This article is based on NT 5.0, Beta 3.
I will concentrate on what’s new and changed in Windows 2000 and how to install the
terminal services component.
Two become One
The first major change is there is no Windows 2000 Terminal Server Edition as there is
with NT 4.0. It is now just one product, Windows 2000 Server (or Advanced Server or
Datacentre). Terminal services is now an optional component of Windows 2000 and can be
installed and removed the in the same way as any other service, for example DNS. However,
there are issues that make constant installing and removing of the component a bad idea.
One obvious advantage with the integration of the standard Windows 2000 build is that
there are no more specialised terminal server edition service packs and hotfixes. Users of
the 4.0 TSE have to wait longer for special versions of all services packs and fixes that
work on Terminal Server Edition. Now there will just one service pack which will encompass
the terminal server technology.
Installing the Terminal Services Component
The Terminal Services component can be installed during installation of Windows 2000 or at
a later time. Here follows a step by step guide to installing on an existing Windows 2000
installation: If you upgrade 4.0 Terminal Server Edition then the terminal services
component will automatically be installed. However, you can not upgrade directly
from Citrix Winframe (based on the NT 3.51 product) to Windows 2000 with terminal
services. You would first need to upgrade to 4.0 TSE then upgrade to Windows 2000.
 1. Start the Add/Remove Programs control panel applet
(Start – Settings – Control Panel – Add/Remove Programs).
2. Select ‘Add/Remove Windows Components’ in the left-hand
window pane.
3. The components wizard will start, click Next.
4. Check the ‘Terminal Services’ and ‘Terminal Services
Licensing’ options. Click Next
5. You will be asked to select the mode of the terminal server, Remote
Administration Mode or Application Server Mode (I will discuss these in detail next). Make
your choice and click Next. If you select Application mode you will need to configure the
licenses within 90 days.
6. You will be warned that currently installed applications may not work
correctly. Click Next.
7. If you selected to install License Server you will be asked if the
license server is for
- The entire enterprise forest
- Current domain or workgroup
You also need to enter a location to install the license server database
(%windir%\System32\Lserver by default). Click Next.
8. Services and files will be installed and click Finish when the wizard
has completed.
9. Once complete you need to reboot the server.
You are now ready to service RPC terminal server client requests - easy.
During installation you are required to choose an installation mode of remote
administration or application server. This is because under the 4.0 edition, TSE was used
on servers that were, for example, IIS servers as it made remote administration much
easier. The problem is that normally a server is configured so background tasks take
priority, however on a terminal server edition foreground applications take priority which
lead to a performance degradation of around 15% on an IIS server.
What Microsoft has created two modes and when you select Remote Administration mode the
old service based scheduling is used so all processes have the same quantum size (quantum
is the amount of time a process gets each cycle) and background service performance is not
degraded. If you select Application Server then application scheduling is used so
foreground applications have larger quantums. There are other differences: If you
install the Remote Administration mode then you can only have two concurrent connections
and they must be Administrators (although you can change this), with Application Server
mode you can have as many as you have licenses.
Anyone who uses Terminal Server should be familiar with ‘change user /install’,
if not, shame on you). When you install software on a terminal server you need to put the
machine in a special mode so that any changes to the user profile/system are recorded in
such a way that they are also applied to all other users of the terminal server. This is
done by putting the server in to Install mode. Once you finish installing the software you
can then put the server back into execution mode by using command ‘change user
/execute’. There is a much easier way, if you install applications via the Add/Remove
programs control panel applet the system is automatically set to the correct mode.
Windows 2000 terminal server component now stops you installing software if you are not in
installation mode as shown in figure 2.
 However, beta customers found this unnecessary for Remote Admin servers as
different users don’t ‘use’ the applications on the servers and thus
installation profile changes do not need to be replicated to any other users. You
therefore don’t need to change installation mode and the dialog is not displayed.
Originally terminal services was thought as a free thrown in service to Windows 2000.
However, if you install in Application mode you have 90 days to purchase a Terminal
Services license and so while the software is bundled with 2000, to use it past 90 days
you need the licenses. This does not apply if you install with the Remote Administration
option.
The Remote Desktop Protocol (RDP) has also been improved to allow client side bitmap
caching thus saving vital bandwidth and thanks to this and other protocol optimisations
there is - 15% bandwidth reduction from 4.0 TSE.
As well as the old support clients, Windows NT (Intel and Alpha), Windows 9x and 3.11,
Microsoft has added support for the HPC-Pro platform which uses Windows CE and I’ve
configured thin clients using CE from Boundless with no problems at all.
Shadowing
Users and Administrators may be familiar with the software which allows an Administrator
to take control of a users desktop in order to, for example, install software or fix a
problem. The Citrix Metaframe add-on for 4.0 TSE enabled Administrators to take control or
view users sessions without the need for third party software.
Windows 2000 terminal server component now allows shadowing in this session without the
need for the MetaFrame add-on.
By default Administrators have the ability to shadow other users sessions providing the
user agrees to have their session controlled/viewed. By default the ability to remote
control a user’s session is defined on the user object on the ‘Remote
Control’ tab and the default is to enable remote control providing the users gives
permission. It’s possible to override these user settings by editing the
configuration of the RDP connection using the ‘Terminal Services Configuration’
MMC snap-in. Under the connections branch, right click on the ‘RDP-Tcp’
connection and select properties. Select the ‘Remote Control’ tab and by default
it will say to use the users settings, however selecting one of the other options allows
you to set the remote control to whatever your please.
 Here the user is
not asked if they agree to be shadowed.
In order to remote control a session you must be logged on as a terminal server session,
you can’t remote control from the console (MetaFrame allows you to do this).
Once you have logged in as an Administrator to remote control a session just:
- Start the Terminal Services Manager.
- Right click on the remote users session and select ‘Remote
Control’.
- You will be asked for a key sequence which will allow you to stop
controlling a session and return to their own terminal server session.
- The user to be controlled is asked if they agree and if they click
yes then you have control of their session. Their session does not display in a window;
rather your session "switches" to theirs.
- To end remote control press the key sequence you defined.
Windows 2000 is very hot on multi-lingual and there will be a
special ‘multi-lingual’ version of 2000 which supports all the different
languages and enables different users on the same machine to use different languages for
dialogs, help etc. without restarting the machine. Windows 2000 Terminal Server also
supports this and its possible to have users connected to a terminal server to be using
mixtures of English, Chinese, German, French all at the same time.
User account enhancements
A new built-in group has been added in 2000 called ‘Terminal Services Users’
which works in a similar way to the ‘Interactive Users Group’ and when a user
logs on via Terminal Services they are part of this groups. The Terminal Services Users
group SID can then be applied to files, folders, anything with an ACL and allow only
people logged on via Terminal Services access. You could also test for this group
membership during login script etc. to perform different actions.
On top of the ‘Remote Control’ tab for users, three extra tabs are added. As
shown in figure 3, ‘Terminal Services Profile’ allows an alternative profile and
local path to be specified when connecting via terminal server. The
‘Environment’ tab allows you to specify a program to automatically run when you
login via Terminal Services and options to connect to client drives and printers.
Finally the ‘Sessions’ tab allows times to be set before active and idle
sessions are disconnected and how long after a session is disconnect before it is totally
closed.
Load distribution and the alternatives
On the Windows 2000 Advanced server product load distribution can be utilised whereby a
cluster of up to 32 servers can be configured and client connections will be distributed
depending on the load of each server. There are problems with clusters of terminal
servers. If you connect to a cluster and then disconnect your session you will not be able
to reconnect as this time your session may be directed to a different server. This is one
of the key areas Microsoft at looking at improving for future versions of Windows 2000.
An alternative to clusters is to use DNS round robin which allows multiple IP addresses to
be specified for a single host and each time a client requests host resolution the IP
address list is send in a shuffled order. The RDP client then attempts to connect to each
IP listed until the connection is successful. Third party solutions such as those from
NCD, Cubix and Citrix offer additions to the core terminal services provided by Microsoft.
The last offering from Citrix offered the ICA (Independent Computer Architecture) protocol
which was going to be included in core Windows 2000 until Citrix refused to grant
Microsoft licensing rights (so I hear).
You can download a beta of MetaFrame 1.8a which is designed for Windows 2000 and seems to
work fine. You have to pay $29 (approx. £18) for the honour of beta testing their
software, or $49 (approx. £30) if you want a CD mailed to you. The Metaframe add-on has
some great features including the Java and ActiveX clients which allow you to create web
pages which contain terminal server sessions and so users can connect to a URL and then
connect to machines without needing any client software. The Citrix client supports
connections over both RDP and ICA and has the advantage of automatically updating the
client software when it detects a newer version is available. Microsoft plans to have this
feature in a future version.
Terminal Services is definitely worth a look and even if you decide its not useful for
users, installing on the servers in Remote Admin mode will allow you to gain a direct
console window in the event of a failure. This is useful if the servers are on a different
floor, building or even country. For the future we can expect to see better distribution
metrics, high-colour support, sound redirection and automatic RDP client updates (among
other things), but for the time being bolt-ons such as MetaFrame will still be considered
core components
.
[an error occurred while processing this directive] |
