Remote Desktop Services Deployment Guide

Remote Desktop Services Deployment Guide
Microsoft Corporation Published: May 2010
Abstract
This guide provides instructions for deploying Remote Des top !ervices in a production environment running the "indo#s !erver$ 200% R2 operating system& 't is intended for information technology ('T) professionals #ho #ant to implement an end*to*end+ Remote Des top !ervices solution& This guide covers deployment best practices for configuring Remote Des top !ervices&
Copyright Information
This document supports a preliminary release of a soft#are product that may be changed substantially prior to final commercial release+ and is the confidential and proprietary information of Microsoft Corporation& 't is disclosed pursuant to a non*disclosure agreement bet#een the recipient and Microsoft& This document is provided for informational purposes only and Microsoft ma es no #arranties+ either e,press or implied+ in this document& 'nformation in this document+ including -R. and other 'nternet "eb site references+ is sub/ect to change #ithout notice& The entire ris of the use or the results from the use of this document remains #ith the user& -nless other#ise noted+ the companies+ organi0ations+ products+ domain names+ e* mail addresses+ logos+ people+ places+ and events depicted in e,amples herein are fictitious& 1o association #ith any real company+ organi0ation+ product+ domain name+ e*mail address+ logo+ person+ place+ or event is intended or should be inferred& Complying #ith all applicable copyright la#s is the responsibility of the user& "ithout limiting the rights under copyright+ no part of this document may be reproduced+ stored in or introduced into a retrieval system+ or transmitted in any form or by any means (electronic+ mechanical+ photocopying+ recording+ or other#ise)+ or for any purpose+ #ithout the e,press #ritten permission of Microsoft Corporation&
Microsoft may have patents+ patent applications+ trademar s+ copyrights+ or other intellectual property rights covering sub/ect matter in this document& 2,cept as e,pressly provided in any #ritten license agreement from Microsoft+ the furnishing of this document does not give you any license to these patents+ trademar s+ copyrights+ or other intellectual property&
3 2004 Microsoft Corporation& 5ll rights reserved&
Microsoft, and Active Directory, RemoteApp, Windows, and Windows Server are trademar s of the Microsoft group of companies&
5ll other trademar s are property of their respective o#ners&
Contents
Remote Des top !ervices Deployment 6uide&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&1 5bstract&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&1 Copyright 'nformation&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2 Contents&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&7 Remote Des top !ervices Deployment 6uide&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8 5bout this guide&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8 Planning to Deploy Remote Des top !ervices&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&% Revie#ing Remote Des top !ervices concepts&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&% 'mplementing 9our Remote Des top !ervices Design Plan&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&4 :o# to implement your Remote Des top !ervices design by using this guide&&&&&&&&&&4 Chec list: 'mplementing a ;irtual Des top 'nfrastructure Design&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&10 Chec list: Deploying a Personal ;irtual Des top&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&10 Chec list: Deploying a ;irtual Des top Pool&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&12 Chec list: 'mplementing a !ession*based Design&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&1< Chec list: Deploying a Remote Des top !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&1= Chec list: Deploying a Remote Des top .icense !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&1> Deploying Remote Des top !ession :ost&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&18 Deploying Remote Des top !ession :ost&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&18 Chec list: RD !ession :ost 'nstallation Prere?uisites&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&1% 5bout Remote Des top !ession :ost&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&21 "hat is Remote Des top !ervices@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&21 "hy use Remote Des top !ervices@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&22 Remote Des top !ervices role services&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&22 "hat is RD !ession :ost@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&27 "hat is RD "eb 5ccess@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2< "hat is RD .icensing@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2< "hat is RD 6ate#ay@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2< "hy use RD 6ate#ay@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2= "hat is RD Connection Aro er@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2= "hat is RD ;irtuali0ation :ost@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2> -sing Remote Des top&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2> 'nstalling RD !ession :ost on a Domain Controller&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&28
Remote Des top !ervices and "indo#s Bire#all&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&2% 5dditional references&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&70 'nstalling the RD !ession :ost Role !ervice&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&70 'nstall the Remote Des top !ession :ost role service&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&70 'nstall the Remote Des top !ession :ost role service (#hen Remote Des top !ervices is already installed)&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&77 Configuring the 1et#or .evel 5uthentication !etting for an RD !ession :ost !erver &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&7= 'nstalling Programs on an RD !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&78 5dditional considerations&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&7% Configuring the Remote Des top -sers 6roup&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&7% Configuring the Client 2,perience on an RD !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<0 Des top 2,perience Beature&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<0 "hatCs in the Des top 2,perience feature&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<1 'nstall Des top 2,perience on an RD !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<1 'nstall Des top 2,perience&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<2 -ninstall (Remove) Des top 2,perience&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<7 Configure 5udio and ;ideo Playbac on an RD !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&&&&&<< Manually configuring audio and video playbac &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<= 'nstall the Des top 2,perience feature&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<= !tart the "indo#s 5udio service&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<= 2nable the 5llo# audio and video playbac redirection 6roup Policy setting&&&&&&&<> !et the ma,imum color depth to 72 bits per pi,el&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<> Configure 5udio Recording Redirection on an RD !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&<8 Manually configuring audio recording redirection&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<% !tart the "indo#s 5udio service&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<% 2nable the 5llo# audio recording redirection 6roup Policy setting&&&&&&&&&&&&&&&&&&&&&&&<4 Configure Des top Composition on an RD !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&<4 Manually configuring des top composition&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=0 'nstall the Des top 2,perience feature&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=0 !tart the Themes service&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=0 2nable the 5llo# des top composition for remote des top sessions 6roup Policy setting&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=1 !et the ma,imum color depth to 72 bits per pi,el&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=1 6roup Policy !ettings and Configuring the Client 2,perience&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=2 Configuring .icense !ettings on an RD !ession :ost !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=< 2nabling Remote Des top&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&== 2nable Remote Des top&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=>
;erifying Remote Des top !ession :ost Bunctionality&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=> Creating a 1e# -ser 5ccount&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=8 5dditional considerations&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=% Deploying a !imple ;irtual Des top 'nfrastructure&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=4 Deploying a simple ;irtual Des top 'nfrastructure&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&=4 Chec list: Deploying the ;irtual Machine for Remote Des top !ervices&&&&&&&&&&&&&&&&&&&&&=4 5bout ;irtual Des top 'nfrastructure&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>1 "hat is ;irtual Des top 'nfrastructure@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>1 "hy use ;irtual Des top 'nfrastructure@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>1 ;irtual Des top 'nfrastructure role services&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>2 'nstalling the Remote Des top ;irtuali0ation :ost Role !ervice&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>7 5llo#ing Remote RPC&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>= Creating a Bire#all 2,ception to 5llo# Remote !ervices Management&&&&&&&&&&&&&&&&&&&&&&>= 5dding Permissions to the RDP Protocol&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>> Configuring Rollbac for a ;irtual Des top Pool&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>8 Creating a ;irtual Machine&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>% 'nstall "indo#s 8 on a virtual machine&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&>4 Doining RD ;irtuali0ation :ost to RD Connection Aro er&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&80 5ssigning a Personal ;irtual Des top&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&81 5dding ;irtual Machines to a ;irtual Des top Pool&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&82 2nabling Rollbac on a ;irtual Machine&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&87 ;erifying Personal ;irtual Des top Bunctionality&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&87 ;erifying ;irtual Des top Pool Bunctionality&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8= Configuring Publishing&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8> 'nstalling the Remote Des top "eb 5ccess Role !ervice&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8> 'nstall the Remote Des top "eb 5ccess role service&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&8> Populating the T! "eb 5ccess Computers !ecurity 6roup&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&88 Configuring the RD "eb 5ccess !erver for Remote5pp and Des top Connection&&&&&&8% Configuring Remote5pp and Des top Connection&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%0 Deploying Remote Des top Connection Aro er&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%2 'nstalling the Remote Des top Connection Aro er Role !ervice&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%7 'nstallation prere?uisites&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%7
'nstall the Remote Des top Connection Aro er role service&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%< Deploying Remote Des top .icensing&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%< 5bout Remote Des top .icensing&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%= "hat is RD .icensing@&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%= 'nstalling the Remote Des top .icensing Role !ervice&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%8 5ctivating the Remote Des top .icense !erver&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%% 5ctivate a Remote Des top .icense !erver 5utomatically&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%4 5ctivate a Remote Des top .icense !erver by -sing a "eb Aro#ser&&&&&&&&&&&&&&&&&&&&&&&&&40 5ctivate a Remote Des top .icense !erver by -sing the Telephone&&&&&&&&&&&&&&&&&&&&&&&&&&42 'nstalling Remote Des top !ervices Client 5ccess .icenses&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&47 'nstall Remote Des top !ervices Client 5ccess .icenses 5utomatically&&&&&&&&&&&&&&&&&&&&&4< 'nstall Remote Des top !ervices Client 5ccess .icenses by -sing a "eb Aro#ser&&&&&4= 'nstall Remote Des top !ervices Client 5ccess .icenses by -sing the Telephone&&&&&&4%
Remote Desktop Services Deployment Guide

Remote Des top !ervices+ formerly Terminal !ervices+ is a server role in "indo#s !erver$ 200% R2 that provides technologies that enable users to access "indo#s*based programs that are installed on a Remote Des top !ession :ost (RD !ession :ost) server+ or to access the full "indo#s des top& "ith Remote Des top !ervices+ users can access an RD !ession :ost server from #ithin a corporate net#or or from the 'nternet& Remote Des top !ervices lets you efficiently deploy and maintain soft#are in an enterprise environment& 9ou can easily deploy programs from a central location& Aecause you install the programs on the RD !ession :ost server and not on the client computer+ programs are easier to upgrade and to maintain&
About this guide

This guide is intended for use by system administrators and system engineers& 't provides detailed guidance for deploying a Remote Des top !ervices design that has been preselected by you or an infrastructure specialist or system architect in your organi0ation& 9ou can then use this guide to deploy Remote Des top !ervices in your production environment& This guide provides steps for deploying the follo#ing Remote Des top !ervices designs: Remote Des top !ervices #ith ;irtual Des top 'nfrastructure (;D') Remote Des top !ervices #ith session*based des tops Remote Des top !ervices #ith 5dd*ons
-se the chec lists in 'mplementing 9our Remote Des top !ervices Design Plan to determine ho# best to use the instructions in this guide to deploy your particular design&
Planning to Deploy Remote Desktop Services

5fter you collect information about your environment and you decide on a Remote Des top !ervices design+ you can begin to plan the deployment of your organi0ationCs Remote Des top !ervices design&
Reviewing Remote Desktop Services concepts

-se the follo#ing !tep*by*!tep 6uides for more information about ho# Remote Des top !ervices #or s and ho# to deploy Remote Des top !ervices in a test environment:
'nstalling Remote Des top !ession :ost !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1<8242) Deploying Remote Des top "eb 5ccess #ith Remote Des top Connection Aro er !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF171428) Customi0ing Remote Des top "eb 5ccess by -sing "indo#s !harePoint !ervices !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1=4411) Deploying Remote5pp Programs to the !tart Menu by -sing Remote5pp and Des top Connection !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@
.in 'dF1=<84%)
Deploying Personal ;irtual Des tops by -sing Remote Des top "eb 5ccess !tep* by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1<8404) Deploying ;irtual Des top Pools by -sing Remote Des top "eb 5ccess !tep*by* !tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1<8408) Deploying Personal ;irtual Des tops by -sing Remote5pp and Des top Connection !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@
.in 'dF1=<%01)
Deploying ;irtual Des top Pools by -sing Remote Des top "eb 5ccess !tep*by* !tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1<840>) Deploying ;irtual Des top Pools by -sing Remote5pp and Des top Connection !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1=<%02)
Deploying Remote Des top 6ate#ay !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1<22=0) Deploying Remote Des top .icensing !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF1<118=) Deploying Remote Des top 'P ;irtuali0ation !tep*by*!tep 6uide (http:EEgo&microsoft&comEf#lin E@.in 'dF17884=)
Implementing our Remote Desktop Services Design Plan

Consider the follo#ing factors before you implement your design plan: Comple!ity" The comple,ity of the scenario relative to other scenarios& Cost" The initial setup and sustained cost of this scenario& #ault tolerance" :o# the scenario supports the resiliency of the infrastructure+ #hich ultimately affects the availability of the system& Performance" :o# the scenario affects the performance of the infrastructure& Scalability" The impact that the scenario has on the scalability of the infrastructure& Security" "hether the scenario has a positive or negative impact on overall infrastructure security&
$ow to implement your Remote Desktop Services design by using this guide
The ne,t step in implementing your design is to determine in #hat order each of the deployment tas s must be performed& This guide uses chec lists to help you #al through the various server and application deployment tas s that are re?uired to implement your design plan& Parent and child chec lists are used as necessary to represent the order in #hich tas s for a specific Remote Des top !ervices design must be performed& -se the follo#ing parent chec lists in this section of the guide to become familiar #ith the deployment tas s for implementing your organi0ationGs Remote Des top !ervices design:
Chec list: 'mplementing a ;irtual Des top 'nfrastructure Design Chec list: 'mplementing a !ession*based Design
Checklist" Implementing a %irtual Desktop Infrastructure Design

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design& 'ote Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& Checklist" Implementing a virtual desktop infrastructure design &ask Deploy a personal virtual des top& Deploy a virtual des top pool& Reference
Chec list: Deploying a Personal ;irtual Des top Chec list: Deploying a ;irtual Des top Pool
Checklist" Deploying a Personal %irtual Desktop

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design& 'ote
Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& Checklist" Deploying a personal virtual desktop &ask 'nstall the Remote Des top !ession :ost (RD !ession :ost) role service& 'nstall the Remote Des top ;irtuali0ation :ost (RD ;irtuali0ation :ost) role service& 'nstall the Remote Des top Connection Aro er (RD Connection Aro er) role service& 'nstall the Remote Des top "eb 5ccess (RD "eb 5ccess) role service& Reference
Chec list: Deploying a Remote Des top !ession :ost !erver
'nstalling the Remote Des top ;irtuali0ation :ost Role !ervice
'nstalling the Remote Des top Connection Aro er Role !ervice
'nstalling the Remote Des top "eb 5ccess Role !ervice
Deploy the virtual machine Chec list: Deploying the for Remote Des top ;irtual Machine for Remote Des top !ervices !ervices&
5dd the computer account of the RD "eb 5ccess server to the T! "eb 5ccess Computers group on RD Connection Aro er& Configure RD "eb 5ccess to specify the source that
Populating the T! "eb 5ccess Computers !ecurity 6roup
Configuring the RD "eb 5ccess !erver for
&ask provides the Remote5pp programs and virtual des tops that are displayed to users& Configure the RD "eb 5ccess server to use an RD Connection Aro er server& 5ssign a personal virtual des top by using the 5ssign Personal ;irtual Des top "i0ard& Configure Remote5pp and Des top Connection (optional)& ;erify the functionality of the personal virtual des top deployment&
Reference
Remote5pp and Des top Connection
Doining RD ;irtuali0ation :ost to RD Connection Aro er
5ssigning a Personal ;irtual Des top
Configuring Remote5pp and Des top Connection
;erifying Personal ;irtual Des top Bunctionality
Checklist" Deploying a %irtual Desktop Pool

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design& 'ote Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& Checklist" Deploying a virtual desktop pool
&ask 'nstall the Remote Des top !ession :ost (RD !ession :ost) role service& 'nstall the Remote Des top ;irtuali0ation :ost (RD ;irtuali0ation :ost) role service& 'nstall the Remote Des top Connection Aro er (RD Connection Aro er) role service& 'nstall the Remote Des top "eb 5ccess (RD "eb 5ccess) role service&
Reference
'nstalling the Remote Des top ;irtuali0ation :ost Role !ervice
'nstalling the Remote Des top Connection Aro er Role !ervice
'nstalling the Remote Des top "eb 5ccess Role !ervice
Deploy the virtual machine Chec list: Deploying the for Remote Des top ;irtual Machine for Remote Des top !ervices !ervices&
5dd the computer account of the RD "eb 5ccess server to the T! "eb 5ccess Computers group on RD Connection Aro er& Configure RD "eb 5ccess to specify the source that provides the Remote5pp programs and virtual des tops that are displayed to users& Configure the RD "eb 5ccess server to use an
Populating the T! "eb 5ccess Computers !ecurity 6roup
Configuring the RD "eb 5ccess !erver for Remote5pp and Des top Connection
Doining RD ;irtuali0ation
&ask RD Connection Aro er server& 5dd virtual machines to a virtual des top pool& Configure Remote5pp and Des top Connection (optional)& ;erify the functionality of the virtual des top pool deployment&
Reference
:ost to RD Connection Aro er 5dding ;irtual Machines to a ;irtual Des top Pool Configuring Remote5pp and Des top Connection
;erifying ;irtual Des top Pool Bunctionality
Checklist" Implementing a Session( based Design

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design& 'ote Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& Checklist" Implementing a session(based design &ask Deploy an RD !ession :ost server& Reference
Checklist" Deploying a Remote Desktop Session $ost Server

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design& 'ote Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& Please note the follo#ing: 'nstalling the RD !ession :ost role service re?uires the computer to be restarted& 'nstalling the RD !ession :ost role service on an 5ctive Directory domain controller is not recommended& 9ou should install the RD !ession :ost role service on the computer before you install any programs that you #ant to ma e available to users& Checklist" Deploying a Remote Desktop Session $ost server &ask Revie# prere?uisites for installing the RD !ession :ost role service& 'nstall the RD !ession :ost role service& 'nstall and configure the RD .icensing role service& Reference
Chec list: RD !ession :ost 'nstallation Prere?uisites 'nstalling the RD !ession :ost Role !ervice Chec list: Deploying a Remote Des top .icense !erver
&ask Configure the license settings on the RD !ession :ost server&
Reference
Configuring .icense !ettings on an RD !ession :ost !erver
Configure the 1et#or .evel Configuring the 1et#or 5uthentication setting for .evel 5uthentication the RD !ession :ost server& !etting for an RD !ession
:ost !erver
'nstall programs on the RD !ession :ost server& Configure the client e,perience on an RD !ession :ost server& (Hptional) Configure users that #ill remotely connect to the RD !ession :ost server& 'ote This step is optional if installing and configuring a ;irtual Des top 'nfrastructure& ;erify the functionality of the RD !ession :ost deployment&
'nstalling Programs on an RD !ession :ost !erver Configuring the Client 2,perience on an RD !ession :ost !erver
Creating a 1e# -ser 5ccount Configuring the Remote Des top -sers 6roup
;erifying Remote Des top !ession :ost Bunctionality
Checklist" Deploying a Remote Desktop )icense Server

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design&
'ote Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& Checklist" Deploying a Remote Desktop license server &ask 'nstall the RD .icensing role service& 5ctivate the Remote Des top license server& 'nstall Remote Des top !ervices client access licenses& Reference
'nstalling the Remote Des top .icensing Role !ervice 5ctivating the Remote Des top .icense !erver 'nstalling Remote Des top !ervices Client 5ccess .icenses
Deploying Remote Desktop Session $ost

5n RD !ession :ost server is the server that hosts "indo#s*based programs or the full "indo#s des top for Remote Des top !ervices clients& -sers can connect to an RD !ession :ost server to run programs+ to save files+ and to use net#or resources on that server& -sers can access an RD !ession :ost server by using Remote Des top Connection or by using Remote5pp& 'ote 'nstalling the RD !ession :ost role service on an 5ctive Directory$ domain controller is not recommended& Bor more information+ see 'nstalling RD !ession :ost on a Domain Controller&
Deploying Remote Desktop Session $ost

Aefore you install and configure an RD !ession :ost server+ be sure that you have revie#ed the follo#ing conceptual topics:
Chec list: RD !ession :ost 'nstallation Prere?uisites
Checklist" RD Session $ost Installation Prere*uisites

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design& 'ote Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& This chec list provides tas s that an administrator should perform before installing and configuring an RD !ession :ost server& Checklist" Remote Desktop Session $ost installation prere*uisites &ask Determine if you need an RD !ession :ost server& Reference To allo# remote connections for administrative purposes only+ you do not have to install an RD !ession :ost server& Bor more information about remote connections for administrative purposes+ see -sing Remote Des top& Revie# licensing re?uirements for an RD !ession :ost server& 2ach user or computing device that connects to an RD !ession :ost server must have a valid Remote Des top !ervices client access license (RD! C5.)& 5n RD !ession :ost server running "indo#s !erver 200% R2 must be configured to use at least a license
&ask
Reference server running "indo#s !erver 200%+ and the license server must have valid RD! C5.s installed& Bor more information about licensing re?uirements for Remote Des top !ervices+ see the Remote Des top !ervices Design 6uide+ to be published on the "indo#s !erver 200% R2 Remote
Des top !ervices TechCenter
(http:EEgo&microsoft&comEf#lin E@ .in 'dF17%0==)& Decide #hich programs you #ant to host on the RD !ession :ost server& 9ou should install the RD !ession :ost role service on the computer before you install any programs that you #ant to ma e available to users& 'f you install the RD !ession :ost role service on a computer that already has programs installed+ some of the e,isting programs may not #or correctly in a multiple user environment& -ninstalling and then reinstalling the affected programs may resolve these issues& Bor more information+ see 'nstalling
Programs on an RD !ession :ost !erver&
Revie# information about: :ard#are re?uirements Capacity and scaling
Bor hard#are re?uirements+ see the Remote Des top !ervices Design 6uide+ to be published on the "indo#s !erver 200% R2 Remote Des top !ervices
TechCenter
(http:EEgo&microsoft&comEf#lin E@ .in 'dF17%0==)& Bor capacity and scaling+ see the

Remote Des top !ession :ost Capacity Planning in "indo#s !erver 200% R2
(http:EEgo&microsoft&comEf#lin E@ .in 'dF142<12)&
&ask Determine if you need to deploy a load*balanced RD !ession :ost server farm&
Reference Bor more information about RD Connection Aro er+ see the Remote Des top !ervices Design 6uide+ to be published on the "indo#s !erver 200% R2 Remote Des top !ervices
TechCenter
(http:EEgo&microsoft&comEf#lin E@ .in 'dF17%0==)& Determine the Remote Des top licensing mode that the RD !ession :ost server #ill use& The Remote Des top licensing mode configured on an RD !ession :ost server must match the type of RD! C5.s available on the Remote Des top license server& Bor more information+ see Configuring
.icense !ettings on an RD !ession :ost !erver&
Determine the Remote Des top license server from #hich the RD !ession :ost server #ill re?uest RD! C5.s&
5n RD !ession :ost server must be configured to specify a Remote Des top license server from #hich to re?uest RD! C5.s for users or computing devices that are connecting to the RD !ession :ost server& Bor more information+ see Configuring
.icense !ettings on an RD !ession :ost !erver&
Determine #hich users #ill be able to remotely connect to the RD !ession :ost server&
The Remote Des top -sers group on an RD !ession :ost server is used to give users and groups permission to log on remotely to an RD !ession :ost server& Bor more information+ see Configuring the Remote Des top -sers 6roup&
Determine if you need to deploy an
Bor more information about RD 6ate#ay+ see the Remote Des top
&ask RD 6ate#ay server&
Reference !ervices Design 6uide+ to be published on the "indo#s !erver 200% R2 Remote
Des top !ervices TechCenter
(http:EEgo&microsoft&comEf#lin E@ .in 'dF17%0==)& Determine if the RD !ession :ost server #ill re?uire 1et#or .evel 5uthentication& 9ou can enhance RD !ession :ost server security by providing user authentication earlier in the connection process #hen a client connects to an RD !ession :ost server& This early user authentication method is referred to as 1et#or .evel 5uthentication& Bor more information+ see Configuring the
1et#or .evel 5uthentication !etting for an RD !ession :ost !erver&
Revie# information about "indo#s Bire#all&
The installation of the Remote Des top !ervices role changes the configuration of "indo#s Bire#all& Bor more information+ see Remote
Des top !ervices and "indo#s Bire#all&
About Remote Desktop Session $ost

+hat is Remote Desktop Services,
Remote Des top !ervices+ formerly Terminal !ervices+ is a server role in "indo#s !erver$ 200% R2 that provides technologies that enable users to access "indo#s*based programs that are installed on a Remote Des top !ession :ost (RD !ession :ost) server+ or to access the full "indo#s des top& "ith Remote Des top !ervices+ users can access an RD !ession :ost server from #ithin a corporate net#or or from the 'nternet& Remote Des top !ervices lets you efficiently deploy and maintain soft#are in an enterprise environment& 9ou can easily deploy programs from a central
location& Aecause you install the programs on the RD !ession :ost server and not on the client computer+ programs are easier to upgrade and to maintain& "hen a user accesses a program on an RD !ession :ost server+ the program runs on the server& 2ach user sees only their individual session& The session is managed transparently by the server operating system and is independent of any other client session& 5dditionally+ you can configure Remote Des top !ervices to use :yper*;I to either assign virtual machines to users+ or have Remote Des top !ervices dynamically assign an available virtual machine to a user upon connection&
+hy use Remote Desktop Services,

'f you deploy a program on an RD !ession :ost server instead of on each device+ there are many benefits& These include the follo#ing: Application deployment" 9ou can ?uic ly deploy "indo#s*based programs to computing devices across an enterprise& Remote Des top !ervices is especially useful #hen you have programs that are fre?uently updated+ infre?uently used+ or difficult to manage& Application consolidation" Programs are installed and run from an RD !ession :ost server+ eliminating the need for updating programs on client computers& This also reduces the amount of net#or band#idth that is re?uired to access programs& Remote access" -sers can access programs that are running on an RD !ession :ost server from devices such as home computers+ ios s+ lo#*po#ered hard#are+ and operating systems other than "indo#s& -ranch office access" Remote Des top !ervices provides better program performance for branch office #or ers #ho need access to centrali0ed data stores& Data*intensive programs sometimes do not have clientEserver protocols that are optimi0ed for lo#*speed connections& Programs of this ind fre?uently perform better over a Remote Des top !ervices connection than over a typical #ide area net#or &
Remote Desktop Services role services

Remote Des top !ervices is a server role that consists of several role services& 'n "indo#s !erver 200% R2+ Remote Des top !ervices consists of the follo#ing role services:
RD Session $ost" Remote Des top !ession :ost (RD !ession :ost)+ formerly Terminal !erver+ enables a server to host "indo#s*based programs or the full "indo#s des top& -sers can connect to an RD !ession :ost server to run programs+ to save files+ and to use net#or resources on that server& RD +eb Access" Remote Des top "eb 5ccess (RD "eb 5ccess)+ formerly T! "eb 5ccess+ enables users to access Remote5pp and Des top Connection through the Start menu on a computer that is running "indo#s 8 or through a "eb bro#ser& Remote5pp and Des top Connection provides a customi0ed vie# of Remote5pp programs and virtual des tops to users& RD )icensing" Remote Des top .icensing (RD .icensing)+ formerly T! .icensing+ manages the Remote Des top !ervices client access licenses (RD! C5.s) that are re?uired for each device or user to connect to an RD !ession :ost server& 9ou use RD .icensing to install+ issue+ and trac the availability of RD! C5.s on a Remote Des top license server& RD Gateway" Remote Des top 6ate#ay (RD 6ate#ay)+ formerly T! 6ate#ay+ enables authori0ed remote users to connect to resources on an internal corporate net#or + from any 'nternet*connected device& RD Connection -roker" Remote Des top Connection Aro er (RD Connection Aro er)+ formerly T! !ession Aro er+ supports session load balancing and session reconnection in a load*balanced RD !ession :ost server farm& RD Connection Aro er is also used to provide users access to Remote5pp programs and virtual des tops through Remote5pp and Des top Connection& RD %irtuali.ation $ost" Remote Des top ;irtuali0ation :ost (RD ;irtuali0ation :ost) integrates #ith :yper*; to host virtual machines and provide them to users as virtual des tops& 9ou can assign a uni?ue virtual des top to each user in your organi0ation+ or provide them shared access to a pool of virtual des tops&
+hat is RD Session $ost,

5n RD !ession :ost server is the server that hosts "indo#s*based programs or the full "indo#s des top for Remote Des top !ervices clients& -sers can connect to an RD !ession :ost server to run programs+ to save files+ and to use net#or resources on that server& -sers can access an RD !ession :ost server by using the Remote Des top Connection client or by using Remote5pp programs&
+hat is RD +eb Access,

RD "eb 5ccess enables users to access Remote5pp and Des top Connection through the Start menu on a computer that is running "indo#s 8 or through a "eb bro#ser& Remote5pp and Des top Connection provides a customi0ed vie# of Remote5pp programs and virtual des tops to users& "hen a user starts a Remote5pp program+ a Remote Des top !ervices session is started on the RD !ession :ost server that hosts the Remote5pp program& 'f a user connects to a virtual des top+ a remote des top connection is made to a virtual machine that is running on an RD ;irtuali0ation :ost server& To configure #hich Remote5pp programs and virtual des tops #ill be available through Remote5pp and Des top Connection+ you must install the RD Connection Aro er role service on a computer that is running "indo#s !erver 200% R2+ and then use the Remote Des top Connection Manager tool& 9ou can also use RD "eb 5ccess if you only #ant to ma e Remote5pp programs on an RD !ession :ost server available to users through a "eb bro#ser&
+hat is RD )icensing,
RD .icensing manages the RD! C5.s that are re?uired for each user or device to connect to an RD !ession :ost server& 9ou use RD .icensing to install+ issue+ and trac the availability of RD! C5.s on a Remote Des top license server& To use Remote Des top !ervices+ you must have at least one license server& Bor small deployments+ you can install both the RD !ession :ost role service and the RD .icensing role service on the same computer& Bor larger deployments+ it is recommended that the RD .icensing role service be installed on a separate computer from the RD !ession :ost role service& 9ou must configure RD .icensing correctly for your RD !ession :ost server to continue to accept connections from clients&
+hat is RD Gateway,
RD 6ate#ay enables authori0ed remote users to connect to resources on an internal corporate net#or + from any 'nternet*connected device& The net#or resources can be RD !ession :ost servers running Remote5pp programs Jhosting line*of*business (.HA) applicationsK+ virtual des tops+ or computers #ith Remote Des top enabled& RD 6ate#ay encapsulates RDP over :TTP! to
help form a secure+ encrypted connection bet#een users on the 'nternet and the internal net#or resources on #hich their productivity applications run&
+hy use RD Gateway,

RD 6ate#ay provides these benefits: RD 6ate#ay enables remote users to connect to internal net#or resources over the 'nternet by using an encrypted connection+ #ithout needing to configure virtual private net#or (;P1) connections& RD 6ate#ay provides a comprehensive security configuration model that enables you to control access to specific internal net#or resources& RD 6ate#ay enables remote users to connect to internal net#or resources that are hosted behind fire#alls in private net#or s and across net#or address translators (15Ts)& Remote Des top 6ate#ay Manager (RD 6ate#ay Manager) enables you to configure authori0ation policies to define conditions that must be met for remote users to connect to internal net#or resources& RD 6ate#ay Manager provides tools to help you monitor RD 6ate#ay connection status+ health+ and events& 9ou can configure RD 6ate#ay servers and Remote Des top !ervices clients to use 1et#or 5ccess Protection (15P) to enhance security& 9ou can use an RD 6ate#ay server #ith Microsoft 'nternet !ecurity and 5cceleration ('!5) !erver to further enhance security&
+hat is RD Connection -roker,

RD Connection Aro er eeps trac of user sessions in a load*balanced RD !ession :ost server farm& The RD Connection Aro er database stores session state information that includes session 'Ds+ their associated user names+ and the name of the server #here each session resides& "hen a user #ith an e,isting session connects to an RD !ession :ost server in the load* balanced farm+ RD Connection Aro er redirects the user to the RD !ession :ost server #here their session e,ists& This prevents the user from being connected to a different server in the farm and starting a ne# session& 'f the RD Connection Aro er .oad Aalancing feature is enabled+ RD Connection Aro er also trac s the number of user sessions on each RD !ession :ost server in the farm+ and redirects users #ho do not have an
e,isting session to the server #ith the fe#est sessions& This functionality enables you to evenly distribute the session load bet#een servers in a load* balanced RD !ession :ost server farm& RD Connection Aro er is also used to provide users #ith access to Remote5pp and Des top Connection& Remote5pp and Des top Connection provides a customi0ed vie# of Remote5pp programs and virtual des tops to users& RD Connection Aro er supports load balancing and reconnection to e,isting sessions on virtual des tops accessed by using Remote5pp and Des top Connection& To configure Remote5pp and Des top Connection+ use the Remote Des top Connection Manager tool on the RD Connection Aro er server&
+hat is RD %irtuali.ation $ost,

RD ;irtuali0ation :ost integrates #ith :yper*; to provide virtual machines by using Remote5pp and Des top Connection& RD ;irtuali0ation :ost can be configured so that each user in your organi0ation is assigned a uni?ue virtual des top+ or users are redirected to a shared pool #here a virtual des top is dynamically assigned& RD ;irtuali0ation :ost re?uires RD Connection Aro er to determine #here the user is redirected& 'f a user is assigned a personal virtual des top+ RD Connection Aro er #ill redirect the user to this virtual machine& 'f the virtual machine is not turned on+ RD ;irtuali0ation :ost turns the virtual machine on and then connects the user to the personal virtual des top& 'f the user is connecting to a shared virtual machine pool+ RD Connection Aro er #ill first chec to see if the user has a disconnected session in the pool& 'f the user has a disconnected session+ they are reconnected to that virtual des top& 'f the user does not have a disconnected session+ a virtual des top in that pool is dynamically assigned to the user&
/sing Remote Desktop

To allo# remote connections for administrative purposes only+ you do not have to install the RD !ession :ost role service& 'nstead+ you can enable Remote Des top on the computer that you #ant to remotely administer& 'ote Remote Des top supports only t#o concurrent remote connections to the computer& 9ou do not need Remote Des top !ervices client access licenses (RD! C5.s) for these connections&
9ou can use the follo#ing procedure to enable Remote Des top on a "indo#s !erver 200% R2 computer& Membership in the local Administrators group+ or e?uivalent+ on the computer that you plan to configure+ is the minimum re?uired to complete this procedure& &o enable Remote Desktop 1& !tart the !ystem tool& To start the !ystem tool+ clic Start+ clic Run+ type control system and then clic 01& 2& -nder &asks+ clic Remote settings& 7& 'n the System Properties dialog bo,+ on the Remote tab+ clic either of the follo#ing+ depending on your environment: Allow connections from computers running any version of Remote Desktop 2less secure3 Allow connections only from computers running Remote Desktop with 'etwork )evel Authentication 2more secure3
Bor more information about the t#o options+ clic the $elp me choose lin on the Remote tab& <& Clic Select /sers to add the users and groups that need to connect to the computer by using Remote Des top& The users and groups that you add are added to the Remote Des top -sers group& 'ote Members of the local Administrators group can connect even if they are not listed&
Installing RD Session $ost on a Domain Controller

'nstalling the RD !ession :ost role service on an 5ctive Directory domain controller is not recommended& 5llo#ing users to run programs on a domain controller could create security ris s and performance issues&
'f the RD !ession :ost role service is installed on a domain controller+ the security settings of the domain controller #ill need to be ad/usted to allo# users to have remote access to the server& This remote access is controlled by the Allow logon through Remote Desktop Services user rights assignment+ #hich can be configured by using the 6roup Policy Management Console (6PMC)& Hn a domain controller+ by default+ only the 5dministrators group is granted the Allow logon through Remote Desktop Services user right& To allo# remote access to the RD !ession :ost server for users #ho are not members of the 5dministrators group+ you should grant the Remote Des top -sers group the Allow logon through Remote Desktop Services user right& Bor more information about using 6PMC to configure user rights assignments+ see the 6roup Policy Management Console :elp in "indo#s !erver 200% R2& Bor more information about licensing re?uirements for Remote Des top !ervices+ see the Remote Des top !ervices Design 6uide to be published on the "indo#s !erver 200% R2 Remote Des top !ervices TechCenter (http:EEgo&microsoft&comEf#lin E@.in 'dF17%0==)&
Remote Desktop Services and +indows #irewall

The "indo#s Bire#all is on by default in "indo#s !erver 200% and "indo#s !erver 200% R2& "indo#s Bire#all helps control #hich programs or ports can be used to communicate bet#een the "indo#s !erver 200% or "indo#s !erver 200% R2 server and other computers on the net#or or the 'nternet& To allo# a program or port to communicate through "indo#s Bire#all+ an e,ception needs to be enabled& 'f you enable Remote Des top+ "indo#s Bire#all automatically enables the Remote Des top e,ception& "hen the RD !ession :ost role service is installed+ "indo#s Bire#all automatically enables the follo#ing e,ceptions: Remote Des top Remote Des top !ervices
'f you install other Remote Des top !ervices role services+ "indo#s Bire#all #ill automatically enable other e,ceptions& Bor e,ample+ #hen you install the
RD .icensing role service+ "indo#s Bire#all enables the Remote Des top .icensing !erver e,ception& "hen you uninstall (remove) a role service from the computer+ "indo#s Bire#all automatically removes the e,ception for that role service& Important "hen the RD !ession :ost role service is uninstalled (removed)+ only the Remote Des top !ervices e,ception is removed& The Remote Des top e,ception is not removed& -se the follo#ing procedure to vie# "indo#s Bire#all e,ceptions& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& &o view +indows #irewall e!ceptions 1& Clic Start+ and then clic Control Panel& 2& Clic System and Security+ and then clic +indows #irewall& 7& Clic Allow a program or feature through +indows #irewall4 <& 'f the chec bo, associated #ith the program or port listed is selected+ the "indo#s Bire#all e,ception for that program or port is enabled& !ome programs only appear in the list #hen the role service is installed& Bor e,ample+ the Remote Des top .icensing !erver e,ception only appears in the list #hen the RD .icensing role service is installed on the computer& To vie# more detailed information about "indo#s Bire#all settings+ use the "indo#s Bire#all #ith 5dvanced !ecurity snap*in& -se the follo#ing procedure to use "indo#s Bire#all #ith 5dvanced !ecurity& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& &o use the +indows #irewall with Advanced Security snap(in 1& Clic Start+ point to Administrative &ools+ and then clic +indows #irewall with Advanced Security&
2& To vie# detailed information about "indo#s Bire#all settings+ clic either of the follo#ing nodes in the left pane: 'nbound rules Hutbound rules
Bor more information about configuring "indo#s Bire#all+ see the "indo#s Bire#all #ith 5dvanced !ecurity :elp in "indo#s !erver 200% R2&
Additional references

-sing Remote Des top 'nstalling the RD !ession :ost Role !ervice Chec list: RD !ession :ost 'nstallation Prere?uisites
Installing the RD Session $ost Role Service

'n "indo#s !erver 200% R2+ you can use !erver Manager to install the RD !ession :ost role service& -se the follo#ing procedure to install the RD !ession :ost role service by using !erver Manager if Remote Des top !ervices is not already installed on the server& 'f Remote Des top !ervices is already installed on the server+ see 'nstall the Remote Des top !ession :ost role service (#hen Remote Des top !ervices is already installed)& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)&
Install the Remote Desktop Session $ost role service

&o install the RD Session $ost role service 1& Hpen !erver Manager& To open !erver Manager+ clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& 'n the left pane+ right*clic Roles+ and then clic Add Roles&
7& 'n the 5dd Roles "i0ard+ on the -efore
ou -egin page+ clic 'e!t&
<& Hn the Select Server Roles page+ under Roles+ select the Remote Desktop Services chec bo,& 'ote 'f Remote Des top !ervices is already installed on the server+ the Remote Desktop Services chec bo, #ill be selected and dimmed+ and follo#ed by L('nstalled)&M =& Clic 'e!t& >& Hn the Remote Desktop Services page+ clic 'e!t& 8& Hn the Select Role Services page+ select the Remote Desktop Session $ost chec bo,+ and then clic 'e!t& 'ote 'f you are installing the RD !ession :ost role service on a domain controller+ you #ill receive a #arning message because installing the RD !ession :ost role service on a domain controller is not recommended& Bor more information+ see 'nstalling RD !ession :ost on a Domain Controller& %& Hn the /ninstall and Reinstall Applications for Compatibility page+ clic 'e!t& 4& Hn the Specify Authentication 5ethod for Remote Desktop Session $ost page+ select the appropriate authentication method for the RD !ession :ost server+ and then clic 'e!t& Bor more information about authentication methods+ see Configuring the 1et#or .evel 5uthentication !etting for an RD !ession :ost !erver& 10&Hn the Specify )icensing 5ode page+ select the appropriate licensing mode for the RD !ession :ost server+ and then clic 'e!t& Bor more information about licensing modes+ see Configuring .icense !ettings on an RD !ession :ost !erver& 11&Hn the Select /ser Groups Allowed Access &o &his RD Session $ost Server page+ add the users or user groups that you #ant to be able to remotely connect to this RD !ession :ost server+ and then clic 'e!t& Bor more information+ see Configuring the Remote Des top -sers 6roup& 12&Hn the Configure Client 6!perience page+ select the functionality
that you #ant to be available to remote clients that are connected by using this RD !ession :ost server+ and then clic 'e!t& Bor more information+ see Configuring the Client 2,perience on an RD !ession :ost !erver& 17&Hn the Confirm Installation Selections page+ verify that the RD !ession :ost role service #ill be installed+ and then clic Install& 1<&Hn the Installation Progress page+ installation progress #ill be noted& 1=&Hn the Installation Results page+ you are prompted to restart the server to finish the installation process& Clic Close+ and then in the Add Roles +i.ard #indo#+ clic es to restart the server& 1>&'f you are prompted that other programs are still running+ do either of the follo#ing: To close the programs manually and restart the server later+ clic Cancel& To automatically close the programs and restart the server+ clic Restart now&
18&5fter the server restarts and you log on to the computer+ the remaining steps of the installation #ill finish& "hen the Installation Results page appears+ confirm that the installation of RD !ession :ost succeeded& 9ou can also confirm that RD !ession :ost is installed by follo#ing these steps: a& !tart !erver Manager& b& -nder Roles Summary+ clic Remote Desktop Services& c& -nder System Services+ confirm that the status for Remote Desktop Services is Running& d& -nder Role Services+ confirm that the status for Remote Desktop Session $ost is Installed&
Install the Remote Desktop Session $ost role service 2when Remote Desktop Services is already installed3
-se the follo#ing procedure to install the RD !ession :ost role service #hen Remote Des top !ervices is already installed on the server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Important The installation of the RD !ession :ost role service re?uires the computer to be restarted& &o install the Remote Desktop Session $ost role service when Remote Desktop Services is already installed 1& Hpen !erver Manager& To open !erver Manager+ clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& 'n the left pane+ e,pand Roles& 7& Right*clic Remote Desktop Services+ and then clic Add Role Services& <& Hn the Select Role Services page+ select the Remote Desktop Session $ost chec bo,+ and then clic 'e!t& 'ote 'f you are installing the RD !ession :ost role service on a domain controller+ you #ill receive a #arning message because installing the RD !ession :ost role service on a domain controller is not recommended& Bor more information+ see 'nstalling RD !ession :ost on a Domain Controller& =& Hn the /ninstall and Reinstall Applications for Compatibility page+ clic 'e!t& >& Hn the Specify Authentication 5ethod for Remote Desktop Session $ost page+ select the appropriate authentication method for the RD !ession :ost server+ and then clic 'e!t& Bor more information about authentication methods+ see Configuring the 1et#or .evel
5uthentication !etting for an RD !ession :ost !erver&
8& Hn the Specify )icensing 5ode page+ select the appropriate licensing mode for the RD !ession :ost server+ and then clic 'e!t& Bor more information about licensing modes+ see Configuring .icense !ettings on an RD !ession :ost !erver& %& Hn the Select /ser Groups Allowed Access &o &his RD Session $ost page+ add the users or user groups that you #ant to be able to remotely connect to this RD !ession :ost server+ and then clic 'e!t& Bor more information+ see Configure the Remote Desktop /sers Group& 4& Hn the Configure Client 6!perience page+ select the functionality that you #ant to be available to remote clients that are connected by using this RD !ession :ost server+ and then clic 'e!t& Bor more information+ see Configuring the Client 2,perience on an RD !ession :ost !erver& 10&Hn the Confirm Installation Selections page+ verify that the RD !ession :ost role service #ill be installed+ and then clic Install& 11&Hn the Installation Progress page+ installation progress #ill be noted& 12&Hn the Installation Results page+ you are prompted to restart the server to finish the installation process& Clic Close+ and then in the Add Roles +i.ard #indo#+ clic es to restart the server& 17&'f you are prompted that other programs are still running+ do either of the follo#ing: To close the programs manually and restart the server later+ clic Cancel& To automatically close the programs and restart the server+ clic Restart now&
1<&5fter the server restarts and you log on to the computer+ the remaining steps of the installation #ill finish& "hen the Installation Results page appears+ confirm that the installation of RD !ession :ost succeeded& 9ou can also confirm that RD !ession :ost is installed by follo#ing these steps:
a& !tart !erver Manager& b& -nder Roles Summary+ clic Remote Desktop Services& c& -nder System Services+ confirm that the status for Remote Desktop Services is Running& d& -nder Role Services+ confirm that the status for Remote Desktop Session $ost is Installed&
Configuring the 'etwork )evel Authentication Setting for an RD Session $ost Server
1et#or .evel 5uthentication can be used to enhance RD !ession :ost server security by re?uiring that the user be authenticated to an RD !ession :ost server before a session is created& 1et#or .evel 5uthentication is an authentication method that completes user authentication before you establish a remote des top connection and the logon screen appears& This is a more secure authentication method that can help protect the remote computer from malicious users and malicious soft#are& The advantages of 1et#or .evel 5uthentication are: 't re?uires fe#er remote computer resources initially& The remote computer uses a limited number of resources before authenticating the user+ rather than starting a full remote des top connection as in previous versions& 't can help provide better security by reducing the ris of denial*of*service attac s&
To use 1et#or .evel 5uthentication+ you must meet the follo#ing re?uirements: The client computer must be using at least Remote Des top Connection >&0& The client computer must be using an operating system+ such as "indo#s$ 8 or "indo#s ;ista$+ that supports the Credential !ecurity !upport Provider (Cred!!P) protocol&
The RD !ession :ost server must be using "indo#s !erver 200% R2 or "indo#s !erver 200%&
9ou can configure an RD !ession :ost server to only support connections from clients running 1et#or .evel 5uthentication& The 1et#or .evel 5uthentication setting for an RD !ession :ost server can be set in the follo#ing #ays: During the installation of the RD !ession :ost role service in !erver Manager+ on the Specify Authentication 5ethod for Remote Desktop Session $ost page in the Add Roles +i.ard& Hn the Remote tab in the System Properties dialog bo, on an RD !ession :ost server& 'f the Allow connections from computers running any version of Remote Desktop 2less secure3 is not selected and not enabled+ the Re*uire user authentication for remote connections by using 'etwork )evel Authentication 6roup Policy setting has been enabled and has been applied to the RD !ession :ost server& Hn the General tab of the Properties dialog bo, for a connection in the Remote Des top !ession :ost Configuration tool by selecting the Allow connections only from computers running Remote Desktop with 'etwork )evel Authentication chec bo,& 'f the Allow connections only from computers running Remote Desktop with 'etwork )evel Authentication chec bo, is selected and is dimmed+ the Re*uire user authentication for remote connections by using 'etwork )evel Authentication 6roup Policy setting has been enabled and has been applied to the RD !ession :ost server& Ay applying the Re*uire user authentication for remote connections by using 'etwork )evel Authentication 6roup Policy setting& This 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Security and can be configured by using either the .ocal 6roup Policy 2ditor or the 6roup Policy Management Console (6PMC)& 1ote that the 6roup Policy setting #ill ta e precedence over the setting configured in Remote Des top !ession :ost Configuration or on the Remote tab&
To determine #hether a computer is running a version of Remote Des top Connection that supports 1et#or .evel 5uthentication+ start Remote Des top Connection+ clic the icon in the upper*left corner of the Remote Desktop Connection dialog bo,+ and then clic About& 'n the About Remote Desktop Connection dialog bo,+ loo for the phrase 'etwork )evel Authentication supported& Bor more information about 1et#or .evel 5uthentication and Remote Des top !ervices+ see the Remote Des top !ervices page on the "indo#s !erver 200% R2 TechCenter (http:EEgo&microsoft&comEf#lin E@.in 'DF17%0==)& Bor more information about 6roup Policy settings for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17<)&
Installing Programs on an RD Session $ost Server

9ou should install the RD !ession :ost role service on the computer before you install any programs that you #ant to ma e available to users& 'f you install the RD !ession :ost role service on a computer that already has programs installed+ some of the e,isting programs may not #or correctly in a multiuser environment& -ninstalling and then reinstalling the affected programs may resolve these issues& To ensure that an application is installed correctly to #or in a multiuser environment+ you must put the RD !ession :ost server into a special installation mode before you install the application on the RD !ession :ost server& This special installation mode ensures that the correct registry entries and &ini files that are needed to support running the application in a multiuser environment are created during the installation process& 9ou can put an RD !ession :ost server into this special installation mode by using either of the follo#ing: Install Application on Remote Desktop Session $ost tool under Programs in Control Panel& This tool #ill run a #i0ard to help install the application& Change user 8install command at a command prompt& 9ou #ill have to start the installation of the application manually&
5fter the application is installed+ you must put the RD !ession :ost server into e,ecution mode before remote users begin using the application& The Install Application on Remote Desktop Session $ost tool #ill automatically put the RD !ession :ost server into e,ecution mode #hen it is finished running& To put the RD !ession :ost server into e,ecution mode from a command prompt+ use the change user 8e!ecute command&
Additional considerations
!ome programs may re?uire minor setup modifications to run correctly on an RD !ession :ost server& 'f you have programs that are related to each other or have dependencies on each other+ you should install the programs on the same RD !ession :ost server& Bor e,ample+ you should install Microsoft Hffice as a suite on the same RD !ession :ost server instead of installing individual Hffice programs on separate RD !ession :ost servers& 9ou should consider installing individual programs on separate RD !ession :ost servers in the follo#ing circumstances: The program has compatibility issues that may affect other programs& 5 single program and the number of associated users may fill server capacity&
Bor more information about command*line tools for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17=)& Bor more information about RD !ession :ost+ see the Remote Des top !ervices page on the "indo#s !erver 200% R2 TechCenter (http:EEgo&microsoft&comEf#lin E@.in 'dF1<0<7%)&
Configuring the Remote Desktop /sers Group

The Remote Des top -sers group on an RD !ession :ost server is used to give users and groups permission to remotely connect to an RD !ession :ost server& 9ou can add users and groups to the Remote Des top -sers group in the follo#ing #ays:
.ocal -sers and 6roups snap*in 5ctive Directory -sers and Computers snap*in+ if the RD !ession :ost server is installed on a domain controller Hn the Remote tab in the System Properties dialog bo, on an RD !ession :ost server
9ou can use the follo#ing procedure to add users and groups to the Remote Des top -sers group by using the Remote tab in the System Properties dialog bo, on an RD !ession :ost server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& &o add users and groups to the Remote Desktop /sers group by using the Remote tab 1& !tart the !ystem tool& To start the !ystem tool+ clic Start+ clic Run+ type control system and then clic 01& 2& -nder &asks+ clic Remote settings& 7& 'n the System Properties dialog bo,+ on the Remote tab+ clic Select /sers& 5dd the users or groups that need to connect to the RD !ession :ost server or to the virtual machine by using Remote Des top& The users and groups that you add are added to the Remote Des top -sers group& 'ote Members of the local 5dministrators group can connect even if they are not listed& 'f you select Don9t allow connections to this computer on the Remote tab+ no users #ill be able to connect remotely to this computer+ even if they are members of the Remote Des top -sers group&
Configuring the Client 6!perience on an RD Session $ost Server

9ou can configure a Remote Des top !ession :ost (RD !ession :ost) server so that users connecting to a remote des top session can use functionality similar to that provided by "indo#s 8& Important Providing this functionality re?uires additional system and band#idth resources and may affect the scalability of the RD !ession :ost server& During the installation of the RD !ession :ost role service in !erver Manager+ you can automatically configure the follo#ing functionality on the Configure Client 6!perience page in the Add Roles +i.ard: 5udio and video playbac 5udio recording redirection Des top composition
'f you configure the RD !ession :ost server to provide audio and video playbac or des top composition+ the Des top 2,perience feature #ill be installed on the RD !ession :ost server& Bor more information about Des top 2,perience+ see Des top 2,perience Beature& To manually configure this functionality+ see the follo#ing topics:
Configure 5udio and ;ideo Playbac on an RD !ession :ost !erver Configure 5udio Recording Redirection on an RD !ession :ost !erver Configure Des top Composition on an RD !ession :ost !erver
Desktop 6!perience #eature

The Des top 2,perience feature allo#s you to install a variety of components and features that are provided in the "indo#s 8 operating system onto a computer that is running the "indo#s !erver 200% R2 operating system& 5fter you install Des top 2,perience+ the "indo#s 8 components and features+ such as "indo#s Media Player+ #ill appear under All Programs on the Start menu&
'ote 'nstalling Des top 2,perience does not automatically turn on any of its features or components& 5fter installing Des top 2,perience+ you must manually enable or configure the features or components& Bor information about installing Des top 2,perience+ see 'nstall Des top 2,perience on an RD !ession :ost !erver&
+hat:s in the Desktop 6!perience feature

Des top 2,perience includes the follo#ing "indo#s 8 components and features: "indo#s Media Player Des top themes ;ideo for "indo#s (5;' support) "indo#s !ide!ho# "indo#s Defender Dis Cleanup !ync Center !ound Recorder Character Map !nipping Tool
Install Desktop 6!perience on an RD Session $ost Server

"hen a user uses Remote Des top Connection to connect to a Remote Des top !ession :ost (RD !ession :ost) server+ the des top that e,ists on the RD !ession :ost server is reproduced+ by default+ in the remote session& To ma e the remote session loo and feel more li e the userGs local "indo#s 8 des top e,perience+ install the Des top 2,perience feature on an RD !ession :ost server that is running "indo#s !erver 200% R2&
Des top 2,perience installs components and features of "indo#s 8+ such as "indo#s Media Player+ "indo#s Defender+ and "indo#s Calendar& Bor more information about Des top 2,perience+ see Des top 2,perience Beature&
Install Desktop 6!perience

-se the follo#ing procedure to install Des top 2,perience on the server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& Important The installation of Des top 2,perience re?uires the computer to be restarted& &o install Desktop 6!perience 1& Hpen !erver Manager& Clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& 'n the left pane+ clic #eatures+ and then in the #eatures Summary section+ clic Add #eatures& 7& Hn the Select #eatures page+ select the Desktop 6!perience chec bo,& <& Revie# the information about the re?uired features that need to be installed #ith the Des top 2,perience feature+ and then clic Add Re*uired #eatures& =& Clic 'e!t& >& Hn the Confirm Installation Selections page+ verify that the Des top 2,perience feature #ill be installed+ and then clic Install& 8& Hn the Installation Progress page+ installation progress #ill be noted& %& Hn the Installation Results page+ you are prompted to restart the server to finish the installation process& Clic Close+ and then clic es to restart the server&
4& 5fter the server restarts and you log on to the computer #ith the same user account+ the remaining steps of the installation #ill finish& "hen the Installation Results page appears+ confirm that the installation of Des top 2,perience succeeded+ and then clic Close& 9ou can also confirm that Des top 2,perience is installed by follo#ing these steps: a& !tart !erver Manager& b& 'n the left pane+ clic #eatures+ and then in the #eatures Summary section+ confirm that Des top 2,perience is listed as installed& 5fter you install Des top 2,perience+ the "indo#s 8 components and features+ such as "indo#s Media Player+ #ill appear under All Programs on the Start menu&
/ninstall 2Remove3 Desktop 6!perience

-se the follo#ing procedure to uninstall (remove) Des top 2,perience from the server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& Important The removal of Des top 2,perience from the server re?uires the computer to be restarted& &o uninstall 2remove3 Desktop 6!perience 1& Hpen !erver Manager& Clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& 'n the left pane+ clic #eatures+ and then in the #eatures Summary section+ clic Remove #eatures& 7& Hn the Select #eatures page+ clear the Desktop 6!perience chec bo,+ and then clic 'e!t&
<& Hn the Confirm Removal Selections page+ verify that the Des top 2,perience feature #ill be removed+ and then clic Remove& =& Hn the Removal Progress page+ removal progress #ill be noted& >& Hn the Removal Results page+ you are prompted to restart the server to finish the removal process& Clic Close+ and then clic es to restart the server& 8& 5fter the server restarts and you log on to the computer #ith the same user account+ the remaining steps of the removal process #ill finish& "hen the Removal Results page appears+ confirm that the removal of Des top 2,perience succeeded+ and then clic Close& 9ou can also confirm that Des top 2,perience is removed by follo#ing these steps: a& !tart !erver Manager& b& 'n the left pane+ clic #eatures+ and then in the #eatures Summary section+ confirm that Des top 2,perience is no longer listed as installed&
Configure Audio and %ideo Playback on an RD Session $ost Server

5udio and video playbac allo#s users to redirect the remote computerCs audio in a remote session+ and provides an improved e,perience for video playbac in remote sessions& Ay default+ audio and video playbac is not allo#ed #hen connecting to a computer running "indo#s !erver 200% R2& 'ote -sers can specify #here to play the remote computerCs audio output by configuring the remote audio settings on the )ocal Resources tab in Remote Des top Connection (RDC)& ;ideo playbac can be configured by using the videoplaybac setting in a Remote Des top Protocol (&rdp) file& Ay default+ video playbac is enabled&
5anually configuring audio and video playback

To manually configure audio and video playbac on a Remote Des top !ession :ost (RD !ession :ost) server+ you need to do the follo#ing: 'nstall the Des top 2,perience feature& !tart the "indo#s 5udio service& 2nable the Allow audio and video playback redirection 6roup Policy setting& !et the ma,imum color depth to 72 bits per pi,el&
Install the Desktop 6!perience feature

Bor information about installing Des top 2,perience+ see 'nstall Des top 2,perience on an RD !ession :ost !erver&
Start the +indows Audio service

-se the follo#ing procedure to start the "indo#s 5udio service on the RD !ession :ost server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o start the +indows Audio service 1& Hn the RD !ession :ost server+ open the !ervices snap*in& To open the !ervices snap*in+ clic Start+ point to Administrative &ools+ and then clic Services& 2& 'f the /ser Account Control dialog bo, appears+ confirm that the action it displays is #hat you #ant+ and then clic Continue& 7& 'n the !ervices pane+ right*clic +indows Audio+ and then clic Properties& <& Hn the General tab+ in the Startup type bo,+ select Automatic+ and
then clic Apply& =& -nder Service status+ clic Start& >& Clic 01 to close the +indows Audio Properties dialog bo,& 8& Confirm that the Status column for the "indo#s 5udio service displays Started&
6nable the Allow audio and video playback redirection Group Policy setting
To allo# audio and video playbac #hen connecting to a computer running "indo#s !erver 200% R2+ you must enable the Allow audio and video playback redirection 6roup Policy setting& The Allow audio and video playback redirection 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Device and Resource Redirection and can be configured by using either .ocal 6roup Policy 2ditor or the 6roup Policy Management Console (6PMC)& Bor more information about 6roup Policy settings for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17<)&
Set the ma!imum color depth to ;< bits per pi!el

-se the follo#ing procedure to set the ma,imum color depth to 72 bits per pi,el on the RD !ession :ost server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o set the ma!imum color depth to ;< bits per pi!el 1& Hn the RD !ession :ost server+ open Remote Des top !ession :ost Configuration& To open Remote Des top !ession :ost Configuration+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop Session $ost
Configuration& 2& 'f the /ser Account Control dialog bo, appears+ confirm that the action it displays is #hat you #ant+ and then clic Continue& 7& -nder Connections+ right*clic the name of the connection that you #ant to configure (for e,ample+ RDP*Tcp)+ and then clic Properties& <& Hn the Client Settings tab+ in the )imit 5a!imum Color Depth bo,+ select ;< bits per pi!el& =& Clic 01& Changes to color depth settings are not applied to sessions that are connected #hen the change is made& The changes #ill ta e effect the ne,t time the user establishes a ne# connection to the RD !ession :ost server& 9ou can also set the ma,imum color depth by applying the )imit ma!imum color depth 6roup Policy setting& This 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Remote Session 6nvironment and can be configured by using either .ocal 6roup Policy 2ditor or the 6roup Policy Management Console (6PMC)& 1ote that the 6roup Policy setting #ill ta e precedence over the setting configured in Remote Des top !ession :ost Configuration& Bor more information about 6roup Policy settings for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17<)&
Configure Audio Recording Redirection on an RD Session $ost Server

5udio recording redirection allo#s users to record audio to the remote computer in a remote session& Ay default+ audio recording redirection is not allo#ed #hen connecting to a computer running "indo#s !erver 200% R2& 'ote -sers can specify #hether to record audio to the remote computer by configuring the remote audio settings on the )ocal Resources tab in Remote Des top Connection (RDC)& -sers can record audio by using an
audio input device on the local computer+ such as a built*in microphone&
5anually configuring audio recording redirection

To manually configure audio recording redirection on a Remote Des top !ession :ost (RD !ession :ost) server+ you need to do the follo#ing: !tart the "indo#s 5udio service& 2nable the Allow audio recording redirection 6roup Policy setting&
Start the +indows Audio service

-se the follo#ing procedure to start the "indo#s 5udio service on the RD !ession :ost server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o start the +indows Audio service 1& Hn the RD !ession :ost server+ open the !ervices snap*in& To open the !ervices snap*in+ clic Start+ point to Administrative &ools+ and then clic Services& 2& 'f the /ser Account Control dialog bo, appears+ confirm that the action it displays is #hat you #ant+ and then clic Continue& 7& 'n the !ervices pane+ right*clic +indows Audio+ and then clic Properties& <& Hn the General tab+ in the Startup type bo,+ select Automatic+ and then clic Apply& =& -nder Service status+ clic Start& >& Clic 01 to close the +indows Audio Properties dialog bo,& 8& Confirm that the Status column for the "indo#s 5udio service
displays Started&
6nable the Allow audio recording redirection Group Policy setting

To allo# audio recording redirection #hen connecting to a computer running "indo#s !erver 200% R2+ you must enable the Allow audio recording redirection 6roup Policy setting& The Allow audio recording redirection 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Device and Resource Redirection and can be configured by using either .ocal 6roup Policy 2ditor or the 6roup Policy Management Console (6PMC)& Bor more information about 6roup Policy settings for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17<)&
Configure Desktop Composition on an RD Session $ost Server

Des top composition provides the user interface elements of "indo#s 5ero+ such as translucent #indo#s+ for remote des top sessions& Ay default+ des top composition is not allo#ed #hen connecting to a computer running "indo#s !erver 200% R2& Important Aecause "indo#s 5ero re?uires additional system and band#idth resources+ allo#ing des top composition for remote des top sessions can reduce connection performance+ particularly over slo# lin s+ and increase the load on the Remote Des top !ession :ost (RD !ession :ost) server& Des top composition is not available for Remote5pp sessions& 'n addition+ the client computer must have the necessary hard#are to support "indo#s 5ero features&
5anually configuring desktop composition

To manually configure des top composition on an RD !ession :ost server+ you need to do the follo#ing: 'nstall the Des top 2,perience feature& !tart the Themes service& 2nable the Allow desktop composition for remote desktop sessions 6roup Policy setting& !et the ma,imum color depth to 72 bits per pi,el&
Install the Desktop 6!perience feature

Bor information about installing Des top 2,perience+ see 'nstall Des top 2,perience on an RD !ession :ost !erver&
Start the &hemes service

-se the follo#ing procedure to start the Themes service on the RD !ession :ost server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o start the &hemes service 1& Hn the RD !ession :ost server+ open the !ervices snap*in& To open the !ervices snap*in+ clic Start+ point to Administrative &ools+ and then clic Services& 2& 'f the /ser Account Control dialog bo, appears+ confirm that the action it displays is #hat you #ant+ and then clic Continue& 7& 'n the !ervices pane+ right*clic &hemes+ and then clic Properties& <& Hn the General tab+ in the Startup type bo,+ select Automatic+ and then clic Apply&
=& -nder Service status+ clic Start& >& Clic 01 to close the &hemes Properties dialog bo,& 8& Confirm that the Status column for the Themes service displays Started&
6nable the Allow desktop composition for remote desktop sessions Group Policy setting
To allo# des top composition #hen connecting to a computer running "indo#s !erver 200% R2+ you must enable the Allow desktop composition for remote desktop sessions 6roup Policy setting& The Allow desktop composition for remote desktop sessions 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Remote Session 6nvironment and can be configured by using either .ocal 6roup Policy 2ditor or the 6roup Policy Management Console (6PMC)& Bor more information about 6roup Policy settings for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17<)&
Set the ma!imum color depth to ;< bits per pi!el

-se the follo#ing procedure to set the ma,imum color depth to 72 bits per pi,el on the RD !ession :ost server& Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o set the ma!imum color depth to ;< bits per pi!el 1& Hn the RD !ession :ost server+ open Remote Des top !ession :ost Configuration& To open Remote Des top !ession :ost Configuration+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop Session $ost Configuration& 2& 'f the /ser Account Control dialog bo, appears+ confirm that the
action it displays is #hat you #ant+ and then clic Continue& 7& -nder Connections+ right*clic the name of the connection that you #ant to configure (for e,ample+ RDP*Tcp)+ and then clic Properties& <& Hn the Client Settings tab+ in the )imit 5a!imum Color Depth bo,+ select ;< bits per pi!el& =& Clic 01& Changes to color depth settings are not applied to sessions that are connected #hen the change is made& The changes #ill ta e effect the ne,t time the user establishes a ne# connection to the RD !ession :ost server& 9ou can also set the ma,imum color depth by applying the )imit ma!imum color depth 6roup Policy setting& This 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Remote Session 6nvironment and can be configured by using either .ocal 6roup Policy 2ditor or the 6roup Policy Management Console (6PMC)& 1ote that the 6roup Policy setting #ill ta e precedence over the setting configured in Remote Des top !ession :ost Configuration& Bor more information about 6roup Policy settings for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17<)&
Group Policy Settings and Configuring the Client 6!perience

During the installation of the RD !ession :ost role service in !erver Manager+ you can automatically configure the follo#ing functionality on the Configure Client 6!perience page in the Add Roles +i.ard: 5udio and video playbac 5udio recording redirection Des top composition
!erver Manager automatically chec s that there are no 6roup Policy settings currently being applied to the computer that #ould prevent the re?uested functionality from being correctly configured& 'f there is a 6roup Policy setting being applied to the computer that #ould prevent the re?uested functionality from being correctly configured+ that selection #ill be dimmed and you #ill
not be able to select the associated chec bo, on the Configure Client 6!perience page& The follo#ing is a list of 6roup Policy settings that !erver Manager chec s: 5llo# audio and video playbac redirection 'f the Allow audio and video playback redirection 6roup Policy setting is disabled+ you cannot select the Audio and video playback chec bo, on the Configure Client 6!perience page& This 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Device and Resource Redirection& 5llo# audio recording redirection 'f the Allow audio recording redirection 6roup Policy setting is disabled+ you cannot select the Audio recording redirection chec bo, on the Configure Client 6!perience page& This 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Device and Resource Redirection& 5llo# des top composition for remote des top sessions 'f the Allow desktop composition for remote desktop sessions 6roup Policy setting is disabled+ you cannot select the Desktop composition chec bo, on the Configure Client 6!perience page& This 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Remote Session 6nvironment& .imit ma,imum color depth 'f the )imit ma!imum color depth 6roup Policy setting is enabled and the ma,imum color depth selected is less than 72 bits per pi,el+ you cannot select the Desktop composition chec bo, on the Configure Client 6!perience page&
This 6roup Policy setting is located in Computer Configuration7Policies7Administrative &emplates7+indows Components7Remote Desktop Services7Remote Desktop Session $ost7Remote Session 6nvironment& These 6roup Policy settings can be configured by using either the .ocal 6roup Policy 2ditor or the 6roup Policy Management Console (6PMC)& Bor more information about 6roup Policy settings for Remote Des top !ervices+ see the Remote Des top !ervices Technical Reference (http:EEgo&microsoft&comEf#lin E@.in 'dF17%17<)&
Configuring )icense Settings on an RD Session $ost Server

5fter you have installed and configured the license server+ you need to do the follo#ing on your RD !ession :ost server to ensure that the RD !ession :ost server can contact the license server to re?uest RD! C5.s for clients: !pecify the Remote Des top licensing mode on an RD !ession :ost server& !pecify a license server for an RD !ession :ost server to use& &o specify the Remote Desktop licensing mode 1& Hn the RD !ession :ost server+ open Remote Des top !ession :ost Configuration& To open Remote Des top !ession :ost Configuration+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop Session $ost Configuration& 2& 'f the /ser Account Control dialog bo, appears+ confirm that the action it displays is #hat you #ant+ and then clic Continue& 7& 'n the 6dit settings area+ under )icensing+ double*clic Remote Desktop licensing mode& <& Hn the )icensing tab of the Properties dialog bo,+ clic either Per Device or Per /ser+ depending on #hich is most appropriate for your environment& =& Clic 01 to save your changes to the licensing settings&
5fter you have specified a Remote Des top licensing mode+ you must specify a license server for the RD !ession :ost server to use& &o specify a license server for the RD Session $ost server to use 1& Hn the RD !ession :ost server+ open Remote Des top !ession :ost Configuration& To open Remote Des top !ession :ost Configuration+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop Session $ost Configuration& 2& 'f the /ser Account Control dialog bo, appears+ confirm that the action it displays is #hat you #ant+ and then clic Continue& 7& 'n the 6dit settings area+ under )icensing+ double*clic Remote Desktop license servers& <& 'n the Remote Desktop Session $ost Configuration #indo#+ clic Close& =& Hn the )icensing tab of the Properties dialog bo,+ clic Add& >& 'n the Add )icense Server dialog bo,+ select a license server from the list of no#n license servers+ and then clic Add& 'f the license server that you #ant to add is not listed+ in the )icense server name or IP address bo,+ type the name or 'P address of the license server+ and then clic Add& 8& Clic 01 to close the Add )icense Server dialog bo,+ and then clic 01 to save your changes to the licensing settings&
6nabling Remote Desktop

To allo# remote connections for administrative purposes only+ you do not have to install the RD !ession :ost role service& 'nstead+ you can enable Remote Des top on the computer that you #ant to remotely administer& 'ote Remote Des top supports only t#o concurrent remote connections to the computer& 9ou do not need Remote Des top !ervices client access licenses (RD! C5.s) for these connections&
Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)&
6nable Remote Desktop

&o enable Remote Desktop 1& .og on as a member of the local 5dministrators security group& 2& Clic Start+ right*clic Computer+ and then clic Properties& 7& Clic Remote settings& <& 'n the System Properties dialog bo,+ on the Remote tab+ clic either of the follo#ing+ depending on your environment: Allow connections from computers running any version of Remote Desktop 2less secure3 Allow connections only from computers running Remote Desktop with 'etwork )evel Authentication 2more secure3
Bor more information about the t#o options+ clic the $elp me choose lin on the Remote tab& =& Clic Select /sers to add the users and groups that need to connect to the computer by using Remote Des top& The users and groups that you add are added to the Remote Des top -sers group& 'ote Members of the local Administrators group can connect even if they are not listed&
%erifying Remote Desktop Session $ost #unctionality

To verify the functionality of the RD !ession :ost deployment+ log on to a remote des top client and use Remote Des top Connection (RDC) to connect to the RD !ession :ost server&
&o connect to an RD Session $ost server by using RDC 1& .og on to a remote des top client& 2& Clic Start+ point to All Programs+ point to Accessories+ and then clic Remote Desktop Connection& 7& "hen the Remote Desktop Connection dialog bo, appears+ type the name of the RD !ession :ost server in the Computer bo,+ and then clic Connect& <& 'n the +indows Security dialog bo,+ type the pass#ord for the remote des top user+ and then clic 01& =& 'f the connection is successful+ a "indo#s des top #ill appear on the screen for the RD !ession :ost server&
Creating a 'ew /ser Account

To manage domain users+ create user accounts in 5ctive Directory Domain !ervices (5D D!)& 'n contrast+ to manage users that are specific to one computer+ create local user accounts& Bor more information+ see Create a local user account (http:EEgo&microsoft&comEf#lin E@.in 'dF17%747)& Membership in Account 0perators+ Domain Admins+ or 6nterprise Admins+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@ .in 'dF%7<88)& &o create a new user account using the +indows interface 1& To open 5ctive Directory -sers and Computers+ clic Start+ clic Control Panel+ double*clic Administrative &ools+ and then double* clic Active Directory /sers and Computers& 2& 'n the console tree+ right*clic the folder in #hich you #ant to add a user account& 7& Point to 'ew+ and then clic /ser&
<& 'n #irst name+ type the userGs first name& =& 'n Initials+ type the userGs initials& >& 'n )ast name+ type the userGs last name& 8& Modify #ull name to add initials or reverse the order of first and last names& %& 'n /ser logon name+ type the user logon name+ clic the user principal name (-P1) suffi, in the drop*do#n list+ and then clic 'e!t& 'f the user #ill use a different name to log on to computers running Microsoft$ "indo#s$ 4=+ "indo#s 4%+ or "indo#s 1T$ operating systems+ you can change the user logon name as it appears in /ser logon name 2pre(+indows <===3 to the different name& 4& 'n Password and Confirm password+ type the userGs pass#ord+ and then select the appropriate pass#ord options&
Additional considerations
To perform this procedure+ you must be a member of the 5ccount Hperators group+ Domain 5dmins group+ or 2nterprise 5dmins group in 5D D!+ or you must have been delegated the appropriate authority& 5s a security best practice+ consider using Run as to perform this procedure& 5nother #ay to open 5ctive Directory -sers and Computers is to clic Start+ clic Run+ and then type dsa4msc& "hen you create a ne# user account+ the full name attribute is created in the #irst'ame)ast'ame format by default& The full name attribute also governs the display name format that is sho#n in the global address list& 9ou can change the display name format by using 5D!' 2dit& 'f you change the display name format+ the full name format #ill also change& Bor more information+ see article 2=0<== in the Microsoft Nno#ledge Aase (http:EEgo&microsoft&comEf#lin E@.in 'dF1712><)& 9ou can also perform the tas in this procedure by using the 5ctive Directory module for "indo#s Po#er!hellI& To open the 5ctive Directory module+ clic Start+ clic Administrative &ools+ and then clic Active Directory 5odule for +indows PowerShell& Bor more information+ see Create a 1e# -ser 5ccount (http:EEgo&microsoft&comEf#lin E@.in 'dF17%7>4)& Bor more information
about "indo#s Po#er!hell+ see "indo#s Po#er!hell (http:EEgo&microsoft&comEf#lin E@.in 'DF102782)&
Deploying a Simple %irtual Desktop Infrastructure

Remote Des top ;irtuali0ation :ost (RD ;irtuali0ation :ost) is a Remote Des top !ervices role service included #ith "indo#s !erver 200% R2& RD ;irtuali0ation :ost integrates #ith :yper*; to provide virtual machines by using Remote5pp and Des top Connection& RD ;irtuali0ation :ost can be configured so that each user in your organi0ation is assigned a uni?ue virtual machine+ or users are redirected to a shared virtual machine pool #here a virtual machine is dynamically assigned& RD ;irtuali0ation :ost uses Remote Des top Connection Aro er (RD Connection Aro er) to determine #here the user is redirected& 'f a user is assigned and re?uests a personal virtual des top+ RD Connection Aro er redirects the user to this virtual machine& 'f the virtual machine is not turned on+ RD ;irtuali0ation :ost turns on the virtual machine and then connects the user& 'f the user is connecting to a shared virtual machine pool+ RD Connection Aro er first chec s to see if the user has a disconnected session in the pool& 'f the user has a disconnected session+ they are reconnected to that virtual machine& 'f the user does not have a disconnected session+ a virtual machine in that pool is dynamically assigned to the user+ if one is available&
Deploying a simple %irtual Desktop Infrastructure

Aefore you install and configure the RD ;irtuali0ation :ost server for ;irtual Des top 'nfrastructure+ be sure that you have revie#ed the follo#ing conceptual topics:
Checklist" Deploying the %irtual 5achine for Remote Desktop Services

This parent chec list includes cross*reference lin s to important concepts about the Remote Des top !ervices design& 't also contains lin s to
subordinate chec lists that #ill help you complete the tas s that are re?uired to implement this design& 'ote Complete the tas s in this chec list in order& "hen a reference lin ta es you to a procedure+ return to this topic after you complete the steps in that procedure so that you can proceed #ith the remaining tas s in this chec list& Checklist" Deploying the virtual machine for Remote Desktop Services &ask Create a virtual machine that #ill be used as a virtual des top& 2nable Remote Des top on the virtual machine& 5llo# Remote RPC on the virtual machine& Reference
Creating a ;irtual Machine
2nabling Remote Des top
5llo#ing Remote RPC
Create a fire#all e,ception Creating a Bire#all to allo# Remote !ervices 2,ception to 5llo# Remote !ervices Management Management& 5dd permissions to the RDP Protocol& 5dd the user accounts that #ill be using this virtual machine to the local Remote Des top -sers security group& 'ote To create a ne# user account to add to the Remote Des top -sers 6roup+ see Creating
5dding Permissions to the RDP Protocol Configuring the Remote Des top -sers 6roup
&ask
a 1e# -ser 5ccount&
Reference
2nable rollbac on a virtual machine for virtual des top pools& (Hptional)
2nabling Rollbac on a ;irtual Machine
The follo#ing tas s can be performed by running the ;isual Aasic script or the "indo#s Po#er!hellI script+ available on the Microsoft Tech1et !cript Center& 2nable Remote Des top on the virtual machine& 5llo# Remote RPC on the virtual machine& Create a fire#all e,ception to allo# Remote !ervices Management& 5dd permissions to the RDP Protocol&
To configure the virtual machines+ you can do#nload and run the ;isual Aasic !cript+ Configure 6uest H! for Microsoft ;D' (;A !cript)+ or the "indo#s Po#er!hell script+ Configure 6uest H! for Microsoft ;D' ("indo#s Po#er!hell !cript)&
About %irtual Desktop Infrastructure

+hat is %irtual Desktop Infrastructure,
Remote Des top ;irtuali0ation :ost (RD ;irtuali0ation :ost) is a ne# Remote Des top !ervices role service included #ith "indo#s !erver 200% R2& RD ;irtuali0ation :ost integrates #ith the :yper*; role to provide virtual machines that can be used as personal virtual des tops or virtual des top pools by using Remote5pp and Des top Connection& -ser accounts can be assigned a uni?ue personal virtual des top or be redirected to a virtual des top pool #here a virtual des top is dynamically assigned& RD ;irtuali0ation :ost is an important component to the ;irtual Des top 'nfrastructure (;D') solution offered by Microsoft&
+hy use %irtual Desktop Infrastructure,

The ;D' solution includes the follo#ing scenarios:
Personal virtual desktops are specific virtual machines that are hosted on an RD ;irtuali0ation :ost server that can be assigned to a user account in 5ctive Directory Domain !ervices (5D D!) to use as a personal virtual des top+ #hich the user can then access by using Remote5pp and Des top Connection or RD "eb 5ccess& 5 virtual desktop pool is a group of identically configured virtual machines installed on an RD ;irtuali0ation :ost server and managed through :yper*; Manager& -sers can access the virtual des top pool through Remote5pp and Des top Connection or RD "eb 5ccess& Aecause the virtual machines are identically configured+ the user sees the same virtual des top+ regardless of #hich virtual machine in the virtual des top pool the user connects to&
%irtual Desktop Infrastructure role services

The follo#ing role services are included in a typical ;D' deployment: RD %irtuali.ation $ost" RD ;irtuali0ation :ost integrates #ith :yper*; to host virtual machines and provide them to users as virtual des tops& 9ou can assign a uni?ue virtual des top to each user in your organi0ation+ or provide them shared access to a virtual des top pool& 5n RD ;irtuali0ation :ost server has the follo#ing functions: Monitoring virtual machine guest sessions and reporting these sessions to the RD Connection Aro er server& Preparing the virtual machine for a remote des top connection #hen re?uested by the RD Connection Aro er server&
RD Session $ost" The RD !ession :ost server running in redirection mode helps to securely redirect an RDP client connection to a virtual machine& "hen a user re?uests a virtual machine+ the RD !ession :ost ?ueries the RD Connection Aro er server& The RD Connection Aro er server then provisions a virtual machine for the user+ and returns its 'P address to the RD !ession :ost server& The RD !ession :ost server running in redirection mode #ill then redirect the RDP client to connect to the virtual machine by using the 'P address&
RD Connection -roker" The main function of RD Connection Aro er is to bro er a user connection to an appropriate endpoint& Aro ering of the connection involves: 'dentifying the virtual machine for the user to ma e a remote connection& Preparing the virtual machines for remote connections by communicating #ith the RD ;irtuali0ation :ost server (for e,ample+ #a ing the ;M from a saved state)& Ouerying the 'P address of the virtual machine by communicating #ith the RD ;irtuali0ation :ost server& This 'P address is returned to the RD !ession :ost server running in redirection mode& Monitoring user sessions in a virtual des top pool scenario& 5 user #ith an e,isting session in a pool is redirected to the hosting virtual machine&
RD +eb Access" RD "eb 5ccess provides users #ith an aggregated vie# of remote applications and des top connections by using a "eb bro#ser& -sing RD "eb 5ccess+ a user can vie# all remote applications and virtual des tops (virtual des top pools and personal virtual des tops) published to that user& RD )icensing" RD .icensing manages the Remote Des top !ervices client access licenses (RD! C5.s) that are re?uired for each device or user to connect to a virtual des top& 9ou use RD .icensing to install+ issue+ and trac the availability of RD! C5.s on a Remote Des top license server& RD Gateway" RD 6ate#ay is an optional role service in the ;D' deployment& RD 6ate#ay enables authori0ed remote users to securely connect to resources on an internal corporate net#or + from any 'nternet* connected device&
Installing the Remote Desktop %irtuali.ation $ost Role Service

Remote Des top ;irtuali0ation :ost (RD ;irtuali0ation :ost) is a Remote Des top !ervices role service available in "indo#s !erver 200% R2& RD ;irtuali0ation :ost is installed by using !erver Manager& "hen the
RD ;irtuali0ation :ost role service is installed+ !erver Manager chec s to see if :yper*; is installed& 'f :yper*; is not installed+ !erver Manager #ill install it& Important The RD ;irtuali0ation :ost server must meet the hard#are re?uirements for the :yper*; server role& Bor more information about :yper*; hard#are re?uirements+ see http:EEgo&microsoft&comEf#lin E@ .in 'dF124420& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o install the RD %irtuali.ation $ost role service 1& Hn the computer on #hich you #ant to install the RD ;irtuali0ation :ost role service+ open !erver Manager& To open !erver Manager+ clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& -nder the Roles Summary heading+ clic Add Roles& 7& Hn the -efore ou -egin page+ clic 'e!t&
<& Hn the Select Server Roles page+ select the Remote Desktop Services chec bo,+ and then clic 'e!t& =& Hn the Remote Desktop Services page+ clic 'e!t& >& Hn the Select Role Services page+ select the Remote Desktop %irtuali.ation $ost chec bo,& 8& Revie# the information about adding :yper*;+ clic Add Re*uired Role Services+ and then clic 'e!t& %& Hn the Confirm Installation Selections page+ clic Install& 4& 5fter the installation is complete+ clic Close&
Allowing Remote RPC

5fter the virtual machines are installed and configured+ you must allo# Remote RPC for the clients to #or #ith Remote Des top !ervices& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o allow Remote RPC for Remote Desktop Services 1& .og on as a member of the local 5dministrators security group& 2& Clic Start+ and in the Search programs and files bo,+ type regedit4e!e and then press 21T2R& Caution 'ncorrectly editing the registry may severely damage your system& Aefore ma ing changes to the registry+ you should bac up any valued data on the computer& 7& 1avigate to :N29P.HC5.PM5C:'12Q!9!T2MQCurrentControl!etQControlQTerminal!er ver& <& Double*clic the AllowRemoteRPC registry entry& 'n the %alue data bo,+ type > and then clic 01& =& Close Registry 2ditor&
Creating a #irewall 6!ception to Allow Remote Services 5anagement

The "indo#s Bire#all is on by default in "indo#s$ 8+ "indo#s !erver 200%+ and "indo#s !erver 200% R2& "indo#s Bire#all helps control #hich programs or ports can be used to communicate bet#een "indo#s !erver 200% and "indo#s !erver 200% R2 and other computers on the net#or or the 'nternet& To allo# a program or port to communicate through "indo#s Bire#all+ an e,ception needs to be enabled&
Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o enable the Remote Service 5anagement +indows #irewall e!ception 1& Clic Start+ clic Control Panel+ and then clic System and Security& 2& -nder the +indows #irewall heading+ clic Allow a program through +indows #irewall& 7& !elect the Remote Service 5anagement chec bo,+ and then clic 01&
Adding Permissions to the RDP Protocol

5llo# Remote RPC on each virtual machine& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o add RDP protocol permissions to a virtual machine 1& Clic Start+ point to All Programs+ and then clic Accessories& 2& Right*clic Command Prompt+ and then clic Run as administrator& 7& 'f the /ser Account Control dialog bo, appears+ confirm that the action it displays is #hat you #ant+ and then clic es& <& 5t the command prompt+ type the follo#ing commands:
wmic /node:localhost RDPERMISSIONS where TerminalName="RDP-Tcp" !dd!cco#nt "$DOM!IN%&$SER'ER(N!ME%)"*+ wmic /node:localhost RD! O,NT where "-TerminalName=.RDP-Tcp. or !""
TerminalName=. onsole./ and !cco#ntName=.$DOM!IN%&&$SER'ER(N!ME%)." Modi01Permissions 2*+
!""
wmic /node:localhost RD! O,NT where "-TerminalName=.RDP-Tcp. or TerminalName=. onsole./ and !cco#ntName=.$DOM!IN%&&$SER'ER(N!ME%)." Modi01Permissions 3*+ wmic /node:localhost RD! O,NT where "-TerminalName=.RDP-Tcp. or TerminalName=. onsole./ and !cco#ntName=.$DOM!IN%&&$SER'ER(N!ME%)." Modi01Permissions 4*+ Net stop termser5ice Net start termser5ice
!""
!""
=& .og off the computer&
Configuring Rollback for a %irtual Desktop Pool

2nable rollbac on a virtual machine& Rollbac is a feature in Remote Des top !ervices that reverts all changes made by a user to a virtual machine #hen the user logs off from the virtual machine& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o enable rollback on a virtual machine 1& Hpen :yper*; Manager& To open :yper*; Manager+ clic Start+ point to Administrative &ools+ and then clic $yper(% 5anager& 2& -nder %irtual 5achines+ right*clic the virtual machine+ and then clic Snapshot& 7& -nder Snapshots+ right*clic the virtual machine+ and then clic Rename& <& Type RD%?Rollback and then press 21T2R& =& Close :yper*; Manager&
Creating a %irtual 5achine

'nstall a "indo#s 8 client on a virtual machine+ on a server running :yper*; for a Remote Des top !ervices ;irtual Des top 'nfrastructure (;D') deployment& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)&
Install +indows @ on a virtual machine

&o install +indows @ on a virtual machine 1& .og on as a member of the local 5dministrators security group& 2& 'nsert the "indo#s 8 product D;D into the D;D drive on the Remote Des top ;irtuali0ation :ost (RD ;irtuali0ation :ost) server& 7& Hpen :yper*; Manager& To open :yper*; Manager+ clic Start+ point to Administrative &ools+ and then clic $yper(% 5anager& <& Right*clic the RD ;irtuali0ation :ost server+ point to 'ew+ and then clic %irtual 5achine& =& Hn the -efore ou -egin page+ clic 'e!t&
>& 'n the 'ame bo,+ type the BOD1 of the virtual machine+ and then clic 'e!t& 8& Hn the Assign 5emory page+ clic 'e!t& %& Hn the Configure 'etworking page+ in the Connection bo,+ select the appropriate virtual net#or + and then clic 'e!t& 4& Hn the Connect %irtual $ard Disk page+ in the 'ame bo,+ type the BOD1 of the virtual machine+ in the Si.e bo,+ type the desired si0e for the virtual machine+ and then clic 'e!t& 10&Hn the Installation 0ptions page+ clic Install an operating system from a boot CD8D%D(R05 drive& 11&'n the Physical CD8D%D drive bo,+ select the D;D drive that contains the "indo#s 8 product D;D+ and then clic 'e!t& 12&Hn the Completing the 'ew %irtual 5achine +i.ard page+ revie# the installation options+ and then clic #inish& 17&'n the %irtual 5achines area+ right*clic the virtual machine+ and then clic Connect& 1<&Hn the Action menu+ clic Start to start the installation of "indo#s 8&
Aoining RD %irtuali.ation $ost to RD Connection -roker

!pecify the RD ;irtuali0ation :ost server on the RD Connection Aro er server+ to enable the RD ;irtuali0ation :ost server to perform the follo#ing: Monitor the virtual machine guest sessions and report these sessions to the RD Connection Aro er server& Prepare the virtual machine for a remote des top connection #hen re?uested by the RD Connection Aro er server&
Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o Boin RD %irtuali.ation $ost to RD Connection -roker 1& Hn the RD Connection Aro er server+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop Connection 5anager& 2& 'n the 5ctions pane+ clic Configure %irtual Desktops +i.ard& 7& Hn the -efore ou -egin page+ clic 'e!t&
<& Hn the Specify an RD %irtuali.ation $ost Server page+ in the Server name bo,+ type the 1etA'H! name or BOD1 of the RD ;irtuali0ation :ost server+ clic Add+ and then clic 'e!t& =& Hn the Configure Redirection Settings page+ in the Server name bo,+ type the 1etA'H! name or BOD1 of the RD !ession :ost server+ and then clic 'e!t& >& Hn the Specify an RD +eb Access Server page+ clic 'e!t& 8& Hn the Confirm Changes page+ clic Apply& %& 2nsure that the Assign personal virtual desktop chec bo, is cleared+ and then clic #inish&
Assigning a Personal %irtual Desktop

To specify a virtual des top to be used by remote des top users+ configure the personal virtual des top on the RD Connection Aro er server and assign it to a remote des top user& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o assign a personal virtual desktop by using the Assign Personal %irtual Desktop +i.ard 1& Hn the RD Connection Aro er server+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop Connection 5anager& 2& 'n the Content pane+ under the Status heading+ under %irtual Desktop Resource" Personal %irtual Desktop for Assign Personal %irtual Desktops+ clic Assign& 7& Hn the Assign Personal %irtual Desktop page+ clic Select /ser& <& 'n the 6nter the obBect name to select bo,+ type the name of the user account+ and then clic 01& =& 'n the %irtual machine list+ clic the name of the personal virtual des top that is being configured+ and then clic 'e!t& >& Confirm that the /ser name and %irtual machine bo,es are correct+ and then clic Assign& 8& 'f you do not #ant to assign another personal virtual des top+ clear the Assign another virtual machine to another user chec bo,+ and then clic #inish&
Adding %irtual 5achines to a %irtual Desktop Pool

To create a pool of virtual des tops to be used by remote des top users+ configure the virtual des top pool on the RD Connection Aro er server& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o add virtual machines to a virtual desktop pool 1& Clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop Connection 5anager& 2& 'n the 5ctions pane+ clic Create %irtual Desktop Pool& 7& Hn the +elcome to the Create %irtual Desktop Pool +i.ard page+ clic 'e!t& <& Hn the Select %irtual 5achines page+ clic the virtual machine to add to the virtual des top pool+ and then clic 'e!t& 'ote 9ou can select more than one virtual machine by holding the CTR. button #hen selecting the virtual machines& =& Hn the Set Pool Properties page+ in the Display name bo,+ type a name for the virtual des top pool& 'n the Pool ID bo,+ type a pool 'D+ and then clic 'e!t& >& Hn the Results page+ verify the virtual des top pool members+ and then clic #inish&
6nabling Rollback on a %irtual 5achine

Rollbac is a feature in Remote Des top !ervices that reverts all changes made by a user to a virtual machine #hen the user logs off from the virtual machine& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o enable rollback on a virtual machine 1& .og on to RD ;irtuali0ation :ost using an 5dministrator account& 2& Hpen :yper*; Manager& To open :yper*; Manager+ clic Start+ point to Administrative &ools+ and then clic $yper(% 5anager& 7& -nder %irtual 5achines+ right*clic the virtual machine to enable rollbac + and then clic Snapshot& <& -nder Snapshots+ right*clic the snapshot of the virtual machine+ and then clic Rename& =& Type RD%?Rollback and then press 21T2R& >& Close :yper*; Manager& 8& Repeat these steps for each virtual machine&
%erifying Personal %irtual Desktop #unctionality

To verify the functionality of the personal virtual des top deployment+ you #ill log on as a remote user and connect to the personal virtual des top by using Remote Des top "eb 5ccess (RD "eb 5ccess)&
&o connect to the personal virtual desktop 1& .og on to a remote des top client& 2& Clic Start+ point to All Programs+ and then clic Internet 6!plorer& 7& 'n the 5ddress bar+ type https"88C#DD' of the RD +eb Access ServerE8RD+eb and then press 21T2R& <& Clic Continue to this website 2not recommended3& Important This guide uses a self*signed certificate for the RD "eb 5ccess server& !elf*signed certificates are not recommended in a production environment& 9ou should use a certificate that is trusted from a certification provider #hen deploying RD "eb 5ccess in a production environment& =& 'n the Domain7user name bo,+ type the user name of the remote user& >& 'n the Password bo,+ type the pass#ord that you specified for the user+ and then clic Sign in& 'ote 'n you receive a prompt as ing you to install the 5icrosoft Remote Desktop Services +eb Access Control+ clic Run Add(on+ and then clic Run& 8& Clic 5y Desktop+ and then clic Connect& %& "hen prompted+ enter the credentials for the remote user+ and then clic 01& 9ou have successfully deployed and demonstrated the functionality of a personal virtual des top by connecting a personal virtual des top by using RD "eb 5ccess& 9ou can also use this deployment to e,plore some of the additional capabilities of personal virtual des tops through additional configuration and testing&
%erifying %irtual Desktop Pool #unctionality

To verify the functionality of the virtual des top pool deployment+ you #ill log on as remote user and connect to the virtual des top pool by using Remote Des top "eb 5ccess (RD "eb 5ccess)& &o connect to the virtual desktop pool 1& .og on to a remote des top client& 2& Clic Start+ point to All Programs+ and then clic Internet 6!plorer& 7& 'n the 5ddress bar+ type https"88C#DD' of the RD +eb Access ServerE8RD+eb and then press 21T2R& <& Clic Continue to this website 2not recommended3& Important This guide uses a self*signed certificate for the RD "eb 5ccess server& !elf*signed certificates are not recommended in a production environment& 9ou should use a certificate that is trusted from a certification provider #hen deploying RD "eb 5ccess in a production environment& =& 'n the Domain7user name bo,+ type user name of the remote user& >& 'n the Password bo,+ type the pass#ord that you specified for the remote user+ and then clic Sign in& 'ote 'n you receive a prompt as ing you to install the 5icrosoft Remote Desktop Services +eb Access Control+ clic Run Add(on+ and then clic Run& 8& Clic the name of the virtual des top pool+ and then clic Connect& %& "hen prompted+ enter the credentials for remote user+ and then clic 01& 9ou have successfully deployed and demonstrated the functionality of virtual des top pools by connecting to a virtual des top pool by using RD "eb 5ccess& 9ou can also use this deployment to e,plore some of the additional
capabilities of virtual des top pools through additional configuration and testing&
Configuring Publishing
Configuring publishing provides users #ith an aggregated vie# of remote applications and des top connections by using a "eb bro#ser& -sing RD "eb 5ccess+ a user can vie# all remote applications and virtual des tops published to that user&
Installing the Remote Desktop +eb Access Role Service

'nstall the RD "eb 5ccess role service on the server that you #ant users to connect to over the "eb to access Remote5pp programs& "hen you install the RD "eb 5ccess role service+ Microsoft 'nternet 'nformation !ervices (''!) is also installed& The server #here you install RD "eb 5ccess acts as the "eb server& The server does not have to be a Remote Des top !ession :ost (RD !ession :ost) server& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)&
Install the Remote Desktop +eb Access role service

&o install the RD +eb Access role service 1& Hn the computer on #hich you #ant to install the RD "eb 5ccess role service+ open !erver Manager& To open !erver Manager+ clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& 'f the Remote Des top !ervices role is not already installed: a& -nder Roles Summary+ clic Add Roles&
b& Hn the -efore
ou -egin page+ clic 'e!t&
c& Hn the Select Server Roles page+ select the Remote Desktop Services chec bo,+ and then clic 'e!t& d& Revie# the Remote Desktop Services page+ and then clic 'e!t& e& Hn the Select Role Services page+ select the Remote Desktop +eb Access chec bo,& 'f the Remote Des top !ervices role is already installed: a& -nder Roles Summary+ clic Remote Desktop Services& b& -nder Role Services+ clic Add Role Services& c& Hn the Select Role Services page+ select the Remote Desktop +eb Access chec bo,& 7& Revie# the information about the re?uired role services+ and then clic Add Re*uired Role Services& <& Clic 'e!t& =& Revie# the +eb Server 2IIS3 page+ and then clic 'e!t& >& Hn the Select Role Services page+ #here you are prompted to select the role services that you #ant to install for ''!+ clic 'e!t& 8& Hn the Confirm Installation Selections page+ clic Install& %& Hn the Installation Progress page+ installation progress #ill be noted& 4& Hn the Installation Results page+ confirm that the installation succeeded+ and then clic Close&
Populating the &S +eb Access Computers Security Group

'f the RD "eb 5ccess server and the Remote Des top !ession :ost (RD !ession :ost) server that hosts the Remote5pp programs are separate servers+ you must add the computer account of the RD "eb 5ccess server to the T! "eb 5ccess Computers security group on the RD !ession :ost server&
Membership in the local Administrators group+ or e?uivalent+ on the RD !ession :ost server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o add the computer account of the RD +eb Access server to the security group 1& Hn the RD !ession :ost server+ clic Start+ point to Administrative &ools+ and then clic Computer 5anagement& 2& 'n the left pane+ e,pand )ocal /sers and Groups+ and then clic Groups& 7& Right*clic &S +eb Access Computers+ and then clic Add to Group& <& Clic Add& =& 'n the Select /sersF ComputersF or Groups dialog bo,+ clic 0bBect &ypes& >& 'n the 0bBect &ypes dialog bo,+ select the Computers chec bo,+ and then clic 01& 8& 'n the 6nter the obBect names to select bo,+ specify the computer account of the RD "eb 5ccess server+ and then clic 01& %& Clic 01 to close the &S +eb Access Computers Properties dialog bo,&
Configuring the RD +eb Access Server for RemoteApp and Desktop Connection
To provide users access to Remote5pp and Des top Connection+ you must configure RD "eb 5ccess to specify the source that provides the Remote5pp programs and virtual des tops that are displayed to users& 9ou can configure RD "eb 5ccess to use either of the follo#ing:
Remote Des top Connection Aro er (RD Connection Aro er) server Remote5pp source
5n RD Connection Aro er server provides users access to virtual des tops hosted on RD ;irtuali0ation :ost servers and to Remote5pp programs hosted on Remote Des top !ession :ost (RD !ession :ost) servers& To configure the RD Connection Aro er server+ use the Remote Des top Connection Manager tool& Bor more information+ see the Remote Des top Connection Manager :elp in "indo#s !erver 200% R2& 5 Remote5pp source is an individual RD !ession :ost server or a farm of identically configured RD !ession :ost servers on #hich Remote5pp programs have been configured& 9ou can specify multiple Remote5pp sources& To configure Remote5pp programs on an RD !ession :ost server+ use Remote5pp Manager& 9ou must log on by using either the local Administrator account on the RD "eb 5ccess server or an account that is a member of the &S +eb Access Administrators group on the RD "eb 5ccess server to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o specify the source for RemoteApp and Desktop Connection 1& Connect to the RD "eb 5ccess "eb site& To do this+ use either of the follo#ing methods: Hn the RD "eb 5ccess server+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop +eb Access Configuration& -se 'nternet 2,plorer to connect to the RD "eb 5ccess "eb site& Ay default+ the "eb site is located at the follo#ing address+ #here server_name is the fully ?ualified domain name (BOD1) of the RD "eb 5ccess server: https:EEserver_nameErd#eb 2& .og on to the site by using either the local Administrator account on the RD "eb 5ccess server or an account that is a member of the &S +eb Access Administrators group on the RD "eb 5ccess server&
7& Hn the title bar+ clic Configuration& 'ote 'f you access the RD "eb 5ccess "eb site by using the Remote Desktop +eb Access Configuration option+ the page automatically opens to the Configuration page& <& !elect either An RD Connection -roker server or 0ne or more RemoteApp sources& 'f you select An RD Connection -roker server+ in the Source name bo,+ enter the 1etA'H! name or BOD1 of the RD Connection Aro er& 'f you select 0ne or more RemoteApp sources+ in the Source name bo,+ enter the 1etA'H! name or BOD1 of the Remote5pp source& 'f you are using an RD !ession :ost server farm as the Remote5pp source+ specify the D1! name of the farm& 'f you are specifying multiple Remote5pp sources+ separate each name #ith a semicolon& =& Clic 01 to save the changes& 'f you selected 0ne or more RemoteApp sources+ you also need to specify a connection name and a connection 'D& The connection name #ill be used to identify Remote5pp and Des top Connection provided by the RD "eb 5ccess server to the user& To specify the connection name and connection 'D+ on the RD "eb 5ccess server+ open the R#indir RQ"ebQRD"ebQ5ppPDataQRD"eb5ccess&config file in a te,t editor+ such as 1otepad& 'f you selected An RD Connection -roker server+ you need to specify the connection name and connection 'D by using the Remote Des top Connection Manager tool on the RD Connection Aro er server& Bor more information+ see the Remote Des top Connection Manager :elp in "indo#s !erver 200% R2&
Configuring RemoteApp and Desktop Connection

Remote Des top "eb Connection enables a user to connect to the des top of a remote computer from the RD "eb 5ccess "eb site& To connect to a remote computer+ the follo#ing conditions must be true:
The remote computer must be configured to accept Remote Des top connections& The user must be a member of the Remote Des top -sers group on the remote computer&
5 user can access Remote Des top "eb Connection by clic ing the Remote Desktop tab on the RD "eb 5ccess page& 5s an administrator+ you can configure #hether the Remote Desktop tab is available to users& 5dditionally+ you can configure settings such as the RD 6ate#ay server to use+ and the default device and resource redirection options& Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o configure Remote Desktop +eb Connection behavior 1& Hn the RD "eb 5ccess server+ start 'nternet 'nformation !ervices (''!) Manager& To do this+ clic Start+ point to Administrative &ools+ and then clic Internet Information Services 2IIS3 5anager& 2& 'n the left pane+ e,pand the server name+ e,pand Sites+ e,pand Default +eb Site+ e,pand RD+eb+ and then clic Pages& 7& 'n the middle pane+ under ASP4'6&+ double*clic Application Settings& <& To change Remote Des top "eb Connection settings+ modify the values in the Application Settings pane& To configure a default RD 6ate#ay server+ double*clic Default&SGateway+ enter the fully ?ualified domain name (BOD1) of the server in the %alue bo, (for e,ample+ server>4contoso4com)+ and then clic 01& To specify the RD 6ate#ay authentication method+ double*clic GatewayCredentialsSource+ type the number that corresponds to the desired authentication method in the %alue bo,+ and then clic 01& The possible values include: = F 5s for pass#ord (1T.M)
> F !mart card G F 5llo# user to select later To configure #hether the Remote Desktop tab appears on the RD "eb 5ccess "eb page+ double*clic ShowDesktops& 'n the %alue bo,+ type true to sho# the Remote Desktop tab+ or type false to hide the Remote Desktop tab& "hen you are finished+ clic 01& To configure default device and resource redirection settings+ double*clic the setting that you #ant to modify (!Clipboard+ !DriveRedirection+ !PnPRedirection+ !PortRedirection+ or !PrinterRedirection)& 'n the %alue bo,+ type true to enable the redirection setting by default+ or type false to disable the redirection setting by default+ and then clic 01&
=& "hen you are finished+ close ''! Manager& 9our changes should ta e effect immediately on the RD "eb 5ccess "eb site& 'f the "eb page is open+ refresh the page to vie# the changes& 'ote 9ou can also configure these settings by modifying the R#indir RQ"ebQRD"ebQPagesQ"eb&config file directly by using a te,t editor such as 1otepad&
Deploying Remote Desktop Connection -roker

Remote Des top Connection Aro er (RD Connection Aro er) supports session load balancing and session reconnection in a load*balanced RD !ession :ost server farm& RD Connection Aro er is also used to provide users access to Remote5pp programs and virtual des tops through Remote5pp and Des top Connection& 'f a user is assigned and re?uests a remote des top+ RD Connection Aro er redirects the user to the appropriate session& 'f the virtual machine is not turned on+ RD ;irtuali0ation :ost turns on the virtual machine and then connects the user& 'f the user is connecting to a shared virtual des top pool+ RD Connection Aro er first chec s to see if the user has a disconnected
session in the pool& 'f the user has a disconnected session+ they are reconnected to that virtual machine& 'f the user does not have a disconnected session+ a virtual machine in that pool is dynamically assigned to the user+ if one is available& Aefore you install and configure the RD !ession :ost server in a farm or a ;irtual Des top 'nfrastructure (;D')+ be sure that you have revie#ed the follo#ing conceptual topics:
Installing the Remote Desktop Connection -roker Role Service

9ou must install the RD Connection Aro er role service on the server that you #ant to use to trac user session information for a load*balanced RD !ession :ost server farm& The server #here you install the RD Connection Aro er role service does not have to be an RD !ession :ost server or have Remote Des top enabled& 9ou can use a single RD Connection Aro er server to trac user sessions across multiple farms+ as there is minimal performance overhead& "hen you install the RD Connection Aro er role service+ the follo#ing changes occur on the local computer: The Remote Des top Connection Aro er service is installed& Ay default+ the service is set to !tarted and to 5utomatic& The !ession Aro er Computers local group is created& The Remote Des top Connection Manager tool is installed&
Membership in the local Administrators group+ or e?uivalent+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)&
Installation prere*uisites
The server #here you install RD Connection Aro er must be a member of a domain&
'ote 'f you install the RD Connection Aro er role service on a domain controller+ the !ession Aro er Computers group #ill be a domain local group and available on all domain controllers&
Install the Remote Desktop Connection -roker role service

&o install the RD Connection -roker role service 1& Hn the computer on #hich you #ant to install the RD Connection Aro er role service+ open !erver Manager& To open !erver Manager+ clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& -nder Roles Summary+ clic Add Roles& 7& Hn the -efore ou -egin page+ clic 'e!t&
<& Hn the Select Server Roles page+ clic the Remote Desktop Services chec bo,+ and then clic 'e!t& =& Hn the Remote Desktop Services page+ clic 'e!t& >& Hn the Select Role Services page+ select the Remote Desktop Connection -roker chec bo,+ and then clic 'e!t& 8& Hn the Confirm Installation Selections page+ clic Install& %& 5fter the installation is complete+ clic Close&
Deploying Remote Desktop )icensing

Remote Des top .icensing (RD .icensing) manages the Remote Des top !ervices client access licenses (RD! C5.s) that are re?uired for each device or user to connect to a Remote Des top !ession :ost (RD !ession :ost) server& 9ou use RD .icensing to install+ issue+ and trac the availability of RD! C5.s on a Remote Des top license server& Aefore you install and configure a Remote Des top license server+ be sure that you have revie#ed the follo#ing conceptual topics:
About Remote Desktop )icensing

+hat is RD )icensing,
Remote Des top .icensing (RD .icensing)+ formerly Terminal !ervices .icensing (T! .icensing)+ manages the Remote Des top !ervices client access licenses (RD! C5.s) that are re?uired for each device or user to connect to a Remote Des top !ession :ost (RD !ession :ost) server& 9ou use RD .icensing to install+ issue+ and trac the availability of RD! C5.s on a Remote Des top license server& 'ote 'n "indo#s !erver 200% R2+ a terminal server is no# called an RD !ession :ost server& 5lso+ Terminal !ervices client access licenses (T! C5.s) are no# called Remote Des top !ervices client access licenses (RD! C5.s)& 'n these topics+ these ne# terms are used+ even #hen referring to previous versions of "indo#s !erver& 1ote that security group names have not changed in "indo#s !erver 200% R2& "hen a clientSeither a user or a deviceSconnects to an RD !ession :ost server+ the RD !ession :ost server determines if an RD! C5. is needed& The RD !ession :ost server then re?uests an RD! C5. from a Remote Des top license server on behalf of the client attempting to connect to the RD !ession :ost server& 'f an appropriate RD! C5. is available from a license server+ the RD! C5. is issued to the client+ and the client is able to connect to the RD !ession :ost server& 5lthough there is a licensing grace period during #hich no license server is re?uired+ after the grace period ends+ clients must have a valid RD! C5. issued by a license server before they can log on to an RD !ession :ost server& Important Remote Des top supports t#o concurrent connections to remotely administer a computer& 9ou do not need a license server for these connections& To use Remote Des top !ervices+ you must also have at least one license server deployed in your environment& Bor small deployments+ you can install
both the RD !ession :ost role service and the RD .icensing role service on the same computer& Bor larger deployments+ it is recommended that the RD .icensing role service be installed on a separate computer from the RD !ession :ost role service& 9ou must configure RD .icensing correctly in order for your RD !ession :ost server to accept connections from clients& To allo# ample time for you to deploy a license server+ Remote Des top !ervices provides a licensing grace period for the RD !ession :ost server during #hich no license server is re?uired& During this grace period+ an RD !ession :ost server can accept connections from unlicensed clients #ithout contacting a license server& The grace period begins the first time the RD !ession :ost server accepts a client connection& The grace period ends after #hichever of the follo#ing occurs first: 5 permanent RD! C5. is issued by a license server to a client connecting to the RD !ession :ost server& The number of days in the grace period is e,ceeded&
The length of the grace period is based on the operating system running on the RD !ession :ost server& The grace periods are as follo#s& 0perating system running on the RD Session $ost server "indo#s !erver 200% R2 "indo#s !erver 200% "indo#s !erver 2007 R2 "indo#s !erver 2007 "indo#s 2000 Grace period
120 days 120 days 120 days 120 days 40 days
Ay default+ after you log on as a local administrator on an RD !ession :ost server+ a message appears in the lo#er*right corner of the des top that notes the number of days until the licensing grace period for the RD !ession :ost server e,pires& Aefore the RD .icensing grace period ends+ you must purchase and install the appropriate number of RD! C5.s for each device or user that needs to
connect to an RD !ession :ost server& 'n addition+ you must verify that the Remote Des top licensing mode that you specify on the RD !ession :ost server matches the type of RD! C5. available on the license server& The Remote Des top licensing mode determines the type of RD! C5. that an RD !ession :ost server re?uests from a license server on behalf of a client connecting to the RD !ession :ost server&
Installing the Remote Desktop )icensing Role Service

-se the follo#ing procedure to install the Remote Des top .icensing (RD .icensing) role service by using !erver Manager& 'ote The installation of the RD .icensing role service does not re?uire the computer to be restarted& Membership in the local Administrators group+ or e?uivalent+ on the RD .icensing server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o install the RD )icensing role service 1& Hn the server on #hich you #ant to install the RD .icensing role service+ open !erver Manager& To open !erver Manager+ clic Start+ point to Administrative &ools+ and then clic Server 5anager& 2& 'f the Remote Des top !ervices role is not already installed: a& 'n the left pane+ right*clic Roles+ and then clic Add Roles& b& Hn the -efore 'e!t& ou -egin page of the Add Roles +i.ard+ clic
c& Hn the Select Server Roles page+ select the Remote Desktop Services chec bo,+ and then clic 'e!t& d& Hn the Remote Desktop Services page+ clic 'e!t& e& Hn the Select Role Services page+ select the Remote Desktop
)icensing chec bo,+ and then clic 'e!t& 'f the Remote Des top !ervices role is already installed: a& 'n the left pane+ e,pand Roles& b& Right*clic Remote Desktop Services+ and then clic Add Role Services& c& Hn the Select Role Services page+ select the Remote Desktop )icensing chec bo,+ and then clic 'e!t& 7& Hn the Configure Discovery Scope for RD )icensing page+ you can specify a discovery scope for the license server& Bor more information+ see Remote Desktop )icense Server Discovery& <& Hn the Configure Discovery Scope for RD )icensing page+ you can also specify the location #here the RD .icensing database #ill be stored& 'f you #ant to specify a database location other than the default location provided+ clic -rowse& 1ote that the database location must be a local folder on the computer on #hich the RD .icensing role service is being installed& =& Clic 'e!t& >& Hn the Confirm Installation Selections page+ verify that the RD .icensing role service #ill be installed+ and then clic Install& 8& Hn the Installation Progress page+ installation progress is noted& %& Hn the Installation Results page+ confirm that installation of the RD .icensing role service succeeded+ and then clic Close&
Activating the Remote Desktop )icense Server

5 Remote Des top license server must be activated to certify the license server and allo# the license server to issue Remote Des top !ervices client access licenses (RD! C5.s)& 9ou can activate a license server by using the 5ctivate !erver "i0ard in the Remote Des top .icensing Manager tool& There are three methods by #hich you can activate your license server:
5ctivate a Remote Des top .icense !erver 5utomatically 5ctivate a Remote Des top .icense !erver by -sing a "eb Aro#ser 5ctivate a Remote Des top .icense !erver by -sing the Telephone
"hen you activate the license server+ Microsoft provides the server #ith a limited*use digital certificate that validates server o#nership and identity& Microsoft uses an T&=04 industry standard certificate for this purpose& Ay using this certificate+ a license server can ma e subse?uent transactions #ith Microsoft& 'f a license server is not activated+ the license server can only issue temporary RD! Per Device C5.s+ #hich are valid for 40 days+ or RD! Per -ser C5.s&
Activate a Remote Desktop )icense Server Automatically

5 license server must be activated to certify the license server and allo# the license server to issue Remote Des top !ervices client access licenses (RD! C5.s)& 9ou can activate a license server by using the 5ctivate !erver "i0ard in the Remote Des top .icensing Manager tool& &o activate a Remote Desktop license server automatically 1& Hn the license server+ open Remote Des top .icensing Manager& To open Remote Des top .icensing Manager+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop )icensing 5anager& 2& Right*clic the license server that you #ant to activate+ and then clic Activate Server& The 5ctivate !erver "i0ard starts& 7& 'n the Activate Server +i.ard+ on the +elcome to the Activate Server +i.ard page+ clic 'e!t& <& Hn the Connection 5ethod page+ in the Connection method list+ select Automatic connection 2recommended3+ and then clic 'e!t& =& Hn the Company Information page+ type your name and company+ select your country or region+ and then clic 'e!t&
>& Hn the Company Information optional information page+ specify any other information that you #ant to provide+ such as e*mail and company address+ and then clic 'e!t to activate your license server& 8& Hn the Completing the Activate Server +i.ard pagedo one of the follo#ing: To install Remote Des top !ervices client access licenses (RD! C5.s) onto your license server+ ensure that the Start Install )icenses +i.ard now chec bo, is selected+ clic 'e!t+ and then follo# the instructions& To install RD! C5.s later+ clear the Start Install )icenses +i.ard now chec bo,+ and then clic #inish&
Activate a Remote Desktop )icense Server by /sing a +eb -rowser

9ou can use the "eb method to activate a license server #hen the computer running the Remote Des top .icensing Manager tool does not have 'nternet connectivity+ but you have access to the "eb by means of a "eb bro#ser from another computer& The -R. for the "eb method is displayed in the 5ctivate !erver "i0ard& Membership in the local Administrators group+ or e?uivalent+ on the RD .icensing server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o activate a Remote Desktop license server by using a +eb browser 1& Hn the license server+ open Remote Des top .icensing Manager& To open Remote Des top .icensing Manager+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop )icensing 5anager& 2& Right*clic the license server that you #ant to activate+ and then clic Activate Server& The 5ctivate !erver "i0ard starts&
7& Clic 'e!t& <& Hn the Connection 5ethod page+ in the Connection method list+ select +eb -rowser+ and then clic 'e!t& =& Hn the )icense Server Activation page+ clic the hyperlin to connect to the Remote Des top !ervices .icensing "eb site& 'f you are running Remote Des top .icensing Manager on a computer that does not have 'nternet connectivity+ note the address for the Remote Des top !ervices .icensing "eb site+ and then connect to the "eb site from a computer that has 'nternet connectivity& >& -nder Select 0ption+ clic Activate a license server+ and then clic 'e!t& 8& 'n the Product 'D bo,es+ type your Product 'D& 9our Product 'D is displayed on the )icense Server Activation page of the 5ctivate !erver "i0ard& 9ou must also complete the name+ company+ and countryEregion fields& !pecify any other information that you #ant to provide+ such as e*mail and company address+ and then clic 'e!t& %& Confirm your entries+ and then clic 'e!t& 9our license server 'D is displayed& 4& Hn the )icense Server Activation page in the 5ctivate !erver "i0ard+ type the license server 'D that you received in the previous step+ and then clic 'e!t& 9our license server is activated& 10&Hn the Completing the Activate Server +i.ard page+ do one of the follo#ing: To install Remote Des top !ervices client access licenses (RD! C5.s) onto your license server+ ensure that the Start Install )icenses +i.ard now chec bo, is selected+ clic 'e!t+ and then follo# the instructions& To install RD! C5.s later+ clear the Start Install )icenses +i.ard now chec bo,+ and then clic #inish&
Activate a Remote Desktop )icense Server by /sing the &elephone

The telephone activation method allo#s you to tal to a Microsoft customer service representative to complete the activation process& The appropriate telephone number is determined by the countryEregion that you choose in the 5ctivate !erver "i0ard and is displayed by the #i0ard& Membership in the local Administrators group+ or e?uivalent+ on the RD .icensing server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o activate a Remote Desktop license server by using the telephone 1& Hn the license server+ open Remote Des top .icensing Manager& To open Remote Des top .icensing Manager+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop )icensing 5anager& 2& Right*clic the license server that you #ant to activate+ and then clic Activate Server& The 5ctivate !erver "i0ard starts& 7& Clic 'e!t& <& Hn the Connection 5ethod page+ in the Connection method list+ select &elephone+ and then clic 'e!t& =& Hn the Country or Region Selection page+ clic your countryEregion+ and then clic 'e!t to vie# the appropriate telephone number to call& >& Call Microsoft by using the telephone number that is displayed on the )icense Server Activation page+ and then provide the Microsoft customer support representative #ith the Product 'D that is displayed on your screen& The representative #ill also as you to provide your name and the name of your company& The representative processes your re?uest to activate the license server+ and creates a uni?ue 'D for your license server& 8& Hn the )icense Server Activation page in the 5ctivate !erver "i0ard+ type the license server 'D that the representative provides+
and then clic 'e!t& 9our license server is activated& %& Hn the Completing the Activate Server +i.ard page+ do one of the follo#ing: To install Remote Des top !ervices client access licenses (RD! C5.s) onto your license server+ ensure that the Start Install )icenses +i.ard now chec bo, is selected+ clic 'e!t+ and then follo# the instructions& To install RD! C5.s later+ clear the Start Install )icenses +i.ard now chec bo,+ and then clic #inish&
Installing Remote Desktop Services Client Access )icenses

There are three methods by #hich you can install Remote Des top !ervices client access licenses (RD! C5.s) onto your license server:
'nstall Remote Des top !ervices Client 5ccess .icenses 5utomatically 'nstall Remote Des top !ervices Client 5ccess .icenses by -sing a "eb Aro#ser 'nstall Remote Des top !ervices Client 5ccess .icenses by -sing the Telephone
Aefore installing RD! C5.s onto your license server+ note the follo#ing: 9ou must activate your Remote Des top license server before you can install RD! C5.s onto your license server& Bor more information+ see 5ctivating the Remote Des top .icense !erver& 9ou need a license code to install RD! C5.s onto your license server& 5 license code is provided #hen you purchase your RD! C5.s& Bor more information+ see Purchase Client 5ccess .icenses (http:EEgo&microsoft&comEf#lin E@.in 'dF%1088)& 9ou can install both Per -ser and Per Device C5.s onto the same license server& 9ou can install RD! C5.s for different product versions onto the same license server& Bor e,ample+ you can install both "indo#s !erver 2007 T! Per Device C5.s and "indo#s !erver 200% T! Per -ser C5.s onto a
license server that is running "indo#s !erver 200% R2& This provides you the ability to have one license server provide RD! C5.s to Remote Des top !ession :ost (RD !ession :ost) servers running various versions of "indo#s !erver& 'ote 'n "indo#s !erver 200% R2+ Terminal !ervices client access licenses (T! C5.s) are no# called Remote Des top !ervices client access licenses (RD! C5.s)&
Install Remote Desktop Services Client Access )icenses Automatically

The automatic method for installing RD! C5.s on a Remote Des top license server re?uires 'nternet connectivity from the computer running the Remote Des top .icensing Manager tool& 'nternet connectivity is not re?uired from the license server itself& &o install Remote Desktop Services client access licenses automatically 1& Hn the license server+ open Remote Des top .icensing Manager& To open Remote Des top .icensing Manager+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop )icensing 5anager& 2& ;erify that the connection method for the Remote Des top license server is set to Automatic connection 2recommended3 by right* clic ing the license server on #hich you #ant to install Remote Des top !ervices client access licenses (RD! C5.s)+ and then clic ing Properties& Hn the Connection 5ethod tab+ change the connection method if necessary+ and then clic 01& 7& Right*clic the license server on #hich you #ant to install the RD! C5.s+ and then clic Install )icenses& <& 'n the Install )icenses +i.ard+ on the +elcome to the Install )icenses +i.ard page+ clic 'e!t& =& Hn the )icense Program page+ select the appropriate program
through #hich you purchased your RD! C5.s+ and then clic 'e!t& >& The )icense Program that you selected on the previous page in the #i0ard determines #hat information you need to provide on this page& 'n most cases+ you must provide either a license code or an agreement number& Consult the documentation provided #hen you purchased your RD! C5.s& 8& 5fter you enter the re?uired information+ clic 'e!t& %& Hn the Product %ersion and )icense &ype page+ select the appropriate product version+ license type+ and ?uantity of RD! C5.s for your environment based on your RD! C5. purchase agreement+ and then clic 'e!t& The Microsoft Clearinghouse is automatically contacted and processes your re?uest& The RD! C5.s are then automatically installed onto the license server& 4& To complete the process+ clic #inish& The license server can no# issue RD! C5.s to clients that connect to an RD !ession :ost server&
Install Remote Desktop Services Client Access )icenses by /sing a +eb -rowser
9ou can use the "eb installation method #hen the computer running the Remote Des top .icensing Manager tool does not have 'nternet connectivity+ but you have access to the "eb by means of a "eb bro#ser from another computer& The -R. for the "eb installation method is displayed in the 'nstall .icenses "i0ard& Membership in the local Administrators group+ or e?uivalent+ on the RD .icensing server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)&
&o install Remote Desktop Services client access licenses by using a +eb browser 1& Hn the license server+ open Remote Des top .icensing Manager& To open Remote Des top .icensing Manager+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop )icensing 5anager& 2& ;erify that the connection method for the Remote Des top license server is set to +eb -rowser by right*clic ing the license server on #hich you #ant to install Remote Des top !ervices client access licenses (RD! C5.s)+ and then clic ing Properties& Hn the Connection 5ethod tab+ change the connection method if necessary+ and then clic 01& 7& Right*clic the license server on #hich you #ant to install the RD! C5.s+ and then clic Install )icenses& The 'nstall .icenses "i0ard starts& <& Clic 'e!t& =& Hn the 0btain Client )icense 1ey Pack page+ clic the hyperlin to connect to the Remote Des top !ervices .icensing "eb site& 'f you are running Remote Des top .icensing Manager on a computer that does not have 'nternet connectivity+ note the address for the Remote Des top !ervices .icensing "eb site+ and then connect to the "eb site from a computer that has 'nternet connectivity& >& Hn the Remote Des top !ervices .icensing "eb page+ under Select 0ption+ select Install Client Access )icense tokens+ and then clic 'e!t& 8& Provide the follo#ing re?uired information: )icense Server ID 5 7=*digit number+ in groups of = numerals+ #hich is displayed on the 0btain Client )icense 1ey Pack page in the 'nstall .icenses "i0ard& )icense Program !elect the appropriate program through #hich you purchased your RD! C5.s& .ast name or surname
Birst name or given name Company name CountryEregion
9ou can also provide the optional information re?uested+ such as company address+ e*mail address+ and phone number& 'n the organi0ational unit field+ you can describe the unit #ithin your organi0ation that this license server serves& %& Clic 'e!t& 4& The )icense Program that you selected on the previous page determines #hat information you need to provide on this page& 'n most cases+ you must provide either a license code or an agreement number& Consult the documentation provided #hen you purchased your RD! C5.s& 'n addition+ you need to specify #hich type of RD! C5. and the ?uantity that you #ant to install on the license server& 10&5fter you have entered the re?uired information+ clic 'e!t& 11&;erify that all of the information that you have entered is correct& To submit your re?uest to the Microsoft Clearinghouse+ clic 'e!t& The "eb page then displays a license ey pac 'D generated by the Microsoft Clearinghouse& Important Retain a copy of the license ey pac 'D& :aving this information #ith you facilitates communications #ith the Microsoft Clearinghouse+ should you need assistance #ith recovering RD! C5.s& 12&'n the 'nstall .icenses "i0ard+ on the 0btain Client )icense 1ey Pack page+ enter the license ey pac 'D in the bo,es provided+ and then clic 'e!t& The RD! C5.s are installed on your license server& 17&Hn the Completing the Install )icenses +i.ard page+ clic #inish& The license server can no# issue RD! C5.s to clients that connect to a Remote Des top !ession :ost (RD !ession :ost) server&
Install Remote Desktop Services Client Access )icenses by /sing the &elephone
The telephone installation method allo#s you to tal to a Microsoft customer service representative to complete the installation process& The appropriate telephone number is determined by the countryEregion that you choose in the 5ctivate !erver "i0ard and is displayed by the #i0ard& Membership in the local Administrators group+ or e?uivalent+ on the RD .icensing server that you plan to configure+ is the minimum re?uired to complete this procedure& Revie# details about using the appropriate accounts and group memberships at .ocal and Domain Default 6roups (http:EEgo&microsoft&comEf#lin E@.in 'dF%7<88)& &o install Remote Desktop Services client access licenses by using the telephone 1& Hn the license server+ open Remote Des top .icensing Manager& To open Remote Des top .icensing Manager+ clic Start+ point to Administrative &ools+ point to Remote Desktop Services+ and then clic Remote Desktop )icensing 5anager& 2& ;erify that the connection method for the Remote Des top license server is set to &elephone by right*clic ing the license server on #hich you #ant to install Remote Des top !ervices client access licenses (RD! C5.s)+ and then clic ing Properties& Hn the Connection 5ethod tab+ change the connection method if necessary+ ensure that the correct country or region is selected in the Select Country or Region list+ and then clic 01& 7& Right*clic the license server on #hich you #ant to install the RD! C5.s+ and then clic Install )icenses& The 'nstall .icenses "i0ard starts& <& Clic 'e!t& =& Hn the 0btain Client )icense 1ey Pack page+ use the telephone number that is displayed to call the Microsoft Clearinghouse+ and give the representative your Remote Des top license server 'D and the re?uired information for the licensing program through #hich you purchased your RD! C5.s& The representative then processes your
re?uest to install RD! C5.s+ and gives you a uni?ue 'D for the RD! C5.s& This uni?ue 'D is referred to as the license ey pac 'D& Important Retain a copy of the license ey pac 'D& :aving this information #ith you facilitates communications #ith the Microsoft Clearinghouse should you need assistance #ith recovering RD! C5.s& >& 'n the 'nstall .icenses "i0ard+ on the 0btain client license key pack page+ enter the license ey pac 'D provided by the representative into the bo,es provided+ and then clic 'e!t& The RD! C5.s are installed on your Remote Des top license server& 8& To complete the process+ clic #inish& The Remote Des top license server can no# issue RD! C5.s to clients that connect to a Remote Des top !ession :ost (RD !ession :ost) server&

Remote Desktop Services Deployment Guide

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Remote Desktop Services Deployment Guide

Caricato da

Copyright:

Formati disponibili

Remote Desktop Services Deployment Guide

Microsoft Corporation Published: May 2010

3 2004 Microsoft Corporation& 5ll rights reserved&

5ll other trademar s are property of their respective o#ners&

Remote Desktop Services Deployment Guide

About this guide

Planning to Deploy Remote Desktop Services

Reviewing Remote Desktop Services concepts

Implementing our Remote Desktop Services Design Plan

Checklist" Implementing a %irtual Desktop Infrastructure Design

Checklist" Deploying a Personal %irtual Desktop

'nstalling the Remote Des top ;irtuali0ation :ost Role !ervice

'nstalling the Remote Des top Connection Aro er Role !ervice

'nstalling the Remote Des top "eb 5ccess Role !ervice

Populating the T! "eb 5ccess Computers !ecurity 6roup

Configuring the RD "eb 5ccess !erver for

Doining RD ;irtuali0ation :ost to RD Connection Aro er

5ssigning a Personal ;irtual Des top

Configuring Remote5pp and Des top Connection

;erifying Personal ;irtual Des top Bunctionality

Checklist" Deploying a %irtual Desktop Pool

'nstalling the Remote Des top ;irtuali0ation :ost Role !ervice

'nstalling the Remote Des top Connection Aro er Role !ervice

'nstalling the Remote Des top "eb 5ccess Role !ervice

Populating the T! "eb 5ccess Computers !ecurity 6roup

;erifying ;irtual Des top Pool Bunctionality

Checklist" Implementing a Session( based Design

Checklist" Deploying a Remote Desktop Session $ost Server

&ask Configure the license settings on the RD !ession :ost server&

;erifying Remote Des top !ession :ost Bunctionality

Checklist" Deploying a Remote Desktop )icense Server

Deploying Remote Desktop Session $ost

Deploying Remote Desktop Session $ost

Chec list: RD !ession :ost 'nstallation Prere?uisites

Checklist" RD Session $ost Installation Prere*uisites

Revie# information about: :ard#are re?uirements Capacity and scaling

(http:EEgo&microsoft&comEf#lin E@ .in 'dF17%0==)& Bor capacity and scaling+ see the

(http:EEgo&microsoft&comEf#lin E@ .in 'dF142<12)&

Determine if you need to deploy an

&ask RD 6ate#ay server&

Revie# information about "indo#s Bire#all&

About Remote Desktop Session $ost

+hy use Remote Desktop Services,

Remote Desktop Services role services

+hat is RD Session $ost,

+hat is RD +eb Access,

+hy use RD Gateway,

+hat is RD Connection -roker,

+hat is RD %irtuali.ation $ost,

/sing Remote Desktop

Installing RD Session $ost on a Domain Controller

Remote Desktop Services and +indows #irewall

Installing the RD Session $ost Role Service

Install the Remote Desktop Session $ost role service

7& 'n the 5dd Roles "i0ard+ on the -efore

ou -egin page+ clic 'e!t&

5uthentication !etting for an RD !ession :ost !erver&

Installing Programs on an RD Session $ost Server

Configuring the Remote Desktop /sers Group

Configuring the Client 6!perience on an RD Session $ost Server

Desktop 6!perience #eature

+hat:s in the Desktop 6!perience feature