The Terminal Services Manager program is the central tool for managing users, sessions, and processes on individual terminal servers and for server farms. You invoke the program via the Start menu under Administration\Terminal Services Manager. Alternatively, you can start Terminal Services Manager by typing Tsadmin.exe on the command line. For some functions, such as remote control, Terminal Services Manager needs to be invoked from a Terminal Services client session. This function is disabled in a console session.
The Terminal Services Manager application window has two panels. The left panel contains server and user session lists. If the servers are part of a domain, this information is integrated as well. The right panel shows information on each item selected on the left.
The data displayed depends on whether you selected all the servers in several domains, one domain, one server, or one session. The following table lists the possible combinations.
Tabs |
All Servers |
Domain |
Server |
Session |
---|---|---|---|---|
Users |
Yes |
Yes |
Yes |
No |
Sessions |
Yes |
Yes |
Yes |
No |
Processes |
Yes |
Yes |
Yes |
Yes |
Information |
No |
No |
No |
Yes |
In addition to displaying information, this tool allows you to perform several different administrative tasks. The Actions menu item in the application window or the context menu of the individual information elements offers the following options:
Managing terminal servers involved
Connecting to a client
Ending the connection to a client
Sending messages to user sessions
Monitoring activities of individual user sessions (remote control)
Resetting individual user sessions
Terminating a user session, such as logging off a user
Displaying user and system processes
Terminating individual processes
Ending the connection with all servers in the domain
Connecting to a computer
Updating servers in all domains
Ending the connection to all servers
Displaying the client status
One of the Terminal Services Manager views relates to the server that executes the program. If a user creates a session by connecting to the displayed terminal server via a Terminal Services client, the session appears in the Session tab. The tab also contains information on the session and user name, ID, status, client name, idle time, logon time, and a comment.
The names of the users who are logged on to the selected server are listed in the Users tab. This tab also includes session name, ID, status, idle time, and logon time. Each application that runs on a server can be monitored in the Processes tab. It also shows the user and session name, ID, process ID (PID), and program name. The default view also displays system processes. You can change this setting via the View\Display System Processes menu option.
You can add more terminal servers to the All Listed Servers group by selecting Actions in the tool bar and then selecting Connect To Computer…. If needed, you enter the name and the password of an authorized user. In this way, an administrator is able to monitor all users, sessions, and processes on multiple terminal servers from one location.
Note? |
If a server icon is grayed out, it is not possible to access the related information. |
If you want to display certain server lists in the future, you can integrate the servers using Add to Favorites in the context menu of your Favorite servers list.
Many tabs show the status of current sessions. The options are as follows:
Active The session is connected, and a user is logged on to the server.
Connected The session is connected, but there is no user logged on to the server.
ConnectQuery The session is in the process of connecting. If this state continues, it indicates a problem with the connection.
Listen The session is ready to accept a client connection.
Disconnected The user is disconnected from the session, but the session is still attached to the server and can be reconnected at any time.
Idle The session is initialized and ready to accept a connection.
Down The session failed to initialize correctly or could not be terminated, and it is not available. If this state continues, it indicates a problem with the connection of the session.
Init The session is in the process of initializing.
RemoteControl The session is in the process of remotely controlling another session.
Figure 4-3: Five users on the TRITON-SRV2 terminal server and one connection request from a client (RDP-Tcp#5).
In Terminal Services Manager, the system console session (named Console) is automatically listed in the Sessions list. The console represents the keyboard, the mouse, and the monitor of the computer on which the terminal server is installed. If you are authorized, you can log on to a terminal server from console session just as from a client session. You can send messages to the console session but perform no other administrative tasks.
The “listener threads” differ from regular sessions. The threads monitor the network protocol and accept new RDP client connections that create new sessions for client requests. If you configured more than one connection type in the Terminal Services configuration, you will see several listener threads for the different connection types.
It is possible to reset a listener thread. However, this is not recommended because all sessions using the same terminal server connection will also be reset. Resetting a session without notifying the user can cause data loss on the client.
Each user session can be viewed in detail, including processor ID (PID) and program names, in the Processes tab. You will also see Csrss.exe, Winlogon.exe, Rdpclip.exe, and Ctfmon.exe. These processes are part of each terminal server session, just like Explorer.exe.
Note? |
In a Microsoft Windows 2000 terminal server, all processes were started for two user sessions. This default setting was changed for Windows Server 2003. There are no longer any idle sessions. Nevertheless, idle sessions can still be established through corresponding entries in the registry database. (See Chapter 6.) Figure 4-4: Displaying user session processes. |
The Information tab allows you to request information about the individual user sessions, including user and client name, client build number, directory, product ID, address, server buffer, color depth, modem name, encryption level, client license, client hardware ID, client buffer, and client resolution.
When you select one of the servers, you can access further information about logged-on users, sessions, processes, and client configuration. You can choose from all the possible actions from the main menu of the Terminal Services Manager or the corresponding context menu accessible via the right mouse button.
Terminal Services Manager actions include connecting and disconnecting, sending messages, remote desktop, resetting user sessions, displaying status information, and logging users off an existing session. You can also terminate processes, connect to or disconnect from computers, and update servers in the domain. If you added favorites in the Preferred Servers menu, you can delete them here as well.
One of the most frequent actions is sending messages to users or groups. Administrators use this option to forward instructions to users in the event of problems.
You should perform actions such as disconnecting, resetting user sessions, logging off users, or terminating processes only for a good reason, such as terminating hung application processes, handling orphaned user sessions, or preparing for administrative tasks. If you disconnect a user from a session without prior notice and the user loses data, acceptance will quickly wane.
Remote control is a powerful option that supports users in problem situations. An authorized user (for example, an administrator) can connect to the session of a user who needs help. The user sessions are then linked so that the administrator can view the user’s session screen. The administrator’s desktop is completely synchronized to the user’s desktop. This works correctly only if the video resolution of the client device on which the administrator is working meets the requirements of the connected user session.
Note? |
An alternative term for Remote Control is Remote Desktop. The latter is used when the administrator actively assumes control of a user session. In the command line, shadow invokes remote control as an alternative to the similar action in the Terminal Services Manager. Figure 4-7: Invoking remote control in the Terminal Services Manager. |
Depending on the Terminal Services configuration settings (described in Chapter 2) or the user account settings, the framework conditions for remote access to a user session are set here. In particular, two settings are involved:
Will the user be asked for permission to connect?
Is the session only displayed (mirroring or remote desktop) or is interactive access possible (remote control)?
Note? |
Usually, only an administrator has permission to connect to another user session via remote desktop (as described later in this chapter in the User and Group Administration section). Remote desktop cannot be started from the server console. The authorized user needs to be in an RDP session. You cannot access the console session via remote desktop, either. There is only one exception: if the administrator’s console session is displayed on a Terminal Services client using the /console parameter, the session can be controlled through remote desktop. |
A user requesting help sees the remote desktop session as shown in Figure 4-8. The user selects Yes to allow remote desktop or No to refuse. If the user does not respond at all, the system automatically denies the request after a few seconds. In this way, an administrator can never access a user’s desktop without permission if the environment was configured accordingly.
Important? |
Terminal Services Manager is a powerful tool that can influence the work of many users at the same time. Before using this tool in a production environment, you should first test its behavior and carefully run through standard operations. This certainly includes targeted identification and termination of applications in a user session, logging off users, and interrupting and resetting a client connection. |