Now that we have addressed Terminal Services, the RDP protocol, and different client types in the last few sections, we can move on to the details of RDP clients for Microsoft operating systems. Only these clients allow remote work on the terminal server and are therefore an essential part of the overall system. The basic precondition for networking clients is the integration of monitor, mouse, and keyboard, as well as the support of the RDP protocol.
In principle, the potential target platforms for Terminal Services clients can be divided into the following categories:
Windows-based terminals under Windows CE
Apple Macintosh computers under Mac OS X
Personal computers under Windows 95, Windows 98, Windows NT, Windows 2000, and Windows XP
Note? |
The name Terminal Services client refers only to RDP clients offered by Microsoft. This section deals exclusively with the Terminal Services clients for the 32-bit variants of Microsoft Windows. Windows-based terminals or Macintosh platforms will not be addressed in any depth here. |
Terminal Services clients initiate the connection to a terminal server via TCP port 3389. A waiting RDP thread receives the connection request and starts a user session. The user session is taken over by another RDP thread that handles interaction between client and server. The waiting RDP threads then continue listening for new connection requests on the network.
Two standard clients exist for this type of access to Windows Server 2003 Terminal Services: the Remote desktop connection and the remote desktop MMC Snap-in. Both use the Mstscax.dll terminal server client ActiveX control element and will be described in detail in the following section.
The remote desktop connection is the default RDP client installed on every terminal server. It is stored under Start\All Programs\Accessories\Communications.
The remote desktop connection allows input of data required to connect to a terminal server. You can enter the computer name and other optional values as parameters.
Note? |
The remote desktop connection replaces the Windows 2000 Terminal Services client and Client Connection Manager. |
On another 32-bit Windows version (for example, Windows XP or Windows 2000 Professional), you can install the remote desktop connection from a source folder on Windows Server 2003. This folder is located at %SystemRoot%\system32\clients\tsclient\win32 and contains all files required for the installation. If need be, this folder can be released, that is, it can be accessed over the network. The installation itself is very easy and is supported by a wizard.
After the welcome screen is displayed, you are asked to accept the license agreement and enter the user name and company. Then you decide if the remote desktop connection should be installed for the current user or for all system users. After you enter that information, the installation takes a few minutes to finish. The necessary files are saved to the local hard drive and the start menu is updated. The ActiveX control Mstscax.dll terminal server client is integrated into the system.
Tip? |
You will find information on using Mstscax.dll for developing your own applications in the Platform SDK documentation. |
When you are done, the remote desktop connection is operable and its application icon can be found under Start\All Programs\Accessories\Communications.
With the help of the remote desktop connection, it is quite easy to launch a user session on a terminal server. All you need is network access and the required access permission. To connect, you can select the computer name and other logon settings on the advanced screen that appears when you click the Options button. In this mode, the remote desktop connection user interface displays five tabs. With these tabs, you can choose several settings in different categories.
The first tab is the General tab, which is an expansion of the initial user interface that you see when you connect. It allows you to set basic logon settings:
Computer Enter a computer name or select one from a list of identified terminal servers.
User name A user’s logon name.
Password Optional input of the password, which is used with the user name to log on, if accepted by the terminal server.
Domain Name of the domain or the local computer that is responsible for authenticating the user.
If desired, the password can be encrypted and saved in the user’s profile so that it can be used for the next logon. However, this might cause system security problems.
The General tab also allows you to save and open connection settings in files. The corresponding format is described in detail below.
You select Display options in another tab. You can predefine the remote desktop size, which ranges between 640 x 480 and 1600 x 1280 pixels. The highest setting depends on the maximum resolution of the local graphics card. Alternatively, you can select the full-screen mode that covers the entire client screen and completely hides the local desktop.
You also use this tab to select the number of colors used. The range lies between 256 colors and full-color mode (24 bit). As with desktop size, the number of colors depends on the settings of the local graphics card. However, these settings can be overridden by other settings on the terminal server because the server configuration takes precedence.
At the bottom of the tab, you will find the option for displaying the connection toolbar in full-screen mode. The connection toolbar contains window control elements, such as minimize or maximize. These control elements greatly simplify reactivating the local desktop because it is fully covered by the remote desktop in this mode. If you deactivate this option, the toolbar is displayed for five seconds after logon and then disappears.
The third tab deals with Local Resources, that is, audio data streams, keyboard, and other local devices. For audio data streams (sounds), you can select options for playing sounds on the remote computer, on the client, or not at all. In a terminal server environment, only the last two options are reasonable, because sound output on the server is either impossible or undesirable.
For the Windows keyboard shortcuts, you select the option of using them locally or remotely and whether you want them in full-screen mode. This is the only way to clearly allocate the keyboard shortcuts to the predefined target devices. Sessions within the remote desktop connection are controlled using the following keyboard shortcuts. They differ from the local desktop shortcuts to avoid colliding with the client system.
Keyboard Shortcuts |
Description |
---|---|
Alt + Page up |
Toggles programs from left to right as displayed in the list in the dialog window |
Alt + Page down |
Toggles programs from right to left as displayed in the list in the dialog window |
Alt + Insert |
Cycles through all programs in the sequence in which the programs were started |
Alt + Home |
Displays the start menu on the client desktop |
Ctrl + Alt + Pause |
Toggles between window and full-screen client mode |
Ctrl + Alt + End |
Opens the security settings Windows panel |
Alt + Delete |
Displays the Windows menu |
Ctrl + Alt + Minus (-) |
Saves an image of the active client session window on the terminal server clipboard. Produces the same behavior as the Alt + Print shortcut on a local computer. However, you must use the minus key on the numeric keypad. |
Ctrl + Alt + Plus (+) |
Saves an image of the entire client session window on the terminal server clipboard. Produces the same behavior as the Print shortcut on a local computer. However, you must use the plus key on the numeric keypad. |
In addition to audio output and shortcuts, the third tab defines the automatic connection to local drives, printers, and serial ports. All this helps to integrate the local resources with the remote user session. The user thus gains intuitive access to the client devices even though the user is active only within the terminal server session.
Note? |
The smart card reader option appears in this tab if the client has a smart card reader. This reader can be used in the terminal server session. Figure 3-13: Local resources configuration. |
If you enter two character strings in the fourth tab, called Programs, you can configure an exclusive program that starts automatically when you log on. The string in Program path and file name specifies the desired program, and the string in Start in the following folder defines the default directory assigned to the program.
When you log on, the normal desktop is not displayed; instead, you’ll see the program in full-screen mode within a remote desktop connection window. This lays the foundation for an environment that runs only one application.
Note? |
This configuration will not take effect if the settings on the terminal server differ. The terminal server configuration always overrides client settings. Figure 3-14: Start options configuration of a selected program. |
By using the last tab, Experience, you optimize transmission performance. The higher the available network bandwidth, the more graphical functions can be used. The optional properties are listed in descending order by requirements. Managing a desktop background (wallpaper) requires the most network bandwidth, whereas a slow connection will still support themes. Caching should always be enabled because it significantly reduces the data rate without degrading performance. However, this is valid only if the client’s memory resources are fast and large enough. Otherwise, caching can have a negative impact on system performance.
The last option in this tab allows you to determine whether the connection will be reestablished if it was ended. Selecting this option ensures continuous communication, even if the lines are unstable.
Within its graphical user interface, the remote desktop connection offers access to all essential settings that you need to configure and optimize communication with terminal servers. However, you have to use the command line to get to a number of expanded options.
Instead of invoking the remote desktop connection via the Start menu, you can also use the command line to do just that by calling up Mstsc.exe and several arguments. In this way, you can reuse connection options saved in RDP files.
The Mstsc.exe command syntax:
Mstsc File /v:Server[Port] /console /f /w:Width /h:Height /edit /migrate
Argument |
Description |
---|---|
File |
Specifies the RDP file name for connecting |
/v:Server[Port] |
Specifies the DNS name or IP address of the server to which you want to connect. You can enter the desired port here. |
/console |
Connects to the console session of the terminal server |
/f |
Starts the client in full-screen mode |
/w:Width |
Specifies the width of the remote desktop in pixels |
/h:Height |
Specifies the height of the remote desktop in pixels |
/edit |
Opens the RDP files specified for editing |
/migrate |
Transfers the configuration files generated under Windows 2000 using the Windows Connection Manager to the new RDP file |
You can connect to the terminal server’s console session only by using the command-line option. A referenced RDP file, however, offers more flexibility.
By using the remote desktop connection General tab, you have the option of saving the configuration settings selected for connecting to a terminal server. The settings are saved in Unicode text files with the extension .rdp. You can use them either in the graphical user interface or with the command-line option of the remote desktop connection.
RDP files are therefore well-suited for defining default configurations to access terminal servers or individual applications on terminal servers. What other information lurks in RDP files? Here is a closer look at a sample RDP file:
screen mode id:i:2 desktopwidth:i:1024 desktopheight:i:768 session bpp:i:16 winposstr:s:0,1,0,0,800,600 full address:s:TRITON-SRV1 compression:i:1 keyboardhook:i:2 audiomode:i:0 redirectdrives:i:1 redirectprinters:i:1 redirectcomports:i:1 redirectsmartcards:i:1 displayconnectionbar:i:1 autoreconnection enabled:i:1 username:s:test domain:s:TRITON-SRV1 alternate shell:s:C:\Windows\system32\notepad.exe shell working directory:s:C:\Documents and Settings\tritsch\My Documents disable wallpaper:i:1 disable full window drag:i:1 disable menu anims:i:1 disable themes:i:0 disable cursor setting:i:0 bitmapcachepersistenable:i:1
Most lines correspond to settings that can be defined via the graphical user interface. Nevertheless, some of these options need to be explained in detail. The following table provides a detailed description of all lines in the RDP file.
Option |
Description |
---|---|
screen mode id:i: |
Integer that determines whether the remote desktop is started with a set resolution or in full-screen mode. |
Desktopwidth:i: |
Integer that specifies the width of the remote desktop. Values other than 640, 800, or 1024 are possible. |
Desktopheight:i: |
Integer that specifies the width of the remote desktop. Values other than 480, 600, or 768 are possible. |
session bpp:i: |
Integer that specifies the color depth in bits. Possible values: 8, 15, 16, and 24. |
winposstr:s: |
Character string containing position and size of the client window on the remote desktop. Values three and four of the character string determine the position of the top left corner of the window on the client desktop, five and six the position of the bottom right corner. Example of a valid value: winposstr:s:0,1,100,100,920,750. |
full address:s: |
Character string that contains the DNS name or IP address of the target server. |
compression:i: |
Integer that specifies the client’s compression standard. |
keyboardhook:i: |
Integer that specifies where the Windows keyboard shortcuts are used. |
audiomode:i: |
Integer that handles sound events on the remote computer. |
redirectdrives:i:
|
Integers that specify if local drives, printers, serial ports, or smart cards automatically establish a connection to the user session on the remote computer. |
displayconnectionbar:i: |
Integer that specifies whether the connection toolbar is displayed in full-screen mode. |
autoreconnection enabled:i: |
Integer that specifies whether the connection is automatically reestablished if ended. |
username:s: |
Character string containing the user name. |
domain:s: |
Character string containing the domain or server name that is responsible for user authentication. |
alternate shell:s: |
Character string containing path and name of a program that is started on connection. |
shell working directory:s: |
Character string containing the working directory for the program that is started on connection. |
disable wallpaper:i:
|
Integers that specify how many options for optimizing network performance are disabled. This affects desktop background, display of the window content when dragging, menu and window animation, themes, and bitmap caching. |
bitmapcachepersistenable:i: |
Integer that specifies if the cached bitmaps persist on the local hard drive. This would make them available for the next session. |
auto connect:i: |
Automatic user logon. |
connect to console:i: |
Integer that specifies whether you open a console or a user session. This line is not automatically generated when you save the remote desktop connection parameters. Therefore, you need to insert it manually, if necessary. |
Tip? |
The default values of a remote desktop connection are also saved in an RDP file. This file is called Default.rdp and is a hidden file in the Documents and Settings\<User Name >\My Documents folder. When distributed in the standard profile to users’ desktops, this type of file opens up new possibilities for accessing applications over terminal servers. |
The Remote Desktop Snap-in in the Microsoft Management Console allows management of connections to terminal servers. In combination with Terminal Services, it also administers the connections to other forms of Windows Server 2003. The snap-in is ideal for administrators who need to maintain simultaneous connections to multiple servers.
Important? |
The Remote Desktop Snap-in is not an RDP client for normal users, but a tool for administrators. For this reason, the default setting of the Remote Desktop Snap-in always establishes a connection to the console of the target server. Additionally, most tasks from the Remote Desktop Snap-in can be executed only if you are logged on as the administrator. Nonetheless, networkwide guidelines might prohibit certain tasks. |
To use Remote Desktop Snap-in for the first time, start the Microsoft Management Console (Mmc.exe). A dialog box is displayed, allowing you to add stand- alone Snap-ins via File\Add\Remove Snap-in. Select Remote Desktop from the list of available snap-ins and add it to the console.
On terminal servers, this type of predefined console can be found under Start\All Programs\Administrative Tools\Remote Desktop.
When you start the Remote Desktop Snap-in for the first time, you need to generate connection configurations to the servers desired. On the left side of the console panel, select Remote Desktop with the right mouse key. In the resulting context menu, select the first list item, Add New Connection. In the dialog box, enter the desired server name or IP address, a connection name, and—optionally—logon information, password, and domain.
The default setting for initial configuration creates a connection to the console of the server desired. This is particularly helpful for administrative tasks, but only authorized users may access the server. It is not a multiple-user option, and is used exclusively for remote administration. Only if the appropriate option is disabled can multiple Remote Desktop Snap-in users access the same server.
Note? |
The Remote Desktop Snap-in allows you to enter your user information for automatic logon to the terminal server. After entering the password in the connection dialog, the password is encrypted and saved in the MSC file. The encrypted password is protected and can be modified only with the logon data of the user who entered it in the connection dialog. If you do not enter the password in the connection dialog, the default Windows logon dialog appears when the session starts and prompts you to enter the password manually. In this way, the password is not saved on the local computer. |
After setting up the connections desired, you can access one or more selected servers by choosing the corresponding connection name from the Remote Desktop list. If this does not work right away, you can reinitiate the connection using the context menu of the connection name (that is, the server) at a later point in time.
Other important options in the context menu of a selected server include ending an existing connection and displaying the connection properties. The latter, in particular, provides options beyond those in the initial setup of a connection.
Note? |
Unfortunately, some other helpful options have not (yet) found their way into the tool. For instance, there is neither an option to disconnect a session in the context menu of a server nor the ability to log off. Established connections cannot be sorted by name or grouped. This is especially troublesome if you want to manage a large number of servers with the Remote Desktop Snap-in. |
When you open the properties of a preconfigured connection, a dialog box with three tabs is displayed. The options under the General tab relate to the same parameters as for setting up a new connection: server name, connection name, and logon information.
On the Screen Options tab, you can choose to display the desktop as the MMC Result Pane is displayed, in a standard size (640 x 480, 800 x 600, or 1024 x 768), or you can opt for a custom size. However, the new settings will not take effect until the next connection. Similarly, changing the MMC pane size does not modify the size of the desktop if the corresponding connection was initiated with MMC Result Pane option selected.
On the Other tab, you configure a program to automatically start on logon, along with its default directory. When a user logs on, the selected program completely fills the desktop. Ending the program also ends the user session.
Another option on this tab allows you redirect local client drives to the user session on the remote server. You cannot redirect printers or serial ports or control network bandwidth and encryption options.
The connection configurations between terminal server and RDP clients are not static or identical for all scenarios. Instead, they must be able to adapt to dynamic user behavior and to the varying standards of an administrator. Many parameters control and configure such connections. These parameters can be set in different places.
We already learned about two of them: the Terminal Services configuration on the terminal server and the RDP client remote desktop connection and the Remote Desktop MMC Snap-in on the client. It is probably easiest for a system administrator to treat all user settings for a certain connection type of Terminal Services configuration in the same way. In some cases, however, it might be necessary to allow special settings through user entries on the client.
In principle, it is possible to set certain options either on the server only or the client only. This is a lot less problematic than configurations that can be set on both sides. Which one is relevant? The basic rule is that terminal server settings prevail over differing settings on the RDP client. In other words, the terminal server administrator is stronger than the end user.
To get a feeling for the capabilities of each, compare the connection options of the Terminal Services configuration, the Remote Desktop connection, and the Remote Desktop MMC Snap-in in the following table.
Option |
Terminal Services Configuration |
Remote Desktop Connection |
Remote Desktop MMC Snap-in |
---|---|---|---|
Configure the LAN adapters used |
Yes |
No |
No |
Counter for maximum connections per LAN adapter |
Yes |
No |
No |
Select level of encryption |
Yes |
Preset |
Preset |
Automatic logon |
Yes |
Yes |
Yes |
Always request password |
Yes |
No |
No |
Connection timeouts |
Yes |
No |
No |
Timeout for ended connections |
Yes |
No |
No |
Timeout for idle time |
Yes |
No |
No |
Handle interrupted connections |
Yes |
No |
No |
Start an initial program |
Yes |
Yes |
Yes |
Redirect local drives |
Yes (non-binding) |
Yes |
Yes |
Redirect local printers |
Yes (non-binding) |
Yes |
No |
Redirect local serial ports |
Yes (non-binding) |
Yes |
No |
Redirect local clipboard |
Yes |
No |
No |
Redirect local audio streams |
Yes |
No |
No |
Preset/select desktop size |
No |
Yes |
Yes |
Preset/select color depth |
Yes |
Yes |
No |
Connect to the console |
No |
Depends |
Yes |
Automatic reconnections |
No |
Yes |
No |
Control network bandwidth |
Yes |
Yes |
No |
Control full screen options |
No |
Yes |
No |
Logs |
Yes |
No |
No |