Managing Windows Server 2012 (part 12) - Using Remote Desktop - Remote Desktop essentials, Configuring Remote Desktop

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

8. Using Remote Desktop

Remote support is an important part of administration. Although Server Manager and related MMCs allow you to perform remote management, sometimes you might prefer to connect and work with remote systems as if you were logged on locally, and Remote Desktop allows you to do this.

8.1 Remote Desktop essentials

Using Remote Desktop, you can use a local area network (LAN), wide area network (WAN), or Internet connection to manage computers remotely with the Windows graphical interface. Because all the application processing is performed on the remote system, only the data from devices such as the display, keyboard, and mouse are transmitted over the network.

Remote Desktop is part of Remote Desktop Services. Microsoft has separated Remote Desktop Services into two operating modes:

  • Remote Desktop mode

  • Remote Desktop Server mode

You enable and configure Remote Desktop using the System utility in Control Panel. You set up a Remote Desktop Server by installing and configuring the appropriate role services for the Remote Desktop Services role.

To be operational, the Remote Desktop and Remote Desktop Server modes both depend on the Remote Desktop Services service being installed and running on the server. By default, the Remote Desktop Services service is installed and configured to run automatically. Both features use the same client, Remote Desktop Connection (RDC), for connecting to remote systems.


Remote Desktop isn’t designed for application serving. Most productivity applications such as Microsoft Office Word, Outlook, and Excel require specific environment settings that are not available through this feature. If you want to work with these types of applications (rather than server applications), you should install and use the Remote Desktop Services role.

No Remote Desktop Client Access License (RD CAL) is required to use Remote Desktop. Windows Server 2012 allows two active administration sessions:

  • One administrator can be logged on locally, and another administrator can be logged on remotely.

  • Or two administrators can be logged on remotely.

Most remote sessions run in admin mode. The reason for this is that the admin session provides full functionality for administration. Standard Remote Desktop Services connections are created as virtual sessions.

Why is this important? Using admin mode, you can interact with the server just as if you were sitting at the keyboard. This means all notification area messages directed to the console are visible remotely. For security, only two sessions are allowed. If a third administrator tries to log on, the administrator will be prompted to end an existing session so that she can log on.

Although it is recommended that administrators use admin sessions, you can use virtual sessions—hey, that’s what they’re there for. When working with a virtual session, you can perform most administration tasks, and your key limitation is in your ability to interact with the console session itself. This means users logged on using a virtual session do not see console messages or notifications, cannot install some programs, and cannot perform tasks that require console access.

You’ll want to formalize a general policy on how Remote Desktop should be used in your organization. You don’t want multiple administrators trying to perform administration tasks on a system because this could cause serious problems. For example, if two administrators are both working with Disk Management, this could cause serious problems with the volumes on the remote system. Because of this, you’ll want to coordinate administration tasks with other administrators.

8.2 Configuring Remote Desktop

The two components of Remote Desktop you need to support and configure are Remote Desktop Services for the server portion and the Remote Desktop Connection (RDC) for the client portion.

Enabling Remote Desktop on servers

Enabling the Remote Desktop mode on all servers on your network is recommended, especially for servers in remote sites that have no local administrators. To view the current status of Remote Desktop on the server, select Local Server in Server Manager and then check the enabled or disabled status for the Remote Desktop entry. Just because Remote Desktop is enabled, doesn’t mean the feature is fully configured. With that in mind, tap or click the Enabled or Disabled link for the Remote Desktop entry. This opens the System Properties dialog box to the Remote tab, as shown in Figure 11.

Enabling Remote Desktop.
Figure 11. Enabling Remote Desktop.

You have two configuration options for enabling Remote Desktop. You can do either of the following:

  • Select Allow Remote Connections To This Computer, which allows connections from any version of Windows.

  • Select Allow Remote Connections To This Computer and also select the Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication check box to allow connections only from Windows Vista or later, as well as other computers with secure network authentication.

Keep the following details about using Remote Desktop in mind:

  • All remote connections must be established using accounts that have passwords. If a local account on the system doesn’t have a password, you can’t use the account to connect to the system remotely.

  • If the computer is running Windows Firewall, the operating system automatically creates an exception that allows Remote Desktop Protocol (RDP) connections to be established. The default port used is TCP port 3389. The registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber controls the actual setting.

  • If you are running a different firewall on the computer, you must open a port on the firewall to allow incoming Remote Desktop Protocol (RDP) connections to be established. Again, the default port used is TCP port 3389.

Authentication certificate validation

Prior to establishing an RDP connection, your computer will validate the remote computer’s identify by default. If the remote computer’s authentication certificate is invalid or has expired, you will not be allowed to connect and will see a warning prompt stating the following: “The authentication certificate received from the remote computer has expired or is not valid.” Because a date/time disparity between the two computers can make it appear that the authentication certificate is invalid, you should check the current date and time on both computers. If you don’t want your computer to authenticate the remote computer’s identity, you can disable this feature by setting the Server Authentication option to Connect And Don’t Warn Me. To set the Server Authentication option, tap or click Options to display the additional configuration tabs, tap or click the Advanced tab, and then use the selection list on the Server Authentication panel to set the option as desired.

Permitting and restricting remote logon

By default, all members of the Administrators group can log on remotely. The Remote Desktop User group has been added to Active Directory to ease managing Remote Desktop Services users. Members of this group are allowed to log on remotely.

If you want to add a member to this group, select Local Server in Server Manager and then tap or click the Enabled or Disabled link for the Remote Desktop entry. This opens the System Properties dialog box to the Remote tab. On the Remote tab, tap or click Select Users. As shown in Figure 12, any current members of the Remote Desktop Users group are listed in the Remote Desktop Users dialog box. To add users or groups to the list, tap or click Add. This opens the Select Users Or Groups dialog box.

Configuring Remote Desktop users.
Figure 12. Configuring Remote Desktop users.

In the Select Users Or Groups dialog box, type the name of a user in the selected or default domain, and then tap or click Check Names. If multiple matches are found, select the name or names you want to use and then tap or click OK. If no matches are found, you either entered an incorrect name part or you’re working with an incorrect location. Modify the name and try again, or tap or click Locations to select a new location. To add additional users or groups, type a semicolon (;) and then repeat this process. When you tap or click OK, the users and groups are added to the list in the Remote Desktop Users dialog box.

In Group Policy, members of the Administrators and Remote Desktop Users groups have the user right Allow Log On Through Remote Desktop Services by default. If you modified Group Policy, you might need to double-check to ensure that this user right is still granted to these groups. Typically, you will want to do this through local policy on a per-machine basis. You can also do this through site, domain, and organizational policy. Access the appropriate Group Policy Object and select Computer Configuration, Windows Settings, Security Settings, Local Policies, and User Rights Assignments. Double-tap or double-click Allow Log On Through Remote Desktop Services to see a list of users and groups currently granted this right.

Restrict remote logon through Group Policy

If you want to restrict users or groups from remotely administering a server, access the appropriate Group Policy Object and expand Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments. Double-tap or double-click Deny Log On Through Remote Desktop Services. In the policy Properties dialog box, select Define These Policy Settings and then tap or click Add User Or Group. In the Add User Or Group dialog box, tap or click Browse. This displays the Select Users, Computers, Or Groups dialog box. Type the name of the user or group for which you want to deny logon through Remote Desktop Services, and then tap or click OK. You can also change the default permissions for groups in the Remote Desktop Services Configuration tool. For instance, you could remove Administrators from having Full Control of the Remote Desktop Services objects.

Configuring Remote Desktop through Group Policy

Remote Desktop is part of Remote Desktop Services, and you can use Group Policy to configure Remote Desktop Services. Microsoft recommends using Group Policy as the first choice when you are when configuring Remote Desktop Services for use with Remote Desktop. The precedence hierarchy for Remote Desktop Services configuration is as follows:

  • Computer-level Group Policy

  • User-level Group Policy

  • Local computer policy using the Remote Desktop Services Configuration tool

  • User policy on the Local User And Group level

  • Local client settings

You can configure local policy on individual computers or on an organizational unit (OU) in a domain. You can use Group Policy to configure Remote Desktop Services settings per connection, per user, per computer, or for groups of computers in an OU of a domain. The Group Policy settings for Remote Desktop Services are modified using the Group Policy Object Editor and are located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services and in User Configuration\Administrative Templates\Windows Components\Remote Desktop Services.

Create a separate OU for Remote Desktop Services
Typically, Remote Desktop is used throughout an organization, but Remote Desktop Services servers are isolated to a particular group of servers operating in a separate OU. So, if you plan to use Remote Desktop Services servers as well in the organization, you should consider creating a separate OU for the Remote Desktop Services servers. In this way, you can manage Remote Desktop Services servers separately from Remote Desktop.
Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us