We’re into the Home Stretch! It’s Day Twenty. Only one week to go. Today we’re going to talk about some RDC enhancements and also talk about Administrative sessions in Terminal Services. So without further ado let’s begin with Administrative Sessions …
When the Terminal Server role is installed on Windows Server 2008, remote connections initiated using the Remote Desktop Client application consume Client Access Licenses (CAL’s). To administer the machine remotely without consuming a CAL, you can use the /admin switch when launching the Remote Desktop Connection client application (e.g. "mstsc.exe /admin"). Using the /admin switch, you can have a maximum of two active administrative sessions, including the one on the physical console. There are a few differences between administrative sessions and user sessions:
- The Time Zone is not redirected for administrative sessions even if the setting is enabled on the server
- PNP Device Redirection is not available for administrative sessions
- TS Easy Print is not available for administrative sessions
- Drive and legacy print redirection is available for administrative and user sessions
- Administrative sessions are exempted from the Deny this user permission to log on to Terminal Server policy in the TS profile of the user. If this option is selected for a user, they cannot connect remotely using MSTSC.EXE without using the /admin switch. If the same user is part of the Administrators group or listed in the access control list that permits logon to administrative sessions then they can connect with the /admin switch
- Administrative sessions are exempt from the session limit imposed on the server
- When the limit on the number of administrative sessions is exceeded, the contention is handled by allowing a new user to disconnect existing users. There is never any contention for CAL (user) sessions. As long as you have a valid CAL, you can connect remotely unless the session limit has been reached
There can be a maximum of two active administration sessions on a server. When a third user attempts to log on to an administrative session when there are already two active administrative sessions, a dialog box is displayed that allows them to disconnect an existing user. The list of users in this contention dialog only includes users with administrative sessions on the server. The dialog box is shown below (yes, I am a huge Lord of the Rings fan!).
The Force disconnect of this user option does not exist if the new user is not a member of the local Administrators group. When one of the administrative users is selected to be disconnected, they receive the dialog box shown below. They can choose to stay connected by clicking on Cancel, disconnect immediately by clicking OK or take no action at all, in which case they will be automatically disconnected in 30 seconds. In this instance, the user named Gandalf has elected to disconnect the user named Bilbo because I know that the Samwise user is working on a software installation.
Well, it turned out that Bilbo wasn’t done with what he needed to do, so he clicked the Cancel button – which denied my connection request. Below is the message that Gandalf receives that informs him that Bilbo has denied the disconnect request.
Gandalf decides that his need to access the server is greater than Bilbo’s, so he forces a disconnect of Bilbo’s session. Note that the disconnect does not reset the session, it only disconnects it. Whatever Bilbo was working on is not lost, so when he reconnects to the session, he can pick up right where he left off. Reconnecting to a session on the physical console (or any active sessions) is driven by the Restrict user to one session policy. This policy is enabled by default, restricting users to one session on the Terminal Server.
Now let’s switch focus from the Administrative sessions in RDC and look at some of the Display Enhancements in the new client. There are several enhancements to discuss – beginning with Custom Display Resolutions. The RDC 6.1 application provides support for newer monitors with display resolution rations such as 16:9 or 16:10, in additional to the traditional 4:3 resolution ratio that most of us are used to. Monitors with resolutions such as 1680×1050 or 1920×1200 are now supported. The maximum supported resolution is 4096×2048. To set a custom display resolution when launching a remote session, you would use the /w <width> and /h <height> switches – for example: mstsc.exe /w:1680 /h:1050 to start a session using a resolution of 1680×1050.
The RDC 6.1 client also supports monitor spanning which allows a user to support a single remote desktop session horizontally across multiple monitors. There are some requirements to be aware of however:
- All monitors must use the same resolution. For example, two monitors running 1280×1024 can be spanned, but a monitor running 1280×1024 and one running 1024×768 cannot be spanned
- Monitors may only be spanned horizontally. There is currently no support for spanning multiple monitors vertically on the client system
- The total resolution across all monitors cannot exceed 4096×2048
To enable monitor spanning, use the /span switch as shown: mstsc /span.
Windows Server 2008 supports ClearType, which is a technology for displaying computer fonts so that they appear clear and smooth, especially when viewing them on an LCD monitor. A Windows Server 2008 Terminal Server can be configured to provide ClearType functionality when a client computer connects using the RDC client. This functionality is referred to as Font Smoothing. Font Smoothing is available if the client computer is running any of the following:
- Windows Vista
- Windows Server 2008
- Windows Server 2003 with Service Pack 1 and the RDC 6.x client software
- Windows XP with Service Pack 2 and the RDC 6.x client software
Font smoothing allows the local settings on the client computer to help determine the user experience in the remote desktop connection. Allowing font smoothing does not change the display settings on the Windows Server 2008 Terminal Server. An important note here – using font smoothing in remote desktop connection will increase the amount of network bandwidth used between the client and server.
That brings us to the end of this post. In tomorrow’s post we will discuss Frontside Authentication and Single Sign-On (SSO). Until next time …