- Windows 7 Terminal ? - Microsoft Community
- Windows 7 Terminal Services Multiple Users
- Terminal Windows 10
- Enable Terminal Services Windows 7
- Application Readiness For Terminal Services White Paper
The Windows Terminal is a new, modern, fast, efficient, powerful, and productive terminal application for users of command-line tools and shells like Command Prompt, PowerShell, and WSL. Mar 16, 2019 The Remote Logon is governed by the “Allow Logon through Terminal Services” group policy. This is under Computer Configuration Windows Settings Security Settings Local Policies User Rights Assignment. By default, the Administrators and Remote Desktop Users groups are given remote logon rights.
-->Affected Platforms
Servers – Windows Server 2008 | Windows Server 2008 R2
Description
Remote Desktop Services (formerly known as Terminal Services) allows multiple concurrent users to access Windows Server in order to provide application and data hosting services using Microsoft 'Presentation Virtualization' technology.
While most 32-bit and 64-bit applications run as is on Windows Remote Desktop Services, several others do not perform as expected due to the difference in the platform (multi-user environment, concurrent access by multiple users, and so on).
For further information regarding application quality, please read the Application Readiness for Terminal Services white paper. Visit the Remote Desktop Services product page and the TS TechNet websites learn more about Remote Desktop Services. To learn more about developing applications for Remote Desktop Services, review the Terminal Services Programming Guidelines. (These resources may not be available in some languages and countries/regions.)
Windows 7 Terminal ? - Microsoft Community
Manifestation of Impacts and Their Mitigations
Three changes in Windows 7 affect applications on Remote Desktop Services:
- Windows Server 2008 R2 is 64-bit only
- Per-session IP Virtualization
- MSI-based deployments – User-specific keys
64-bit Only Windows Server 2008 R2
Applications written for 32-bit server will run in WoW mode and not natively on the Windows Server 2008 R2 or, hence, on Remote Desktop Services. See the Windows 7 64-Bit Only topic for details.
Mitigations for 64-bit only Windows Server 2008 R2
Most applications written for 32-bit will continue to work as normal in WoW mode. Any new applications written for Windows 7 Remote Desktop Services should be developed and tested for deployment on 64-bit platforms.
IP Virtualization
Remote Desktop IP Virtualization allows the user to assign IP addresses to remote desktop connections on a per-session or per-program basis:
- If you assign IP addresses on a per-session basis, all of the applications will use the session IP address.
- If you assign IP addresses on a per-program basis, only the specified applications will use the session IP address and the remaining applications in the session will not be affected.
- If you assign IP addresses for multiple programs, they will share a session IP address.
- If you have more than one network adapter on the computer, you must also choose one of them for Remote Desktop IP Virtualization.
Mitigations for IP Virtualization
Some programs require a unique IP address for each instance of the application. Prior to Windows Server 2008 R2, every session on a remote desktop server shared the same IP address, resulting in compatibility issues for these applications. Remote Desktop IP Virtualization allows these applications to run on a Remote Desktop Server.
MSI-based Deployments
Microsoft Installer RDS Compatibility is a new feature included with Remote Desktop Services in Windows Server 2008 R2. With Remote Desktop Services in Windows Server 2008 R2, per-user application installations are queued by the Remote Desktop Server and then handled by the Microsoft Installer.
In Windows Server 2008 R2, you can install a program on the Remote Desktop Server just as you would install the program on a local desktop. Ensure, however, that you install the program for all users and install all components of the program locally on the Remote Desktop Server.
Mitigations for MSI based Deployments
Prior to the Windows Server 2008 R2 version of Remote Desktop Services, Windows supported only one Windows Installer installation at a time. For applications that required per-user configurations, such as Microsoft Office Word, an administrator needed to pre-install the application, and application developers needed to test these applications on both the remote desktop client and the Remote Desktop Session Host. Windows Installer RDS Compatibility feature allows identifying and installing missing per-user configurations for multiple users simultaneously and makes the application installation experience on Remote Desktop Server similar to that on a local desktop.
Windows Server 2008 R2 with the Remote Desktop Services role enabled: Not supported. A multiple package installation using the MsiEmbeddedChainer table fails if the Remote Desktop Services role is enabled.
Links to Other Resources
Note
These resources may not be available in some languages and countries/regions.
Windows 7 Terminal Services Multiple Users
Windows 7 / Getting StartedThe Terminal Server role is defined in the same way as all other server roles in theenterprise. Then it involves the basic server staging process, applying your customized kernel to the server. Next, proceed as follows:
- Use the Server Manager console to select Add Roles.
- Select the Terminal Services role.
- Use the values in Table-3 to run through the installation and configuration wizard.
The role is installed. Now you're ready to proceed to the next steps.
CAUTION: The TS Gateway role should be installed on a separate server because it may be in a perimeter network.
Prepare Terminal Server Licensing
Terminal Services requires special CALs for each client that connects to the server. This isbecause each client connecting to Terminal Services in application mode-as opposed toadministrative mode-is actually opening a Windows Server 2008 remote session. Even ifyou have hardware that does not support Windows Vista, you can give users access to all ofits features through remote terminal sessions on WS08 servers. If, on the other hand, you dohave client hardware that supports Windows Vista, you gain a lot of advantages throughTerminal Services. For example, there is no client component to deploy to have TerminalSessions operate on a Windows Vista client because it already includes an updated RemoteDesktop client. This means that you can focus on centralizing applications and the use of asimpler application deployment model.
TABLE-3 Install the Terminal Services RoleTerminal Windows 10
Add Terminal Services Role Wizard Page | Values |
---|---|
Terminal Services | Review the available information, if you need to, and move on to the next page. |
Select Role Services | Several role services are available: Select Terminal Server since you want to share applications. TS Licensing is required if you want to use Terminal Services in Application mode. TS uses separate client access licenses (CALs) for sharingapplications. If you are installing Terminal Services for administrative purposes, then TS Licensing is not required. Note that only a few TSLicensing servers are required in the network for redundancy. Do not install this on each TS server. TS Session Broker is used to provide connection continuity for users roaming from system to system. TS Gateway lets users connect to shared applications over commonInternet ports. This service requires IIS, Network Policy and Access Services, and Windows Process Activation Service. Add required role services. TS Web Access lets users access shared applications through a Web portal. This service requires additional Application Development and Security components for IIS, as well as .NET support in the Windows Process Activation Service. Add required role services. |
Application Compatibility | If applications are already installed on the server, you will need to uninstall and then reinstall them once the TS components are installed so that they can operate in multiuser mode. |
Authentication Methods | Select Require Network Level Authentication. All clients will require the latest edition of the Remote Desktop client in order to use shared applications, but application connections will be more secure. Vista and WS08 systems already have this client. |
Specify Licensing Mode | This lets you determine who needs a CAL, the user or the device. If users roam from system to system, using shared computers to access shared applications, then use Per User. If, however, your users have a principal PC that is assigned to them, then select Per Device. Make sure you select the proper TS CALs when you configure licensing later. |
User Groups | Select the user groups that will be allowed to access these shared applications. If you intend to restrict application access to specific groups-for example, you are setting up a server to run financialapplications and only want the financial group to access them- then select or create the appropriate group. Otherwise-and this is more common-select Domain Users to allow any user in your domain to access these applications. |
Configure Scope for TS Licensing | The scope of the TS licenses can cover either the entire forest or the domain you are in. You will only have a single global child domain; therefore, select This Domain. Note In this case, only administrators will need access to sharedapplications throughout the forest-Server Manager, for example-and since they do not need a license for remote administration, you do not need to apply the licensing scope to the entire forest. |
Server Authentication Certificate | TS Gateway uses the Secure Sockets Layer (SSL) to secure communications between clients and servers. To do so, it requires a PKI certificate. Three choices are available:
|
Create Authorization Policies | Policies are required to allow Internet users to access TS Gateway applications. You can configure them later or configure them now. Select Now. |
Select User Groups | Select the user groups that will be allowed to access shared applications through the gateway. If you intend to restrict application access to specific groups-for example, you are setting up a server to run remote applications and only want a select group of users toaccess them-then select or create the appropriate group. Otherwise, select Domain Users to allow any user in your domain to access these applications through the Internet. |
Create a TS CAP | Connection authorization policies (CAPs) allow users to connect to the server when they meet specific conditions. CAPs can rely only on passwords, providing simple security, or on smart cards, relying on twofactorauthentication. Two items are required, something you have, the card, and something you know, the password, to authenticate. |
Create a TS RAP | Resource authorization policies (RAPs) let you limit the internal resources Internet users can connect to inside your network. Users can connect to any computer or only specific computers. In this case, since you are creating a RAP for Terminal Services, make sure you create a customsecurity group in ADDS that includes the computer accounts of all of the servers that will run the TS role, and assign the RAP to this group. |
Network Policy and Access Services (NPAS) | NPAS servers are used to enforce both CAPs and RAPs. Review the information about this role before moving on. |
NPAS Role Services | For NPAS support of the TS Gateway, only the Network Policy Server is required. Select only this role before you move on. Note Only a few network policy servers are required in the network for redundancy. If this is not the first server you install for this role, then make sure you do not add this role to this server. |
Web Server (IIS) | Review information about this role, if required, before you move on. |
Web Server Role Services | IIS is required for both the TS Gateway and TS Web Access. Accept the default selections and move on. Note Only a few TS Gateways and TS Web Access servers are required for redundancy. Do not assign this role to every TS server in your network. |
Confirm Installation Selections | Review your choices before proceeding. Use the Previous button to make corrections if required. Click Install when ready. |
Installation Progress and Installation Results | Review the installation progress, reboot the server, and then click Finish when the installation is complete. |
CAUTION:
It is important to install the Desktop Experience, activate the Themes service on WS08TS servers, and enable the Windows Vista theme; otherwise, Windows Vista users will be facedwith a Windows 2000-like interface when accessing remote applications in Terminal Servicesmode. This will most certainly lead to confusion (Windows Vista on the desktop and Windows2000 on remote sessions) and increase support calls.
Unlicensed servers will only allow clients to operate for 120 days, after which allsessions will end and the TS server will no longer respond to client requests. In order tolicense servers, you must install a Terminal Services license server. This server must beactivated by Microsoft before it can begin to issue permanent licenses to your organization.Activation is the first step for this role.
- Begin by moving to the Terminal Services node in Server Manager.
- In the details pane, scroll down to the Advanced Tools section.
- Click TS Licensing. This launches the TS Licensing Manager (TSLM). TSLM beginsby scanning the network for TS licensing servers and then displays them once they are found.
- To activate a server, right-click it and select Activate Server.
- This launches the Activation Wizard. Click Next.
- Select the connection method. Automatic Connection is the best. Click Next.
- Enter your personal information and click Next.
- Provide contact information and click Next.
- This will activate the server. Make sure the Start Install Licenses Wizard option is selected, and click Next.
- Review the information and click Next. This locates the Microsoft Activation Server.
- Select the appropriate license program based on the type of licenses you purchased, and click Next.
- Type your license code(s), and click Add. Click Next when done to complete theInstall License Wizard. The wizard then connects to the Microsoft Clearing Houseand installs the license key packs. Click Finish when done, and close the TS License Manager.
Enable Terminal Services Windows 7
Now you're ready to start issuing licenses to TS sessions. This is an area where you willwant to apply Group Policy settings. By default, TS servers issue licenses to any server thatrequests one. By using the License Server Security Group GPO setting-under ComputerConfiguration | Policies | Administrative Templates | Windows Components | TerminalServices | TS Licensing-you can restrict TS sessions to authorized TS servers only. To doso, you will need to place the TS servers you want to grant licenses to in the Terminal ServerComputers group on the TS licensing server. This will ensure that licenses are not wasted bybeing granted to servers running Terminal Services in remote administration mode.