Section 7.4: Administering Terminal Services

The Terminal Server allows the administrator to remotely monitor servers, sessions, users, and processes, and supports the centralized deployment of applications, disk management, and device access. It also allows the administrator to manage the applications available to users, logon privileges, and security. This can be accomplished using the various system administrative tools provided by Terminal Services. These tools include:

• The Remote Desktops snap-in, which allows you to host multiple Terminal Services connections in an easily navigable tree. It is also useful for managing many Windows 2003 or Windows 2000 servers. By right-clicking Remote Desktops, you can identify the additional servers by selecting Add New


• Terminal Services Manager, which available from Administrative Tools. It is the primary utility for managing existing Terminal Services sessions and can be used to view and administer users, active sessions, and processes on a single or multiple terminal servers anywhere on the network.

• Terminal Services Configuration tool, which can be used to create new RDP-TCP connections, or listener connections, and configure the ones that currently exist. These RDP-TCP connections must be configured and exist on the server for clients to successfully establish Terminal Services sessions to that server. RDP-TCP connections can be configured for RDP only over TCP/IP, and only one RDP-TCP connection can be configured for each network interface card in the Terminal Services computer. By default, the RDP-TCP connection is created that is bound to all the network interface cards in the server. If the server has more than one network interface card, you can use the Terminal Services Configuration to configure the default RDP-TCP connection to only be associated with one network interface card, and create new RDP-TCP connections for each of the other network interface cards. You must be a member of the Administrators group, or be delegated the authority, in order to create new RDP-TCP connections. The Terminal Services Configuration tool can also be used to configure connections for ICA (Citrix) clients using IPX, SPX, Asynchronous, NetBIOS, or TCP.

• The Server Settings node in Terminal Services Configuration, which controls a number of server-wide settings that affect all sessions running on the server. In an Active Directory environment, these settings can also be configured using Group Policy. If configured in both Group Policy and within Terminal Services Configuration, the Group Policy settings will take precedence.

• The Directory Users And Computers Snap-in or the Local Users And Groups Snap-in, depending on the environment, can be used to establish Terminal Services settings for individual users.

• The Task Manager also monitors and administers Terminal Services. Once Terminal Services is installed, additional fields are added to the Task Manager.

• Group Policies, which you can use to control Terminal Services users. There are over 900, of which approximately 50 group policy settings in Windows Server 2003 that are relate specifically to Terminal Services components. When the same setting is configured in both Group Policy and one of the Terminal Services utilities or clients, the setting specified in Group Policy will take preference.

• The Terminal Services Command-Line tools that both administrators and end users can use to manage connections. These command-line tools can be used in scripts to automate Terminal Services tasks. A basic set of commands are listed in Table 7.1.

Table 7.1: Basic Terminal Services Command-Line Commands

Command Description
change logon Temporarily disables logons to a terminal server
change port Used to change COM port mappings for MS-DOS program compatibility
change user Changes the .ini file mapping for the current user
Cprofile Removes user-specific file associations from a user profile
Flattemp Enables or disables flat temporary directories
Logoff Logs off a user from a session and deletes the session from the server
Msg Sends a message to a user or group of users
Mstsc Displays the Remote Desktop Connection to establish a connection with a terminal server
query process Displays information about processes running on a terminal server
query session Displays information about sessions on a terminal server
query termserver Displays a list of all terminal servers on the network
query user Displays information about user sessions on a terminal server
Register Registers applications to execute in a global context on the system
reset session Resets a session to known initial values
Shadow Monitors another user's session
Tscon Connects to another existing terminal server session
Tsdiscon Disconnects a client from a terminal server session
Tskill Ends a process
Tsprof Copies user configuration and changes profile path
Tsshutdn Shuts down a terminal server