Windows 2000 Server products included the Terminal Services system, which was primarily designed to allow remote users to connect to a central server and work, requiring less highly powered desktops and centralizing administration to a smaller number of central servers.
Terminal Services could also be configured to work in remote administration mode so that administrators could remotely connect to and manage a server, just as if they were logged in locally.
The remote administration mode of Terminal Services has been removed. Instead, all Windows Server 2003 computers?whether they have specifically had terminal services enabled or not?support the capability to provide a remote desktop essentially through the terminal services technology. This is based on the same technology that provides remote desktop connections in Windows XP.
TERMINAL SERVICES AND REMOTE DESKTOP
Although Remote Desktop uses the Terminal Services service, it doesn't require the Terminal Services component, and the Terminal Services component enables remote clients to connect to a server and execute applications.
The Remote Desktop system is administered through the System control panel, shown in Figure 4.12. To enable remote administration, click Allow Users to Connect Remotely to This Computer within the Remote Desktop section of the control panel.
You can restrict remote desktop connections to specific users by clicking the Select Remote Users button. The Administrator (and members of the Administrators group) always has access to the machine remotely once Remote Desktop has been enabled, but other users do not. Because we're enabling it specifically for remote administration of IIS, allowing other users to access it is not a good idea.
To connect to a server with Remote Desktop enabled, use the Remote Desktop Connection application within the Accessories, Communication section of the Start menu. This is installed by default on Windows Server 2003 and Windows XP machines, or you can install the RDC Client from the Windows Server 2003 CD or download it from Microsoft. Just as if logging in locally, you will need to provide a login and password and, if necessary, an alternative domain.
Once connected, the interface and environment will seem disturbingly familiar. In fact, you can see in Figure 4.13 that aside from the addition of the RDC status bar, the environment is exactly the same.
Within an RDC connection, you can do anything that you can do when working on the console?albeit often at a reduced speed. The interface, tools, and everything else is the same?and unlike the IIS Manager remote administration and Web Administration systems you can change the other, non-IIS related configurations too.
Although Remote Desktop Connection is supported over Internet and by a variety of clients (including Mac OS/Mac OS X, all Windows versions, and even the PocketPC/Windows Mobile platform), there are times when you only have access to the Web.
As we've seen, the Web administration interface is extensive but isn't able to do everything. Using the Remote Desktop Connection system, we can connect to the server through a Web connection and still gain full access to the remote desktop.
To enable this functionality, it must have been installed within the IIS system. You can check or enable this service using the Add/Remove Programs control panel and the Add/Remove Windows Components applet.
Expand Application Server, Internet Information Services, World Wide Web Service and check the Remote Desktop Web Connection. You might be asked for your CD as Windows updates the components.
Once the system has been installed, open a Web browser on any machine and type in a URL of the form http://myservername/tsweb, where myservername is the name of the machine on which you installed the Remote Desktop Web Connection component. You should get a window similar to the one shown in Figure 4.14.
One of the interesting things about the Remote Desktop Web Connection is that once it's installed on one machine, it provides you with access to any machine running RDC?the Web site is merely a jump point for loading the ActiveX control that provides support for RDC. This means that you can install it on a gateway server and still access the rest of your network, without installing RDWC on every machine.
You can also choose, through the Web interface, the size of the desktop you want to open to the remote server. Normally this information is sent automatically from the client. If you opt to send login information, it uses the credentials that apply with your current Web connection, using integrated Windows authentication if your client is able to supply the information.
Again, once connected, everything is just the same as with the standard RDC client or directly on the console.
It catches quite a few folk out, so be aware that the Web-based RDC client doesn't operate over port 80. Instead, it works over the standard RDC port (default is 3389). Only the ActiveX component loaded from the Web interface is actually sourced over port 80. This is important because if you have a firewall at your location that filters out everything but port 80 traffic, your RDC system isn't going to work. If you want to open up port 3389 on your firewall, remember to specify source and destination IP addresses or at least ranges if you can.