Windows 2000 Terminal Services usually runs flawlessly and requires practically no administration, so it’s easy to forget that you can make adjustments to it. But it’s just as easy to make a few tweaks and get things running even better. To do this, you’ll need to use the Terminal Services Configuration tool, a handy interface that allows you to adjust the connections and server settings to meet the needs of your organization.
Running Terminal Services Configuration tool
As with the familiar Terminal Services Manager, you can access the Terminal Services Configuration tool from the Administrative Tools menu. When the tool loads, the screen is deceptively simple. It consists of a standard Microsoft Management Console interface with only two objects, Connections and Server Settings. However, the two tree choices beneath these objects are all you need to make Terminal Services run in the manner that you want them to.
When you select the Connections object under the Terminal Services Configuration root, the available connections will appear in the pane to the right, as shown in Figure A. From here, you can add another connection, delete the existing connection, or modify the existing connection.
|The available connections appear in the right pane.|
If you want to create a new connection, select the Connections object and then select the Create New Connection command from the console’s Action menu. If you need to delete the connection, right-click the connection and select Delete from the context menu. Note that deleting a connection drops users who are connected to Terminal Services through that connection.
When you right-click on a connection, you will notice one of the choices on the context menu is All Tasks. This menu option includes a submenu, which allows you to either disable the connection or rename the connection. Disabling the connection allows you to temporarily take the connection offline without having to re-create it. Microsoft recommends disabling connections anytime you’re installing new applications on the server.
You can also rename a connection. Of course, renaming a connection allows you to assign the connection a more descriptive name. This can be useful to help you remember exactly why you created the connection in the first place.
Now that you know how to create, delete, rename, and disable Terminal Services connections, let’s take a look at how you can go about modifying a connection. To modify a Terminal Services connection, right-click the connection and select Properties from the context menu to view the connection’s properties sheet. As you can see in Figure B, this properties sheet contains several tabs for reconfiguring the connection.
|The connection’s properties sheet contains tabs that you can use to reconfigure the connection.|
The General tab
The General tab allows you to add a comment to the connector’s name. You can also use it to tell Terminal Services to use standard Windows authentication. You can also set the encryption level from this tab. By default, the encryption level is set to Medium; however, you can change the encryption level to Low for better performance or to High for better security.
The Logon Settings tab
The Logon Settings tab gives you the choice of either asking clients for a login name and password or forcing clients to always use a common user name and password. If you want users to supply their own credentials, select the Use Client-Provided Logon Information radio button. This isn’t a very secure solution, however. You may be better off selecting the Always Use The Following Logon Information radio button. This will allow specific control as to who can access Terminal Services and what they can do.
The Sessions tab
Terminal Services permissions are usually applied on a per-user basis. However, you can use the Sessions tab to override many of the per-user settings and force Terminal Services to behave the same way for every user. For example, you can assign the same time-out settings for everyone and also control how Terminal Services handles reconnect requests.
The Environment tab
I’ve always found the Environment tab to be extremely useful because rather than granting Terminal Services users full access to a Windows desktop, you can completely bypass the user’s normal profile and force Windows to run a specific program when the user connects. This program could be a login script, an application, etc. This tab also contains an option to disable the Windows wallpaper, which can enhance performance.
The Remote Control tab
When people think of remote control in the context of Terminal Services, they think of remote server administration. However, this tab instead controls whether or not Terminal Services will allow an administrator to take control of a client’s session. There are several different levels of control that can be implemented.
You can disallow remote control or allow remote control, and you can also place some restrictions on the remote control functions. For example, you can limit the remote control capabilities to allow the Administrator to observe a remote session but not to override it. You can also require that the user give the administrator permission to view or to control the session.
Remote control can be a very helpful tool for help desk personnel. With remote capabilities, your help desk staff can fix complex problems from their desks. However, even in the hands of an administrator, remote control can be used for unethical purposes, such as invading the privacy of a user and watching what they’re doing on their workstation.
The Client Settings tab
The Client Settings tab allows you to control which external devices to associate with the user’s session. For example, you could map network drives, printers, and COM ports, just to name a few.
The Network Adapter tab
This tab contains a list of all of the network adapters associated with the connection. For each adapter, you can set the maximum number of allowed sessions.
The Permissions tab
From this tab, you can determine which user accounts have what level of access through Terminal Services. You can specify Full Control, User Access, Guest Access, or any combination of individual permissions.
Now let’s take a look at the tool’s other container, the Server Settings container. As you can see in Figure C, this container offers fewer options than the Connections container. This container’s settings control the behavior of Terminal Services as a whole rather than the behavior of one individual connection in the way that the Connection container’s settings do.
|The Server Settings container’s settings control the behavior of Terminal Services.|
You’ll first encounter the Terminal Server Mode, which is actually a display-only field. It tells you if the terminal server you’re looking at is set up to allow Terminal Server clients to use it (Application Server Mode) or if the server is simply configured for remote administration. If you need to change the Terminal Server Mode, use the Add/Remove Programs icon in Control Panel to uninstall and then reinstall Terminal Services.
The next setting is Delete Temporary Files On Exit. Setting this parameter to Yes prevents files related to individual terminal sessions from filling up your server’s hard disk.
The next setting is the Use Temporary Folders Per Session. I recommend setting this option to Yes to keep each group of temporary files isolated to the session using them. This makes for a much easier cleanup after the session ends. If a tidy cleanup isn’t enough of a reason for you to enable this setting, consider this: If you don’t use a separate set of temporary files for each session, it’s theoretically possible that a change made by one user could impact all other sessions. That’s bad security.
If you service clients with your Terminal Server (other than remote administration sessions), you must purchase client access licenses for each non-Windows 2000 Professional seat that will be using Terminal Services. The next setting, the Internet Connector Licensing, is separate from this. This setting is actually a separate license you must purchase if you need to allow Internet users (not employees) to anonymously access your Terminal Server to run Windows-based software.
As you can probably guess, the next setting on the list, Active Desktop, simply enables or disables Active Desktop for your Terminal Server users. Although the Active Desktop is enabled by default, in some cases, you can achieve performance gains by disabling it.
The final list item is Permission Compatibility, which is set by default to Windows 2000 Users. I personally recommend leaving this setting alone. If you do need to change the setting, however, Terminal Services must be running in Application Server (not Remote Administration) mode before you’ll be allowed to make the change.
Because of the extremely low level of maintenance required by Terminal Services, it’s often easy to forget that you can tweak it to better meet your needs. You can use the Terminal Services Configuration tool, which Microsoft has made very easy to understand and use, to modify the various settings. Once you learn where everything is and what it does, you’ll have little problem tuning Terminal Services for maximum performance.