access Services and click Next. Accept the default of installing the Network
Policy Server role service and click Next.
12. Read the introduction to Web Server IIS and click Next. Accept the default role
services that are checked and click Next.
13. Review the roles and role services that will be installed to implement TS and its
services. If you want to change anything, click Previous and make the change.
When you are ready, click Install. The installation process will take a few minutes.
14. Click Close, and click Yes to restart your computer. After restarting your roles,
role services will be configured and you will be given a warning message that
TS Licensing is not installed and that you have 119 days to do that (the day
you install it counts as the first day). When it is done, you will be told it was
successful. Click Close.
NOTE The warning message that TS Licensing is not installed and that you have so many days to do
that will reappear every time you restart your computer. This is called "nagware" and it is unfortunate
that Microsoft is using it.
15. Open Roles in the left column of the Server Manager and click Terminal
Services. In the right pane, you should see three informational events that tell
you that your TS RAP, TS CAP, and certificate have been created; the system
services that are running; and the role services that are installed, as shown in
No comments:
Post a Comment