 Lee Madajczyk |
 |
Using Terminal Services for Remote Administration |
• April 19, 2001 •
Did you know that your Windows 2000 Server has built-in remote administration software? Are you aware that you - if your server has a direct Internet connection - can install a free package from Microsoft that will allow you to access your machine through the Internet with only a web browser? As if that wasn't enough, this functionality is included free with every copy of Windows 2000 Server. Every version of the Windows 2000 Server kernel ships with Terminal Services, but you must take a few steps to enable it.
The Terminal Services in Windows 2000 closely resembles the Windows NT Terminal Server Edition operating system. Although based on the Windows NT TSE operating system, the Windows 2000 development team added some serious tweaks and features to make this an awesome upgrade. But they also added an additional option for remote administration.
There are two different modes to Terminal Services in Windows 2000. Application Server mode allows you to serve applications to users, and requires additional client licenses. Remote Administration mode is limited to two simultaneous client connections, does not require additional client licenses, and minimizes load on the server.
To enable Terminal Services, you'll need to use the Add/Remove Programs applet in the Control Panel. After clicking the Add/Remove Windows Components button from the window, the list of available components will be displayed. Select the checkbox for Terminal Services, but note that you do not need to install the Terminal Services Licensing option. The Terminal Services Licensing option is used only in the Application Server mode.
Once you are done selecting your options, you can press the Next button in the wizard. A screen similar to Figure 1 will be displayed, which explains the two modes of operation. Note that Remote Administration mode is select by default.
Figure 1
Once the installation is complete, a few new utilities will have been added to your Administrative Tools menu:
Terminal Services Client Creator
Terminal Services Configuration
Terminal Services Manager
|
Take a quick spin through each of these utilities and familiarize yourself with them. I find myself using the Terminal Services Manager program the most, as I like to know when sessions are open and in use.
The Terminal Services Client Creator is a very basic program designed to create floppy disks loaded with the client. Clients are included for both 16-bit (Windows 3.x) and 32-bit (Windows 9x, NT) versions of Windows. You will need 4 disks for the 16-bit version, and only two disks for the 32-bit version.
The Terminal Services Configuration snap-in is mainly used to configure top-end settings, including which mode the Terminal Server is in and how the Terminal Server handles incoming connections. By default, the installation wizard normally sets this up pretty well, but take a look at the settings to ensure that it's set in accordance with your security plan.
The Terminal Service Manager is by far the most important snap-in. This is the utility you will use to monitor connections to your server. You have complete control over all connections, including which processes are loaded into memory. It is important to note that options like Remote Control (of another Terminal Services session) are available ONLY to users who are viewing the Terminal Services Manager through a Terminal Services connection. That was a bit of a difficult sentence to write, so let me clarify it a bit. If you are sitting at the console, you will not be able to remote control a session. Microsoft explains that by saying that since you are not logged into Terminal Services, you are not using the Remote Desktop Protocol (RDP), which is required to take remote control.
Additionally, users who are logged into the Terminal Server do not have the ability to modify the console. Any and all programs that are running at the console / server level are off-limits to RDP clients. This is for obvious security reasons. Would you want someone like me shutting your applications down for you while you're logged in at the console?
Microsoft also supplies the Terminal Services Advanced Client, which allows you to remotely control your server through an ActiveX applet. This applet, under 200KB in size, needs to be installed only once on your system. I have found that it performs fairly well even on a 56K dial-up connection. The trick to the TSAC is that it uses port 3389 to contact the remote server, so to gain access, ensure that this port is not blocked by a firewall. You will receive a VBscript error if this port is somehow blocked or inaccessible.
If you're using Windows 2000 Professional, your system does not come loaded with Terminal Services. However, Microsoft has promised to include that functionality in Windows XP, the next release of Windows. Please refer to the following resources for more in-depth information:
Terminal Services Advanced Client (Information and Download) - Microsoft.Com
Exploring Terminal Services - Microsoft.Com