PUBLISHED BY M crosoft Press A D v s on of M crosoft Corporat on One M crosoft Way Redmond, Wash ngton 98052-6399 Copyr ght © 2010 by Chr sta Anderson A r ghts reserved No part of the contents of th s book may be reproduced or transm tted n any form or by any means w thout the wr tten perm ss on of the pub sher L brary of Congress Contro Number 2010934986 Pr nted and bound n the Un ted States of Amer ca M crosoft Press books are ava ab e through bookse ers and d str butors wor dw de For further nfor mat on about nternat ona ed t ons, contact your oca M crosoft Corporat on off ce or contact M crosoft Press Internat ona d rect y at fax (425) 936-7329 V s t our Web s te at www m crosoft com/mspress Send comments to ms nput@m crosoft com M crosoft and the trademarks sted at http //www m crosoft com/about/ ega /en/us/Inte ectua Property/ Trademarks/EN-US aspx are trademarks of the M crosoft group of compan es A other marks are property of the r respect ve owners The examp e compan es, organ zat ons, products, doma n names, e-ma addresses, ogos, peop e, p aces, and events dep cted here n are fict t ous No assoc at on w th any rea company, organ zat on, product, doma n name, e-ma address, ogo, person, p ace, or event s ntended or shou d be nferred Th s book expresses the author’s v ews and op n ons The nformat on conta ned n th s book s prov ded w thout any express, statutory, or mp ed warrant es Ne ther the authors, M crosoft Corporat on, nor ts rese ers, or d str butors w be he d ab e for any damages caused or a eged to be caused e ther d rect y or nd rect y by th s book

  Acquisitions Editor: Mart n De Re Developmental Editor: Karen Sza Project Editor: Va er e Woo ey and Megan Sm th-Creed Editorial Production: Custom Ed tor a Product ons, Inc Technical Reviewer: A ex Jusch n; Techn ca Rev ew serv ces prov ded by Content Master, a member of CM

  Group, Ltd

  Cover: Cover Des gn Tom Draper Des gn; I ustrat on Todd Daman

  Body Part No X17-21601

  

I dedicate this book to my family, who has always been supportive, always pushes me to do

my very best I can do, and always has a “Go team!” waiting when I really need one.

  —C hr sta

I dedicate this book to Elizabeth Nelson Lyda and Michael B. Smith for taking me under your

wing back in the day, and for always believing in me. You were great mentors and are great

friends.

  —K r st n

  Contents at a Glance Acknowledgments xv Introduction xvii

  CHAPTER 1 Introducing Remote Desktop Services

  1 CHAPTER 2 Key Architectural Concepts for Remote Desktop Services

  39 CHAPTER 3 Deploying a Single Remote Desktop Session Host Server 117

  CHAPTER 4 Deploying a Single Remote Desktop Virtualization Host Server 175 CHAPTER 5 Managing User Data in a Remote Desktop Services Deployment 225 CHAPTER 6 Customizing the User Experience 291 CHAPTER 7 Molding and Securing the User Environment 363 CHAPTER 8 Securing Remote Desktop Protocol Connections 401 CHAPTER 9 Multi-Server Deployments 423 CHAPTER 10 Making Remote Desktop Services Available from the Internet 507 CHAPTER 11 Managing Remote Desktop Sessions 589 CHAPTER 12 Licensing Remote Desktop Services 643 Index 677

  Contents

   Where D d RDS Come From? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 C tr x Mu t W n

  2 W ndows NT, Term na Server Ed t on

  2 W ndows 2000 Server

  3 W ndows Server 2003

  3 W ndows Server 2008

  4 W ndows Server 2008 R2 and RDS

  4 The Evo v ng Remote C ent Access Exper ence

  6 What Can You Do w th RDS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 mproved Secur ty for Remote Users

  8 Prov s on ng New Users Rap d y

  9 Enab ng Remote Work

  9 Br ng ng W ndows to PC Unfr end y Env ronments

  10 Bus ness Cont nu ty and D saster Recovery

  11 Support ng Green Comput ng

  11 mproved Command L ne Support

  12 RDS for W ndows Server 2008 R2: New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 The Chang ng Character of RD Sess on Host Usage

  13 New RDS Techno ogy n W ndows Server 2008 R2

  19 RDS Ro es n W ndows Server 2008 R2

  24 How Other Serv ces Support RDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 The C ent Connect on

  33 Host ng VMs

  34 Authent cat ng Servers w th Cert ficates

  34 Enab ng WAN Access and D sp ay ng Remote Resources

  34 Updat ng User and Computer Sett ngs

  35 Funct ona ty for RDS Scr pters and Deve opers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

  What do you think of this book? We want to hear from you! M crosoft s nterested n hear ng your feedback so we can cont nua y mprove our books and earn ng resources for you. To part c pate n a br ef on ne survey, p ease v s t: microsoft.com/learning/booksurvey vii

  

   Know Your App cat on De very System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 RD Sess on Host Servers

  40 RD V rtua zat on Host Servers

  40 Re evant W ndows Server 2008 R2 nterna s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

W ndows Server 2008 R2 s 64 B t On y

  41 How Does an RD Sess on Host Server Do e Out Processor Cyc es?

  43 How Do RD Sess on Host Servers Use Memory More Effic ent y?

  45 How Does D sk Affect App cat on De very?

  56 How Does V rtua zat on Affect Resource Usage?

  59 Determ n ng System Requ rements for RD Sess on Host Servers . . . . . . . . . . . . . . . 66 Des gn ng a L ve Test

  69 Execut ng the Tests

  70 Us ng the RD Load S mu at on Too

  77 An A ternat ve to Fu Test ng: Extrapo at on

  91 Other S z ng Quest ons

  95 Support ng C ent Use Profi es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 C ent Hardware: PC or Th n C ent?

  99 What s the Best L cense Mode ? 100 What App cat ons Can Run on an RD Sess on Host Server?

  101 What Vers on of Remote Desktop Connect on Do Need?

  109 What Ro e Serv ces Do Need to Support My Bus ness?

  114 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

   How RD Sess on Host Servers Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Serv ces Support ng RD Sess on Host 117

  Creat ng and Support ng a Sess on 119 nsta ng an RD Sess on Host Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 nsta ng an RD Sess on Host Server Us ng the Adm n strat ve

  Too s nterface 134 nsta ng an RD Sess on Host Server from the Command L ne

  142 Essent a RD Sess on Host Configurat on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144 A ocat ng Processor T me

  145 Enab ng P ug and P ay Red rect on w th the Desktop Exper ence

  150 Adjust ng Server Sett ngs w th Remote Desktop Configurat on 150 nsta ng App cat ons on an RD Sess on Host Server . . . . . . . . . . . . . . . . . . . . . . . . 164 Wh ch App cat ons W Work?

  165 Stor ng App cat on Spec fic Data 168 Avo d ng Overwr t ng User Profi e Data 170 Popu at ng the Shadow Key

  171 viii Contents

  Contents ix

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

  

  

What s VD ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

How M crosoft VD Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

The Centra Ro e of the RD Connect on Broker 179 D scover ng a VM 181 Broker ng a Connect on 182 Orchestrat ng a VM 184 Connect ng to a VM Poo 185 Connect ng to a D sconnected Sess on 186 Ro ng Back a VM 186 Connect ng to a Persona Desktop 187

nsta ng Support ng Ro es for VD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

nsta ng the RD V rtua zat on Host 190 nsta ng RD V rtua zat on Host Ro e Serv ce v a W ndows PowerShe 192 nsta ng RD Connect on Broker 193

  Configur ng RD Web Access 195 Configur ng the RD Connect on Broker Server 197 Sett ng Up VMs 203 Creat ng Poo s

  209 Ass gn ng Persona Desktops 212 Configur ng Persona and Poo ed VM Propert es 216

  

Us ng RemoteApp for Hyper V for App cat on Compat b ty . . . . . . . . . . . . . . . . . 218

Configur ng RemoteApp on Hyper V 220 Can You Use RemoteApp for Hyper V Without RDS? 222

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

  

Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

  

How Profi es Work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Types of Profi es 227 How Profi es Are Created 228 Profi e Contents Externa to the Reg stry 233 Stor ng Profi es 239

  Prov d ng a Cons stent Env ronment 241

Des gn Gu de nes for User Profi es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Ba ance F ex b ty and Lockdown 243 Use Fo der Red rect on 244 Compartmenta ze When Necessary 244 Prevent Users from Los ng F es on the Desktop 245 Up oad Profi e Reg stry Sett ngs n the Background 246

  Speed Up Logons 246 Dep oy ng Roam ng Profi es w th Remote Desktop Serv ces . . . . . . . . . . . . . . . . . . 248 248

  Creat ng a New Roam ng Profi e 254

  Convert ng an Ex st ng Loca Profi e to a Roam ng Profi e 255

  Custom z ng a Defau t Profi e 257

  Us ng Group Po cy to Manage Roam ng Profi es 267

  Us ng Group Po cy to Define the Roam ng Profi e Share Speed ng Up Logons 268 Centra z ng Persona Data w th Fo der Red rect on 275 Shar ng Persona Fo ders Between Loca and Remote Env ronments 278 Shar ng Fo ders Between W ndows Server 2003 and W ndows Server 2008

  279 R2 Roam ng Profi es

  281

Sett ng Standards w th Mandatory Profi es

  283 Convert ng Ex st ng Roam ng Profi es to Mandatory Profi es

  284 Creat ng a S ng e Mandatory Profi e Creat ng a Safe Read On y Desktop 286

  286 Decrease Logon T mes w th Loca Mandatory Profi es Profi e and Fo der Red rect on Troub eshoot ng T ps . . . . . . . . . . . . . . . . . . . . . . . . . 287

  Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

   How Remot ng Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 293

  What Defines the Remote C ent Exper ence? The Foundat on of RDP: V rtua Channe s and PDUs 296 Bas c Graph cs Remot ng 299 Advanced Graph cs Remot ng 305

  Mov ng the C ent Exper ence to the Remote Sess on . . . . . . . . . . . . . . . . . . . . . . . . 307 Wh ch C ent Dev ces Can You Add to the Remote Sess on? 307 Pros and Cons of Red rect ng Resources 313 Dev ce and F e System Red rect on 314 P ay ng Aud o

  326 How the RDC Vers on Affects the User Exper ence or Doesn t 330 Pr nt ng w th RDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 Pr nt ng to a D rect y Connected Pr nter 335 Pr nt ng v a Red rected Pr nters 337 Pr nt ng from Remote Desktop Serv ces 344 When You Cannot Use RD Easy Pr nt 350 Contro ng Pr nter Red rect on 354 Troub eshoot ng Pr nt ng ssues 358

  Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

   Lock ng Down the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 x Contents

  Restr ct ng Dev ce and Resource Red rect on 365 Prevent ng Users from Reconfigur ng the Server 367 Prevent ng Access to the Reg stry 368 C os ng Back Doors on RD Sess on Host Servers 369 Contro ng L brar es 375

Prevent ng Users from Runn ng Unwanted App cat ons . . . . . . . . . . . . . . . . . . . . . 376

Us ng Software Restr ct on Po c es 378 Us ng AppLocker 381

  

Creat ng a Read On y Start Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

Keep ng the RD Sess on Host Server Ava ab e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

A ow ng or Deny ng Access to the RD Sess on Host Server 393 L m t ng the Number of RD Sess on Host Server Connect ons 393 Sett ng Sess on T me L m ts 394

Tak ng Remote Contro of User Sess ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

  

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

   Key Concepts for Mu t Server Dep oyments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 RD Sess on Host Farms 424 RemoteApp nterna s 424 Server S de Components 426 C ent S de Components 427 RemoteApp Programs and Mu t p e Mon tors 428

Creat ng and Dep oy ng a Farm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Contents xi

  xii Contents D str but ng n t a Farm Connect ons 432 Connect on Broker ng n a Farm Scenar o 433 RDS Farm Connect on Broker ng n Act on 434 Dep oy ng RD Sess on Host Farms 439 Perm t RD Sess on Host Servers to Jo n RD Connect on Broker 440 Jo n RD Sess on Host Servers to a Farm 447

  Pub sh ng and Ass gn ng App cat ons Us ng RemoteApp Manager . . . . . . . . . . . 454 Add ng App cat ons to the A ow L st 455 Configur ng G oba RemoteApp Dep oyment Sett ngs

  457 Ed t ng RemoteApp Propert es 464 Ma nta n ng A ow L st Cons stency Across the Farm 469 Configur ng T meouts for RemoteApp Sess ons

  471 S gn ng A ready Created RDP F es 472 Sett ng S gnature Po c es 474

  D str but ng RemoteApp Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 D str but ng RDP F es 475 D str but ng MS F es 476 De ver ng RemoteApp Programs and VMs Through RD Web Access . . . . . . . . . . 478 RD Web Access Sources 478 nsta ng the RD Web Access Ro e Serv ce 481 Configur ng RD Web Access

  482 Custom z ng RD Web Access 488 Troub eshoot ng RD Web Access Perm ss ons 496 Us ng the RD Web Access Webs te 497 Us ng RemoteApp And Desktop Connect ons 502

  Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506

  How RD Gateway Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 Understand ng RD Gateway Author zat on Po c es 509 RD Gateway Requ rements 510 nsta ng RD Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 nsta ng RD Gateway Us ng W ndows PowerShe 515 Creat ng and Ma nta n ng RD Gateway Author zat on Po c es 515

  Creat ng an RD CAP 516 Creat ng an RD RAP 519 Mod fy ng an Ex st ng Author zat on Po cy 521 Configur ng RD Gateway Opt ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Tun ng RD Gateway Propert es 522 Us ng RD Gateway Computer Groups to Enab e Access to a Server Farm 530 Bypass ng RD Gateway for nterna Connect ons 533 Us ng Group Po cy to Contro RD Gateway Authent cat on Sett ngs 533 Mon tor ng and Manag ng Act ve RD Gateway Connect ons 534

  Contents xiii Creat ng a Redundant RD Gateway Configurat on . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 Us ng NLB to Load Ba ance RD Gateway Servers 537

  Prevent ng Sp t SSL Connect ons on RD Gateway 542 Ma nta n ng dent ca Sett ngs Across an RD Gateway Farm 543 Us ng NAP w th RD Gateway 554 Troub eshoot ng Dec ned Connect ons 573

  P ac ng RD Web Access and RD Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576 RD Web Access for Externa Access 576 RD Gateway ns de the Pr vate Network 578 RD Gateway n the Per meter Network 579 RD Gateway n the nterna Network and Br dged 581 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586

  Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586

  ntroduc ng RD Sess on Host Management Too s . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590 The Remote Desktop Serv ces Manager 591 Command L ne Too s 595 Connect ng Remote y to Servers for Adm n strat ve Purposes 598 Manag ng RD Sess on Host Servers from W ndows 7 599 Organ z ng Servers and VMs n the Remote Desktop Serv ces Manager . . . . . . . . 600

  Mon tor ng and Term nat ng Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602 Mon tor ng App cat on Use 603 Term nat ng App cat ons 604 Mon tor ng and End ng User Sess ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 Sw tch ng Between Sess ons 606 C os ng Orphaned Sess ons 608

  Prov d ng He p w th Remote Contro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610 Enab ng Remote Contro v a Group Po cy 612 Enab ng Remote Contro v a RD Sess on Host Configurat on 614 Shadow ng a User Sess on 615 Troub eshoot ng Sess on Shadow ng 617 Prepar ng for Server Ma ntenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 D sab ng New Logons 619 Send ng Messages to Users 621 Shutt ng Down and Restart ng RD Sess on Host Servers 624 App y ng RDS Management Too s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631 D fferent at ng RemoteApp Sess ons from Fu Desktop Sess ons 631 Aud t ng App cat on Usage 633 Aud t ng User Logons 639 C os ng Unrespons ve App cat ons 640

  Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641 Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642

Chapter 12 Licensing Remote Desktop Services 643 The RDS L cens ng Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644 RDS L cens ng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644 VD L cens ng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646 L cense Track ng and Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648 How RD L cense Servers Ass gn RDS CALs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648 Sett ng Up the RDS L cens ng nfrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651

  nsta ng RD L cense Server 652

  

RD L cense Server Connect on Methods

653

  Act vat ng the L cense Server 653

  Background: How RDS CALs Are T ed to an RD L cense Server 657

  Add ng L cense Servers to AD DS 660 nsta ng RDS CALs

  660 Configur ng RD Sess on Host Servers to Use RD L cense Servers 662 Configur ng RD L cense Servers to A ow Commun cat on From RD Sess on Host Servers

  663 M grat ng RDS CALs from One L cense Server to Another . . . . . . . . . . . . . . . . . . . . 663 Rebu d ng the RD L cense Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665 Back ng Up an RD L cense Server and Creat ng Redundancy . . . . . . . . . . . . . . . . . . 665 Manag ng and Report ng L cense Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667

  Revok ng RDS CALs 670

  Restr ct ng Access to RDS CALs 671

  Prevent ng L cense Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673 Us ng the L cens ng D agnos s Too . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675 Add t ona Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675

  What do you think of this book? We want to hear from you! M crosoft s nterested n hear ng your feedback so we can cont nua y mprove our books and earn ng resources for you. To part c pate n a br ef on ne survey, p ease v s t: microsoft.com/learning/booksurvey xiv Contents

  Acknowledgments

  h s book sn’t the work of just two peop e We owe many thanks to the com- b ned efforts of a ot of peop e at M crosoft, our terr fic set of ed tors, and the

  T

  greater commun ty (A th s sa d, any errors n th s book are the so e respons b ty of the authors ) One of the best th ngs about work ng at M crosoft s that a ot of very smart (and very he pfu ) peop e work there, and we are gratefu for the ns ghts of these peop e

  Throughout th s book, you’ find D rect from the Source s debars contr buted by members of the product team We a so extend our heartfe t thanks to the members of the product team who sat down w th us to exp a n the finer deta s of how someth ng worked From the Remote Desktop V rtua zat on (RDV) team, we’d ke to thank N raj Agarwa a, James Baker, Ara Bernard , Tad Brockway, V kash Bucha, Yuvraj Budhraja, Hammad Butt, Rommy Channe, Mun ndra Das, S v a Doomra, Sam m Erdogan, Rajesh Ganta, Cost n Hag u, A Henr quez, Trav s Howe, O ga Ivanova, Gop kr shna Kannan, Sergey Kuz n, Rob Le tman, Raghu L ngampa y, Meher Ma akapa , Benjam n Me ster, Ranjana Rath nam, Rajesh Rav ndranath, Ray Reskus ch, Sr ram Sampath, Bhaskar Swarna, and Janan Venkateswaran Even peop e from other teams got nvo ved Many thanks to Ky e Beck, Jeff Heatton, M chae K eef, T mothy Newton, Mark Russ nov ch, Tom Sh nder, Makarand Patwardhan, Bohdan Ve ushchak, Pau Vo osen, and Jon Wojan for your nva uab e ass stance We’d a so ke to thank Chr sta’s manager, Ashw n Pa ekar, for h s support dur ng th s project

  RDS expert se sn’t m ted to peop e at M crosoft, e ther Remote Desktop Serv ces MVPs as we as MVPs and experts from other d sc p nes a so p tched n to contr bute D rect from the F e d s debars and exp a n the ntr cac es of re ated techno og es Many thanks go to Jan que Carbone, Br an Eh ert, Ross Harvey, He ge K e n, Russ Kaufmann, Shay Levy, Br an Madden, Patr ck Rouse, Greg Sh e ds, M chae Sm th, and M tch Tu och

  The great team at M crosoft Press had a huge hand n turn ng th s project from an dea nto the book you ho d n your hands We’d ke to thank Mart n De Re at M crosoft Press for ask ng us to wr te the first ed t on of the book n the first p ace, Megan Sm th-Creed at Custom Ed tor a Product ons, Inc , for great ed t ng and project management on th s ed t on, and A ex Jusch n for tech ed t ng the book The rest of the ed tor a team at Custom Ed tor a Product ons, Inc , d d a terr fic job of copyed t ng and proofing th s text Thank you a !

  F na y, we’d ke to thank our fr ends and fam es for the r support dur ng th s b g project We cou dn’t have done t w thout you We prom se to ta k about someth ng e se now

  xv

  Introduction

  e come to the Windows Server 2008 R2 Remote Desktop Services Resource

  Kit

  ! Th s s a deta ed techn ca resource for p ann ng, dep oy ng, and run-

  W

  n ng M crosoft Remote Desktop Serv ces (RDS) Because some features of RDS are brand new, th s book s va uab e both for those comp ete y new to RDS and those who have used Term na Serv ces ( ts former name) n prev ous vers ons of M crosoft W ndows

  W th n th s resource k t, you’ find n-depth nformat on about the mprove- ments n RDS ntroduced n W ndows Server 2008 R2 Th s book comb nes under- y ng arch tectura concepts w th pract ca hands-on nstruct ons that a ow you to set up a work ng RDS ecosystem, understand why t’s work ng, and g ve you some gu dance about how to fix t when t’s not You’ a so find deta ed nformat on and task-based gu dance on manag ng a aspects of RDS, nc ud ng dep oy ng RD Sess on Host servers, ntegrat ng RDS ro e serv ces w th other key parts of the W ndows Server 2008 R2 operat ng system, and extend ng the reach of RDS to outs de the corporate network F na y, the compan on med a nc udes add t ona too s and documentat on that you can use to manage and troub eshoot RDS ro e serv ces A though we ment on some th rd-party too s n the course of th s book, th s book s fundamenta y about runn ng RDS us ng on y the too s found n the operat ng system You can do what we’ve done here us ng only W ndows Server 2008 R2 Nor do we get nto extens ve d scuss on of any of the th rd-party too s that many peop e use w th nat ve Remote Desktop Serv ces For examp e, many peop e w th h gh-comp ex ty RDS dep oyments use management software from C tr x or Quest or other RDS partners, but we don’t d scuss t here because t’s not nc uded w th the operat ng system

ON THE COMPANION MEDIA

   See the team partner page at http://www.microsoft.com/windowsserver2008/en/us/rds-partners.aspx for a list of companies that make products complementing or expanding on Remote Desktop Services in Windows Server 2008 R2. What’s New in Remote Desktop Services in Windows Server 2008 R2?

  Remote Desktop Serv ces n W ndows Server 2008 R2 took a ot of the mprove- ments added n W ndows Server 2008 and added the features peop e had asked for Want nat ve support for VDI? It’s added to RD Connect on Broker Want

  xvii fewer ogons, secur ty fi ter ng, s mp fied d scovery of ava ab e app cat ons and v rtua mach nes (VMs)? It’s n the new vers on of RD Web Access Want to address prob ems d scovered v a Network Access Po c es (NAP), not just shut peop e out of the network? It’s n the new ed t on of RD Gateway Want mproved app cat on compat b ty? See RD Sess on Host for IP address v rtua zat on and dynam c fa r share schedu ng that proact ve y prevents one sess on from tak ng a the proces- sor cyc es Want to stop nsta ng pr nter dr vers on both sess ons and VMs? Easy Pr nt now works for both v rtua zat on opt ons

  For those who went stra ght to W ndows Server 2008 R2 from W ndows Server 2003, et’s take a ook at what the new features add to the former mode of a term na server and a cense server

  Simplified Application Delivery and Display

  Term na Serv ces n W ndows Server 2003 presented a remote app cat ons from a desktop, comp ete y separat ng the d sp ay of oca and remote app cat ons RemoteApp programs ( ntroduced n W ndows Server 2008) aunch from a server, but ntegrate w th the oca desktop so they ook ke they’re runn ng oca y

  Not on y do the app cat ons ntegrate better w th the oca desktop, they’re eas er to find and d str bute, thus mak ng t eas er to support a arger and more comp ex dep oyment One of the ssues n enab ng remote access s how to get the most comp ete and up-to-date set of remote resources to your user base Th s s espec a y true when you’re prov d ng access to nd v dua app cat ons, not to a fu desktop Us ng RDS Web Access, you can present nks to nd v dua app ca- t ons or to ent re desktops and know that these nks w a ways be up to date In W ndows Server 2008 R2, RD Web Access can present RemoteApp programs from more than one farm as we as VMs It a so, however, supports secur ty fi ter ng so that you can manage an aggregated source for a remote resources but on y d sp ay to peop e the ones they shou d use

  Improved Farm Support

  The Sess on D rectory serv ce n W ndows Server 2003 offered the beg nn ng of farm support, but was on y ava ab e for Enterpr se SKUs and d dn’t nc ude any oad ba anc ng— t just kept track of where connect ons had gone In W ndows

  Server 2008 R2, RD Connect on Broker s ava ab e on the Standard SKU, supports oad ba anc ng, and can broker connect ons to both sess ons and VMs

  xviii ntroduct on

  Secure Internet Access One of the key benefits of Remote Desktop Serv ces s ts ab ty to support mob e workers We had a great (and extreme y t nerant) tech ed tor, RDS MVP A ex Jusch n, for th s ed t on of the book He’s got a great descr pt on of how he used Remote Desktop Serv ces wh e comp et ng h s part

  In your book you can mention that I have been reviewing your book all over the world using the RDP protocol to connect to my home in Dublin via 3G or WiFi . I’ve worked while on a smelly Kebap Bus in Poland, in a freezing hotel in Latvia, while being driven in a high-end coach in Estonia, on the ferry to England, in a pub in Ireland, on a train going down the coast from Belfast, while tasting wine in France, sitting in a nice Brasserie on the island of Jersey, eating Belgian chocolate in Brussels, on a plane to Germany, on a bench with a beautiful view in Zurich, in a café near the Berlin Wall, in a prison in Finland (ok, hotel, but it used to be a prison), and on the highest point of Germany (Zugspitze).

  In W ndows Server 2003, Term na Serv ces d dn’t support secure Internet ac- cess except across v rtua pr vate networks In W ndows Server 2008 R2, Remote Desktop Serv ces supports connect v ty over Secure Sockets Layer (SSL) v a RD Gateway RD Gateway a ows you to set up d fferent ru es for oca and remote access and does not requ re any c ent-s de setup Introduced n W ndows Server 2008, n R2, RD Gateway now enforces dev ce and resource red rect on dec s ons made at the gateway and supports NAP remed at on Simpler and Broader Device Redirection RDS assumes that a ot of peop e w be work ng from computers w th oca re- sources, and that those peop e won’t want to be cut off from the r resources when they’re work ng n the r sess on or VM It a so assumes that the server adm n s- trators don’t want to spend more t me than necessary mak ng these resources ava ab e A though pr nter red rect on, as t’s been known n ear er vers ons of Term na Serv ces, st works as t d d, Easy Pr nt, ntroduced n W ndows Server 2008, he ps s mp fy pr nter red rect on Rather than requ r ng adm n strators to nsta pr nter dr vers on the server, Easy Pr nt a ows red rected pr nters to use the dr vers a - ready nsta ed on the c ent computer In W ndows 2008 R2, RD Easy Pr nt works w th even more pr nter types and works from both sess ons and VMs ntroduct on xix

  Part of the r ch remote work exper ence s us ng oca dev ces Support for oca dev ces has been expanded through the P ug and P ay Dev ce Red rect on Framework, ntroduced n W ndows Server 2008

  Simplified License Management

  Per-user cens ng was ntroduced n W ndows Server 2003 but d dn’t nc ude any track ng, so you cou dn’t eas y te f you were n comp ance W ndows Server 2008 R2 a ows you to track Per-User RDS CAL usage Add t ona y, the L cens ng D agnost cs feature can he p you reso ve cens ng ssues W ndows 2008 R2 RD L cense servers can now m grate censes from one server to another w thout the he p of the M crosoft C ear nghouse Th s can be done even f a cense server s out of comm ss on

  Th s s on y a part a st of new features—Chapter 1, “Introduc ng Remote Desktop Serv ces,” descr bes the Remote Desktop Serv ces features n W ndows Server 2008 R2, and the rest of the book exp a ns how to use them But these are some of the h gh ghts that show how the ro e has expanded n management and user exper ence

ON THE COMPANION MEDIA

   The authors will post data that is rel- evant to the Windows Server 2008 R2 Remote Desktop Services Resource Kit on the book’s blog, located at http://blog.kristinlgriffin.com/. You can find this link on the companion media.

  How This Book Is Structured

  Our goa n wr t ng th s book s to he p you set up a work ng Remote Desktop Serv ces farm, as we as VDI poo ed and persona VMs us ng a the p eces n the operat ng system, wh e understand ng the greater context of the c rcumstances under wh ch Remote Desktop Serv ces s usefu , how t works, and how W ndows Server 2008 R2 compares to prev ous vers ons Th s book has twe ve chapters _■

  Chapter 1, “Introduc ng Remote Desktop Serv ces,” exp a ns where RDS came from and how t has evo ved as a p atform, what new features are ava ab e n th s atest terat on, and what you can accomp sh w th th s new _■ vers on of the product It a so exp a ns how other serv ces support RDS

  Chapter 2, “Key Arch tectura Concepts for Remote Desktop Serv ces,” d ves nto RDS nterna s and re evant W ndows Server 2008 R2 nterna s It a so shows you how to determ ne the hardware and software you w need to support th s product n your env ronment

  xx ntroduct on

  ■

  Chapter 3, “Dep oy ng a S ng e Remote Desktop Sess on Host Server,” shows you how RD Sess on Host servers work, and how to nsta and con- _■ figure th s ro e serv ce

  Chapter 4, “Dep oy ng a S ng e Remote Desktop V rtua zat on Host Server,” exp a ns what VDI s, how M crosoft VDI works, and how to nsta and con- _■ figure a RD V rtua zat on Host and the support ng ro es

  Chapter 5, “Manag ng User Data n a Remote Desktop Serv ces Dep oy- ment,” d scusses the d fferent types of profi es that work w th RDS and how _■ to dep oy and troub eshoot user profi e so ut ons and fo der red rect on

  Chapter 6, “Custom z ng the User Exper ence,” d scusses how remot ng works, promot ng good c ent exper ence n the remote sess on, and how _■ to pr nt from RDS sess ons

  Chapter 7, “Mo d ng and Secur ng the User Env ronment,” exp a ns why you shou d ock down the RDS env ronment and how you shou d do t, and descr bes how to prov de remote ass stance to users from w th n the user _■ sess on

  Chapter 8, “Secur ng Remote Desktop Protoco Connect ons,” d scusses RDP encrypt on, server and c ent authent cat on, and how to configure _■ secur ty sett ngs on the RD Sess on Host server Chapter 9, “Mu t -Server Dep oyments,” ntroduces key concepts for mu t - server dep oyments, shows how to create RD Sess on Host farms, and ex- p a ns how to pub sh app cat ons and d sp ay resources through RD Web _■ Access

  Chapter 10, “Mak ng Remote Desktop Serv ces Ava ab e from the Internet,” shows you how to nsta and configure RD Gateway to prov de access to RemoteApps, desktop sess ons, and poo ed and persona VMs to users _■ ocated outs de the corporate network

  Chapter 11, “Manag ng Remote Desktop Sess ons,” shows you how to mon tor and term nate processes and users sess ons runn ng on an RD Sess on Host server, how to prov de he p w th remote contro , and how to _■ dra n RD Sess on Host servers for ma ntenance

  Chapter 12, “L cens ng Remote Desktop Serv ces,” d scusses the new RDS cens ng parad gm, nc ud ng both RDS and VDI cens ng Th s chapter ex- p a ns how censes are tracked and enforced; how RD L cense server ass gn RDS CALs; how to nsta , configure, and ma nta n RDS L cense servers; how to d agnose cens ng ssues w th the L cens ng D agnos s too ; and how to m grate censes from one server to another

  ntroduct on xxi

  xxii ntroduct on Document Conventions

  The fo ow ng convent ons are used n th s book to h gh ght spec a features or usage

  Reader Aids

  The fo ow ng reader a ds are used throughout th s book to po nt out usefu deta s

READER AID MEANING

  Caut on Warns you that fa ure to take or avo d a spec fied act on can cause ser ous prob ems for users, systems, data nteg- r ty, and so on

  Note Underscores the mportance of a spec fic concept or h gh ghts a spec a case that m ght not app y to every s tuat on

  On the Compan on Med a

  Ca s attent on to a re ated scr pt, too , temp ate, job a d, or URL on the compan on CD that he ps you perform a task descr bed n the text

  Sidebars

  The fo ow ng s debars are used throughout th s book to prov de added ns ght, t ps, and adv ce concern ng d fferent Remote Desktop Serv ces features

  NOTE Sidebars are provided by individuals in the industry as examples for informational purposes only and may not represent the views of their employers. No warranties, express, implied, or statutory, are made as to the information provided in sidebars. SIDEBAR MEANING

  D rect from the Source Contr buted by experts from the product group who pro- v de “from-the-source” ns ght nto how Remote Desktop Serv ces works, best pract ces, and troub eshoot ng t ps

  D rect from the F e d Contr buted by experts externa to the product group who have rea -wor d exper ence work ng w th Remote Desktop Serv ces Some experts are M crosoft fie d eng - neers; others are M crosoft MVPs or other experts

  How It Works Prov des un que g mpses of Remote Desktop Serv ces features and how they work

  Command-Line Examples

  The fo ow ng sty e convent ons are used n document ng command- ne examp es throughout th s book

  STYLE MEANING Bold font

  Used to nd cate user nput (characters that you type exact y as shown)

  Italic font Used to nd cate var ab es for wh ch you need to sup-

  p y a spec fic va ue (for examp e, file name can refer to any va d fi e name)

  Monospace font

  Used for code samp es and command- ne output %Var ab eName% Used for env ronment var ab es

  Companion Media

  In add t on to the book tse f, you a so get a CD that conta ns some great too s and other resources System requ rements for runn ng the CD are at the back of th s book The CD nc udes the fo ow ng resources

  Links

  The compan on med a nc udes many nks to URLs that ead to more nformat on about Remote Desktop Serv ces-re ated top cs, Remote Desktop Serv ces resources, partner web s tes, and more Some of the URLs are referenced throughout the book and some are not

  Management Scripts

  On the compan on med a, you w find a co ect on of scr pts ustrat ng ways to work w th Remote Desktop Serv ces us ng W ndows PowerShe and VBScr pt We’ve a so nc uded st ngs n re evant ocat ons n the book so that you can bet- ter understand how these scr pts support the funct ona ty you’re ook ng for A - though these scr pts are ntended as samp es nstead of fin shed products, they do usefu work such as a ow ng you to eas y determ ne the shadow ng perm ss ons on a server or prov d ng app cat on-usage meter ng not prov ded n the GUI

  Find Additional Content Online As new or updated mater a becomes ava -

  ab e that comp ements your book, t w be posted on ne The type of mater a you m ght find nc udes updates to book content, art c es, nks to compan on content, errata, samp e chapters, and more Th s webs te s ava ab e at

  http://go.microsoft.com/fwlink/?LinkId=203980 and s updated per od ca y ntroduct on xxiii

  Support for This Book

  Every effort has been made to ensure the accuracy of th s book As correct ons or changes are co ected, they w be added the O’Re y Med a webs te To find M crosoft Press book and med a correct ons 1.

  Go to http://microsoftpress.oreilly.com 2. In the Search box, type the ISBN for the book, and c ck Search 3. Se ect the book from the search resu ts, wh ch w take you to the book’s cata og page

4. On the book’s cata og page, under the p cture of the book cover, c ck

  V ew/Subm t Errata If you have quest ons regard ng the book or the compan on content that are not answered by v s t ng the book’s cata og page, p ease send them to M crosoft

  Press by send ng an ema message to mspinput@microsoft.com

  We Want to Hear from You

  We we come your feedback about th s book P ease share your comments and deas v a the fo ow ng short survey

  http://www.microsoft.com/learning/booksurvey

  Your part c pat on w he p M crosoft Press create books that better meet your needs and your standards

  NOTE We hope that you will give us detailed feedback via our survey. If you have questions about our publishing program, upcoming titles, or Microsoft Press in general, we encourage you to interact with us via Twitter at http://twitter.com/MicrosoftPress. For support issues, use only the email address shown above. xxiv ntroduct on

  C H A P T E R 1 Introducing Remote _■ Desktop Services _■ Where D d RDS Come From? 2 _■ What Can You Do w th RDS? 7 _■ RDS for W ndows Server 2008 R2: New Features 12 _■ How Other Serv ces Support RDS 32 Funct ona ty for RDS Scr pters and Deve opers 35

  ou m ght be read ng th s book for any of a number of reasons Perhaps you’re an o d hand at M crosoft Term na Server and are nterested n see ng what Remote Desk-

  Y