Team LiB
Previous Section Next Section

Terminal Services Clients

Now that we have addressed Terminal Services, the RDP protocol, and different client types in the last few sections, we can move on to the details of RDP clients for Microsoft operating systems. Only these clients allow remote work on the terminal server and are therefore an essential part of the overall system. The basic precondition for networking clients is the integration of monitor, mouse, and keyboard, as well as the support of the RDP protocol.

In principle, the potential target platforms for Terminal Services clients can be divided into the following categories:

Terminal Services clients initiate the connection to a terminal server via TCP port 3389. A waiting RDP thread receives the connection request and starts a user session. The user session is taken over by another RDP thread that handles interaction between client and server. The waiting RDP threads then continue listening for new connection requests on the network.

Two standard clients exist for this type of access to Windows Server 2003 Terminal Services: the Remote desktop connection and the remote desktop MMC Snap-in. Both use the Mstscax.dll terminal server client ActiveX control element and will be described in detail in the following section.

Remote Desktop Connection

The remote desktop connection is the default RDP client installed on every terminal server. It is stored under Start\All Programs\Accessories\Communications.

Click To expand
Figure 3-9: Remote desktop connection start window.

The remote desktop connection allows input of data required to connect to a terminal server. You can enter the computer name and other optional values as parameters.

Note 

The remote desktop connection replaces the Windows 2000 Terminal Services client and Client Connection Manager.

Installation

On another 32-bit Windows version (for example, Windows XP or Windows 2000 Professional), you can install the remote desktop connection from a source folder on Windows Server 2003. This folder is located at %SystemRoot%\system32\clients\tsclient\win32 and contains all files required for the installation. If need be, this folder can be released, that is, it can be accessed over the network. The installation itself is very easy and is supported by a wizard.

Click To expand
Figure 3-10: Initializing the remote desktop connection installation wizard.

After the welcome screen is displayed, you are asked to accept the license agreement and enter the user name and company. Then you decide if the remote desktop connection should be installed for the current user or for all system users. After you enter that information, the installation takes a few minutes to finish. The necessary files are saved to the local hard drive and the start menu is updated. The ActiveX control Mstscax.dll terminal server client is integrated into the system.

Tip 

You will find information on using Mstscax.dll for developing your own applications in the Platform SDK documentation.

When you are done, the remote desktop connection is operable and its application icon can be found under Start\All Programs\Accessories\Communications.

Connecting

With the help of the remote desktop connection, it is quite easy to launch a user session on a terminal server. All you need is network access and the required access permission. To connect, you can select the computer name and other logon settings on the advanced screen that appears when you click the Options button. In this mode, the remote desktop connection user interface displays five tabs. With these tabs, you can choose several settings in different categories.

The first tab is the General tab, which is an expansion of the initial user interface that you see when you connect. It allows you to set basic logon settings:

  • Computer Enter a computer name or select one from a list of identified terminal servers.

  • User name A user’s logon name.

  • Password Optional input of the password, which is used with the user name to log on, if accepted by the terminal server.

  • Domain Name of the domain or the local computer that is responsible for authenticating the user.

If desired, the password can be encrypted and saved in the user’s profile so that it can be used for the next logon. However, this might cause system security problems.

The General tab also allows you to save and open connection settings in files. The corresponding format is described in detail below.


Figure 3-11: The remote desktop connection General tab.

You select Display options in another tab. You can predefine the remote desktop size, which ranges between 640 x 480 and 1600 x 1280 pixels. The highest setting depends on the maximum resolution of the local graphics card. Alternatively, you can select the full-screen mode that covers the entire client screen and completely hides the local desktop.

You also use this tab to select the number of colors used. The range lies between 256 colors and full-color mode (24 bit). As with desktop size, the number of colors depends on the settings of the local graphics card. However, these settings can be overridden by other settings on the terminal server because the server configuration takes precedence.

At the bottom of the tab, you will find the option for displaying the connection toolbar in full-screen mode. The connection toolbar contains window control elements, such as minimize or maximize. These control elements greatly simplify reactivating the local desktop because it is fully covered by the remote desktop in this mode. If you deactivate this option, the toolbar is displayed for five seconds after logon and then disappears.


Figure 3-12: Display settings.

The third tab deals with Local Resources, that is, audio data streams, keyboard, and other local devices. For audio data streams (sounds), you can select options for playing sounds on the remote computer, on the client, or not at all. In a terminal server environment, only the last two options are reasonable, because sound output on the server is either impossible or undesirable.

For the Windows keyboard shortcuts, you select the option of using them locally or remotely and whether you want them in full-screen mode. This is the only way to clearly allocate the keyboard shortcuts to the predefined target devices. Sessions within the remote desktop connection are controlled using the following keyboard shortcuts. They differ from the local desktop shortcuts to avoid colliding with the client system.

Table 3.3: Predefined Keyboard Shortcuts of the Remote Desktop Connection for Frequent User Actions

Keyboard Shortcuts

Description

Alt + Page up

Toggles programs from left to right as displayed in the list in the dialog window

Alt + Page down

Toggles programs from right to left as displayed in the list in the dialog window

Alt + Insert

Cycles through all programs in the sequence in which the programs were started

Alt + Home

Displays the start menu on the client desktop

Ctrl + Alt + Pause

Toggles between window and full-screen client mode

Ctrl + Alt + End

Opens the security settings Windows panel

Alt + Delete

Displays the Windows menu

Ctrl + Alt + Minus (-)

Saves an image of the active client session window on the terminal server clipboard. Produces the same behavior as the Alt + Print shortcut on a local computer. However, you must use the minus key on the numeric keypad.

Ctrl + Alt + Plus (+)

Saves an image of the entire client session window on the terminal server clipboard. Produces the same behavior as the Print shortcut on a local computer. However, you must use the plus key on the numeric keypad.

In addition to audio output and shortcuts, the third tab defines the automatic connection to local drives, printers, and serial ports. All this helps to integrate the local resources with the remote user session. The user thus gains intuitive access to the client devices even though the user is active only within the terminal server session.

Note 

The smart card reader option appears in this tab if the client has a smart card reader. This reader can be used in the terminal server session.


Figure 3-13: Local resources configuration.

If you enter two character strings in the fourth tab, called Programs, you can configure an exclusive program that starts automatically when you log on. The string in Program path and file name specifies the desired program, and the string in Start in the following folder defines the default directory assigned to the program.

When you log on, the normal desktop is not displayed; instead, you’ll see the program in full-screen mode within a remote desktop connection window. This lays the foundation for an environment that runs only one application.

Note 

This configuration will not take effect if the settings on the terminal server differ. The terminal server configuration always overrides client settings.


Figure 3-14: Start options configuration of a selected program.

By using the last tab, Experience, you optimize transmission performance. The higher the available network bandwidth, the more graphical functions can be used. The optional properties are listed in descending order by requirements. Managing a desktop background (wallpaper) requires the most network bandwidth, whereas a slow connection will still support themes. Caching should always be enabled because it significantly reduces the data rate without degrading performance. However, this is valid only if the client’s memory resources are fast and large enough. Otherwise, caching can have a negative impact on system performance.

The last option in this tab allows you to determine whether the connection will be reestablished if it was ended. Selecting this option ensures continuous communication, even if the lines are unstable.


Figure 3-15: Configuring performance parameters.

Within its graphical user interface, the remote desktop connection offers access to all essential settings that you need to configure and optimize communication with terminal servers. However, you have to use the command line to get to a number of expanded options.

Mstsc Command-Line Options

Instead of invoking the remote desktop connection via the Start menu, you can also use the command line to do just that by calling up Mstsc.exe and several arguments. In this way, you can reuse connection options saved in RDP files.

The Mstsc.exe command syntax:

Mstsc File /v:Server[Port] /console /f /w:Width /h:Height /edit /migrate
Table 3.4: Arguments and Parameters of the Mstsc Program

Argument

Description

File

Specifies the RDP file name for connecting

/v:Server[Port]

Specifies the DNS name or IP address of the server to which you want to connect. You can enter the desired port here.

/console

Connects to the console session of the terminal server

/f

Starts the client in full-screen mode

/w:Width

Specifies the width of the remote desktop in pixels

/h:Height

Specifies the height of the remote desktop in pixels

/edit

Opens the RDP files specified for editing

/migrate

Transfers the configuration files generated under Windows 2000 using the Windows Connection Manager to the new RDP file

You can connect to the terminal server’s console session only by using the command-line option. A referenced RDP file, however, offers more flexibility.

Using an RDP File

By using the remote desktop connection General tab, you have the option of saving the configuration settings selected for connecting to a terminal server. The settings are saved in Unicode text files with the extension .rdp. You can use them either in the graphical user interface or with the command-line option of the remote desktop connection.

RDP files are therefore well-suited for defining default configurations to access terminal servers or individual applications on terminal servers. What other information lurks in RDP files? Here is a closer look at a sample RDP file:

Listing 3-1: Contents of a Sample RDP file
Start example
screen mode id:i:2
desktopwidth:i:1024
desktopheight:i:768
session bpp:i:16
winposstr:s:0,1,0,0,800,600
full address:s:TRITON-SRV1
compression:i:1
keyboardhook:i:2
audiomode:i:0
redirectdrives:i:1
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
displayconnectionbar:i:1
autoreconnection enabled:i:1
username:s:test
domain:s:TRITON-SRV1
alternate shell:s:C:\Windows\system32\notepad.exe
shell working directory:s:C:\Documents and Settings\tritsch\My Documents
disable wallpaper:i:1
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
End example

Most lines correspond to settings that can be defined via the graphical user interface. Nevertheless, some of these options need to be explained in detail. The following table provides a detailed description of all lines in the RDP file.

Table 3.5: The Most Important Lines of an RDP File

Option

Description

screen mode id:i:

Integer that determines whether the remote desktop is started with a set resolution or in full-screen mode.
1: Set resolution
2: Full-screen mode

Desktopwidth:i:

Integer that specifies the width of the remote desktop. Values other than 640, 800, or 1024 are possible.

Desktopheight:i:

Integer that specifies the width of the remote desktop. Values other than 480, 600, or 768 are possible.

session bpp:i:

Integer that specifies the color depth in bits. Possible values: 8, 15, 16, and 24.

winposstr:s:

Character string containing position and size of the client window on the remote desktop. Values three and four of the character string determine the position of the top left corner of the window on the client desktop, five and six the position of the bottom right corner. Example of a valid value: winposstr:s:0,1,100,100,920,750.

full address:s:

Character string that contains the DNS name or IP address of the target server.

compression:i:

Integer that specifies the client’s compression standard.

keyboardhook:i:

Integer that specifies where the Windows keyboard shortcuts are used.
0: Use on local computer
1: Use on remote computer
2: Use only in full-screen mode

audiomode:i:

Integer that handles sound events on the remote computer.
0: Play on this computer
1: Do not play at all
2: Play on remote computer

redirectdrives:i:
redirectprinters:i:
redirectcomports:i:
redirectsmartcards:i:

Integers that specify if local drives, printers, serial ports, or smart cards automatically establish a connection to the user session on the remote computer.
0: No
1: Yes

displayconnectionbar:i:

Integer that specifies whether the connection toolbar is displayed in full-screen mode.
0: No
1: Yes

autoreconnection enabled:i:

Integer that specifies whether the connection is automatically reestablished if ended.
0: No
1: Yes

username:s:

Character string containing the user name.

domain:s:

Character string containing the domain or server name that is responsible for user authentication.

alternate shell:s:

Character string containing path and name of a program that is started on connection.

shell working directory:s:

Character string containing the working directory for the program that is started on connection.

disable wallpaper:i:
disable full window drag:i:
disable menu anims:i:
disable themes:i:
disable cursor setting:i:

Integers that specify how many options for optimizing network performance are disabled. This affects desktop background, display of the window content when dragging, menu and window animation, themes, and bitmap caching.
0: Allow option
1: Disable option

bitmapcachepersistenable:i:

Integer that specifies if the cached bitmaps persist on the local hard drive. This would make them available for the next session.
0: No
1: Yes

auto connect:i:

Automatic user logon.
0: No (password is not saved)
1: Yes (password is saved)

connect to console:i:

Integer that specifies whether you open a console or a user session. This line is not automatically generated when you save the remote desktop connection parameters. Therefore, you need to insert it manually, if necessary.
0: User session (default)
1: Console session

Tip 

The default values of a remote desktop connection are also saved in an RDP file. This file is called Default.rdp and is a hidden file in the Documents and Settings\<User Name >\My Documents folder. When distributed in the standard profile to users’ desktops, this type of file opens up new possibilities for accessing applications over terminal servers.

Remote Desktop MMC Snap-In

The Remote Desktop Snap-in in the Microsoft Management Console allows management of connections to terminal servers. In combination with Terminal Services, it also administers the connections to other forms of Windows Server 2003. The snap-in is ideal for administrators who need to maintain simultaneous connections to multiple servers.

Important 

The Remote Desktop Snap-in is not an RDP client for normal users, but a tool for administrators. For this reason, the default setting of the Remote Desktop Snap-in always establishes a connection to the console of the target server. Additionally, most tasks from the Remote Desktop Snap-in can be executed only if you are logged on as the administrator. Nonetheless, networkwide guidelines might prohibit certain tasks.

To use Remote Desktop Snap-in for the first time, start the Microsoft Management Console (Mmc.exe). A dialog box is displayed, allowing you to add stand- alone Snap-ins via File\Add\Remove Snap-in. Select Remote Desktop from the list of available snap-ins and add it to the console.

Click To expand
Figure 3-16: Adding the Remote Desktop Snap-in to the Microsoft Management Console.

On terminal servers, this type of predefined console can be found under Start\All Programs\Administrative Tools\Remote Desktop.

When you start the Remote Desktop Snap-in for the first time, you need to generate connection configurations to the servers desired. On the left side of the console panel, select Remote Desktop with the right mouse key. In the resulting context menu, select the first list item, Add New Connection. In the dialog box, enter the desired server name or IP address, a connection name, and—optionally—logon information, password, and domain.

Click To expand
Figure 3-17: The Remote Desktop Snap-in with one connection configured and a new connection being added.

The default setting for initial configuration creates a connection to the console of the server desired. This is particularly helpful for administrative tasks, but only authorized users may access the server. It is not a multiple-user option, and is used exclusively for remote administration. Only if the appropriate option is disabled can multiple Remote Desktop Snap-in users access the same server.

Note 

The Remote Desktop Snap-in allows you to enter your user information for automatic logon to the terminal server. After entering the password in the connection dialog, the password is encrypted and saved in the MSC file. The encrypted password is protected and can be modified only with the logon data of the user who entered it in the connection dialog. If you do not enter the password in the connection dialog, the default Windows logon dialog appears when the session starts and prompts you to enter the password manually. In this way, the password is not saved on the local computer.

After setting up the connections desired, you can access one or more selected servers by choosing the corresponding connection name from the Remote Desktop list. If this does not work right away, you can reinitiate the connection using the context menu of the connection name (that is, the server) at a later point in time.

Click To expand
Figure 3-18: Existing connection to a server in the Remote Desktop Snap-in. The desktop size depends on the dimensions of the Result Pane on the right.

Other important options in the context menu of a selected server include ending an existing connection and displaying the connection properties. The latter, in particular, provides options beyond those in the initial setup of a connection.

Note 

Unfortunately, some other helpful options have not (yet) found their way into the tool. For instance, there is neither an option to disconnect a session in the context menu of a server nor the ability to log off. Established connections cannot be sorted by name or grouped. This is especially troublesome if you want to manage a large number of servers with the Remote Desktop Snap-in.

When you open the properties of a preconfigured connection, a dialog box with three tabs is displayed. The options under the General tab relate to the same parameters as for setting up a new connection: server name, connection name, and logon information.

Click To expand
Figure 3-19: Later adjustment of general properties in Remote Desktop Snap-in.

On the Screen Options tab, you can choose to display the desktop as the MMC Result Pane is displayed, in a standard size (640 x 480, 800 x 600, or 1024 x 768), or you can opt for a custom size. However, the new settings will not take effect until the next connection. Similarly, changing the MMC pane size does not modify the size of the desktop if the corresponding connection was initiated with MMC Result Pane option selected.

Click To expand
Figure 3-20: Adapting the screen options under Remote Desktop Snap-in.

On the Other tab, you configure a program to automatically start on logon, along with its default directory. When a user logs on, the selected program completely fills the desktop. Ending the program also ends the user session.

Another option on this tab allows you redirect local client drives to the user session on the remote server. You cannot redirect printers or serial ports or control network bandwidth and encryption options.

Click To expand
Figure 3-21: The Properties tab under Remote Desktop Snap-in.

Connection Options

The connection configurations between terminal server and RDP clients are not static or identical for all scenarios. Instead, they must be able to adapt to dynamic user behavior and to the varying standards of an administrator. Many parameters control and configure such connections. These parameters can be set in different places.

We already learned about two of them: the Terminal Services configuration on the terminal server and the RDP client remote desktop connection and the Remote Desktop MMC Snap-in on the client. It is probably easiest for a system administrator to treat all user settings for a certain connection type of Terminal Services configuration in the same way. In some cases, however, it might be necessary to allow special settings through user entries on the client.

In principle, it is possible to set certain options either on the server only or the client only. This is a lot less problematic than configurations that can be set on both sides. Which one is relevant? The basic rule is that terminal server settings prevail over differing settings on the RDP client. In other words, the terminal server administrator is stronger than the end user.

To get a feeling for the capabilities of each, compare the connection options of the Terminal Services configuration, the Remote Desktop connection, and the Remote Desktop MMC Snap-in in the following table.

Table 3.6: Comparison of Configuration Options for Terminal Servers and RDP Clients

Option

Terminal Services Configuration

Remote Desktop Connection

Remote Desktop MMC Snap-in

Configure the LAN adapters used

Yes

No

No

Counter for maximum connections per LAN adapter

Yes

No

No

Select level of encryption

Yes

Preset

Preset

Automatic logon

Yes

Yes

Yes

Always request password

Yes

No

No

Connection timeouts

Yes

No

No

Timeout for ended connections

Yes

No

No

Timeout for idle time

Yes

No

No

Handle interrupted connections

Yes

No

No

Start an initial program

Yes

Yes

Yes

Redirect local drives

Yes (non-binding)

Yes

Yes

Redirect local printers

Yes (non-binding)

Yes

No

Redirect local serial ports

Yes (non-binding)

Yes

No

Redirect local clipboard

Yes

No

No

Redirect local audio streams

Yes

No

No

Preset/select desktop size

No

Yes

Yes

Preset/select color depth

Yes

Yes

No

Connect to the console

No

Depends

Yes

Automatic reconnections

No

Yes

No

Control network bandwidth

Yes

Yes

No

Control full screen options

No

Yes

No

Logs

Yes

No

No


Team LiB
Previous Section Next Section