WS2008: Terminal Server Management and Administration

WS2008: Terminal Server Management and Administration

  • Comments 2
  • Likes

Welcome to Day Fifteen of our series on Windows Server 2008.  There's only twelve more days until Launch Day.  Today we will be continuing on with Terminal Services, specifically the Management and Administration components.

There are several tools and methods that can be used to configure Terminal Services configuration, user settings, connections and sessions - you may already be familiar with some of them:

  • Terminal Services Manager
  • Terminal Services Configuration Tool
  • Terminal Services Command Line Tools
  • Terminal Services Group Policies
  • Terminal Services WMI Provider
  • Terminal Services extension to Local Users and Groups
  • Active Directory Users and Computers

Additionally, connections settings that are not configured at the group, computer or user level can be set in the Remote Desktop Client application on a per-session basis.

In mixed Windows environments, it may be necessary to use a combination of tools.  For example, you may configure your Windows Server 2008 Terminal Servers through Group Policies, and use the Terminal Services Configuration tool to configure servers that are running previous versions of Windows.  Similarly there will be cases where two or more connections are present on the same computer, and where it is preferred to configure each connection separately.  In this case, Group Policy would not be the ideal method.  You would use the Terminal Services Configuration tool instead as it allows you to configure Terminal Services settings on a per-connection basis.

Let's take a look at some of the different tools individually - beginning with the Terminal Services Manager:

The Terminal Services Manager MMC snap-in may be used to perform the following tasks on local or remote Terminal Servers:

  • Remotely control a user's session
  • Display information about server, sessions, users and processes
  • Connect to and disconnect from sessions
  • Monitor sessions
  • Reset sessions
  • Send messages to users
  • Log off users
  • Terminate processes

One thing to note is that the Favorites feature that was present in the Terminal Services Manager on Windows Server 2003 has been enhanced and renamed to Groups in the Terminal Services Manager on Windows Server 2008.  Instead of being restricted to a single Favorites group for specific Terminal Servers, you now have the ability to create multiple groups that you can organize based on your own preferences - an example is shown below.  In addition to providing the ability to create groups and manually add Terminal Servers to the groups in the Terminal Services Manager console, you can now also import a list of Terminal Servers from a Session Broker farm by using the Import from TS Session Broker option as shown below:

In Windows Server 2003, Terminal Services Manager was implemented in TSAdmin.exe.  In Windows Server 2008, Terminal Services Manager is implemented as an MMC snap-in (TSAdmin.msc, TSAdmin.dll).

The Terminal Service Configuration MMC snap-in may be used to configure the properties of the Terminal Services listener(s) defined on the server as well the settings for temporary folder, security and licensing.  The default Terminal Services listener is named RDP-Tcp.  In Windows Server 2008, the Terminal Services Configuration snap-in is implemented in TSConfig.msc (and TSConfig.dll).  In previous versions of Windows, the Terminal Services Configuration console was implemented in TSCC.msc.  The Terminal Services Configuration console may be used to perform the following actions on local or remote servers:

  • Name a connection
  • Specify a connection type
  • Specify a connection transport and transport properties
  • Set the maximum number of sessions allowed
  • Enable or disable logons through the connection
  • Set connection time-outs
  • Set the encryption level
  • Set whether to disconnect broken connections
  • Enable or disable session remote control
  • Enable or disable automatic logons
  • Specify a program to run when a user logs on
  • Override user profile settings for wallpaper
  • Set permissions on the connection
  • Set client device mapping and connection parameters

There are also several command-line tools that can be used to perform administrative functions.  The table below lists the various command-line tools:

Command Description
Change Changes TS settings for logons, COM port mappings and install mode
Change logon Enables or disables logons from client sessions on a Terminal Server, or displays current logon status
Change port Lists or changes the COM port mappings to be compatible with MS-DOS applications
Change user Changes the install mode for the terminal server
Chglogon Enables or disables logons from client sessions on a Terminal Server, or displays current logon status
Chgport Lists or changes the COM port mappings to be compatible with MS-DOS applications
Chguser Changes the install mode for the Terminal Server
Flattemp Enables or disables flat temporary folders
Logoff Logs off a user from a session on a TS and deletes the session from the server
Msg Sends a message to a user on a Terminal Server
Mstsc Creates connections to Terminal Servers or other remote computers
Qappsrv Displays a list of Terminal Servers on the network
Qprocess Displays information about processes that are running on a Terminal Server
Query Displays information about processes, sessions and Terminal Servers
Query process Displays information about processes that are running on a Terminal Server
Query session Displays information about sessions on a Terminal Server
Query termserver Displays a list of Terminal Servers on the network
Query user Displays information about user sessions on a Terminal Server
Quser Displays information about user sessions on a Terminal Server
Qwinsta Displays information about sessions on a Terminal Server
Reset session Enables you to reset (delete) a session on a Terminal Server
Rwinsta Enables you to reset (delete) a session on a Terminal Server
Shadow Enables you to remotely control an active session of another user on a Terminal Server
Tscon Connects to another session on a Terminal Server
Tsdiscon Disconnects a session from a Terminal Server
Tskill Ends a process running in a session on a Terminal Server
Tsprof Copies the Terminal Services user configuration information from one user to another

There are also some command-line tools that have been deprecated in Windows Server 2008

Command Description
Tsshutdn Shuts down a Terminal Services server
Register Registers a program so that it has special execution characteristics
Cprofile Removes user-specific file associations from a user's profile

Since TSSHUTDN.EXE is not included with Windows Server 2008, the recommended method for shutting down or restarting a Windows Server 2008 Terminal Server is by using SHUTDOWN.EXE.  When shutting down or restarting a Windows Server 2008 Terminal Server, any logged-on users will see a dialog indicating that a shutdown is in process and that they will be logged off from their Terminal Server session.

Before we wrap up, let's take a look at a couple of management tools that can be used to manage Terminal Services properties programmatically - the ADSI Extension for Terminal Services and the Terminal Services WMI Provider.  The Active Directory Services Interface (ADSI) extension for Terminal Services user configuration is a library implemented in TSUSEREX.DLL.  Administration of Terminal Services -specific user properties is possible using the methods implemented by the extension.  The methods allow configuration of the properties that are available in the Terminal Services extension interface that adds the following Terminal Services-specific tabs to the properties sheet of a user account:

  • Remote Control
  • Terminal Services Profile
  • Environment
  • Sessions

The ADSI extension for Terminal Services user configuration supports the examination and manipulation of Terminal Services user properties stored in the Directory Services database.  The extension also supports configuration of user properties that are stored in the Active Directory, through the Lightweight Directory Access Protocol (LDAP) API.  ADSI provides an interface to Active Directory that also allows administrators to create scripts tailored to Terminal Services configuration requirements using the Terminal Services ADSI extension.

Moving on to the Terminal Services WMI provider in Windows Server 2008, this provider enables Terminal Server administration using WMI interfaces.  The Terminal Services WMI provider allows administrators to create customized scripts for configuring, managing and querying Terminal Servers.  It contains properties and methods that can perform the same tasks as the traditional Terminal Services configuration tools and command-line utilities, but remotely and via scripted applications.  The Terminal Services Configuration WMI provider is implemented in tscfgwmi.mof and tscfgwmi.dll.  A description of some of the classes associated with the WMI provider are listed below:

WMI Class Description
Win32_TerminalService The Win32_TerminalService class is a subclass of the Win32_Service class and inherits all its properties and methods.  In addition, Win32_TerminalService represents the Element property of the Win32_TerminalServiceToSetting Association
Win32_TSSessionDirectory Defines the configuration for Win32_TSSessionDirectorySetting.  This includes properties such as Session Broker store, Cluster Name and Additional parameters
Win32_TerminalServiceSetting Defines the configuration for TerminalServerSetting, including properties such as Terminal Server Mode, Licensing, Active Desktop, Permissions Capability, Deletion of Temporary folders and per-session Temporary folders
Win32_Terminal Associates a TerminalSetting and its several configuration setting groups such as General, Logon, Session, Environment, Remote Control, Client, Network Adapter and Permission
Win32_TSGeneralSetting Defines the configuration for properties such as Protocol, Transport, Comment, Windows Authentication and Encryption Level
Win32_TSLogonSetting Defines the configuration for properties such as ClientLogonInfoPolicy, UserName, Domain and Password
Win32_TSClientSetting Defines the configuration for properties such as connection policy, Windows printer mapping, COM port mapping etc

A comprehensive list of the WMI classes for Terminal Services is available online - the link is below in the Additional Resources section.

With that, we will wrap up this post.  Tomorrow we'll discuss Terminal Services Network Level Authentication and Encryption.  Until next time ...

Additional Resources:

- CC Hameed

Share this post :
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment