Windows Server 2003 is still a standard server, even with Terminal Services activated in application server mode. However, some characteristics do distinguish it from a standard installation, especially in terms of services, drivers, devices, modules, and environment variables. All these components can be monitored via Control Panel and can be modified, if necessary.
On Windows Server 2003, background processes that run even when no users are logged on are known as Windows services. On other systems, they are often called daemons. These services can run within the context of a certain user and therefore, the corresponding security guidelines apply. Several services are included in Windows Server 2003 and many of them must be activated for the system to operate properly. The services manager controls these services. Only administrators have full access to this function, either through the services icon on the control panel, computer administration, or through command line interface.
Many of the basic services are executed within the context of the Services.exe program. This program is directly linked to the services manager. Other services have their own executable file but can directly depend on the existence of other services. Some services can be bundled in a service host. This has the advantage that separately managed services are not interrupted if one service malfunctions. Only a service makes Windows Server 2003 a “real” server.
A terminal server has two special Windows services that are used for multiple- user operation.
Terminal Services Allows multiple users to create interactive connections, display the desktop, and see applications on remote clients. This service is the basis for remote desktops, remote support, and terminal servers.
Terminal Services Session Directory Forwards a connection request to a terminal server in a load-sharing system. If this service is stopped, all connection requests are directed to the first available server.
Additionally, the following service is necessary on at least one computer involved in this interaction:
Licensing logging Monitors and logs the client access-licensing process for some parts of the operating system (such as Internet Information Services, terminal server, and file/print server) and for products that are not part of the operating system, such as Microsoft SQL Server and Microsoft Exchange Server. If this service is interrupted, licensing is forced but not monitored.
Right after its start, the Terminal Services Windows service waits for a connection request from a suitable client. Together with the Virtual Memory Manager, it assigns each user session generated during a client connection a unique identification number (session ID).
When a terminal server is rebooted, the session ID numbers start at zero and increment from there. As the console session is always first, its session ID is 0. If no other users log on to the system interactively, the terminal server initially behaves like a “normal” Windows server, even though it has been optimized for multiple- user operation.
Terminal Services is also loaded on a server not running in application server mode. This is done because besides managing the console session, Terminal Services enables administrative access to the server, that is, using the remote desktop. This explains why Terminal Services is launched when the console session is initialized, even though its auto start type is set to Manual. It is not easy for the administrator to interrupt it and deactivation of this service is strongly discouraged.
A driver is a program used by certain devices—such as modems, network adapters, and printers—to communicate with Windows Server 2003. Even if a device is installed on the system, Windows Server 2003 can use it only after the corresponding driver has been installed and configured. If a device appears in the Hardware Compatibility List (HCL), Windows Server 2003 usually has the appropriate driver. On start-up of the computer, the device drivers (for all activated devices) are loaded automatically and run invisibly in the background.
Terminal Services clients also have devices, such as the keyboard, mouse, and monitor, that must communicate with the server. Because they are not physically located on the server, they are called virtual devices. These devices are managed via a corresponding terminal device driver.
In concept, the terminal device driver converts command sequences to and from the virtual device into network calls, thus enabling communication with the physical device on the client. This is comparable to the redirector of the file system under Windows Server 2003 when accessing files on the network.
Device redirection for the terminal server is therefore also displayed in the device manager for computer administration.
Some devices display in computer administration only when the option Show Hidden Devices is selected under the View menu.
Figure 1-13: Device Manager for system devices.
The device manager is an administrative program that enables you to manage the devices in a computer. It allows you to display and modify device characteristics, update device drivers, configure device settings, and remove devices.
If you select the device redirector properties in the device manager, the provider, the date, the version, and the digital signer of the corresponding driver are displayed.
The driver details of device redirection display the path and the name of the corresponding file. The file version is of interest for verifying possible modifications. Under Windows Server 2003, however, system file protection (SFP) should prevent any such modifications.
All currently loaded kernel drivers can also be displayed through the driverquery command in the command line.
Windows Server 2003 defines various environment variables that are available to each user and his or her applications during run time. In particular, these variables are used for global administration of both logical name allocations and directories. The user may also define additional environment variables.
An environment variable is referenced by its logical name surrounded by percent (%) signs. For instance, the computer’s name can be referenced by the %ComputerName% variable. Upper and lower case rules are of no importance here. Environment variables are often used on terminal servers to perform an evaluation during logon scripts to adapt a terminal server session when a user logs on.
These are the most important environment variables for a terminal server:
%AllUsersProfile% Was introduced under Windows 2000; includes the path to the generally valid “All users” profile.
%AppData% Another recently introduced environment variable; includes the user-specific path to the application data.
%ClientName% Name of the client; the user works interactively on the terminal server via this variable.
%ComputerName%: Name of the computer onto which the user is logged on interactively.
%HomeDrive% Drive letter of a user’s individual home directory.
%HomePath% The complete path to the user’s individual home directory.
%LogonServer% The server responsible for the user’s authentication.
%OS% ID of the operating system (“Windows_NT” under Windows NT, Windows 2000, and Windows Server 2003).
%SessionName% Name of the user session on the terminal server.
%SystemDrive% Drive letter of the folder containing the operating system.
%SystemRoot% The directory containing the operating system.
%Temp% and %Tmp% Path to the user-specific temporary folder.
%UserDNSDomain% DNS name of the domain where the user account is located.
%UserDomain% The domain where the user account is located.
%UserName% Name of the current user.
%UserProfile% Complete path to the profile of the current user.
%WinDir% Path for access to .ini files.
Some environment variables can be modified via the System tool in the Control Panel. The Set command without additional parameters permits the output of all environment variables at the prompt.
In the following chapters, the environment variables are used to name specific folders, such as the SystemRoot folder.