Tuesday, December 18, 2007

Windows 2008's Terminal Services

Windows Server 2003 aja baru mulai hapal...
Eh, yg 2008 udah mulai muncul..
:( belajar mulu.....

Nih, W08 terminal service.
Kayanya keren jg nih.
Ada yg jd beta testernya disini ???
Bagi2 info dunk...


Link buat download :
Remote Desktop Client version 6.
RDC6.0 :

Yg keren buat gue cuman resolusi ama colornya..
Yg laen, kagak ngerti gue... :))

Above the Rest: Windows 2008's Terminal Services Client
One shining gem you can't ignore in the new Windows Server 2008 OS --
one which might compel you to upgrade -- is the implementation of
Terminal Services.

December 2007 * by Greg Shields

Windows Server 2008 is coming. By year's end this update to our core
Server operating system should be ready for deployment. As a function of
the five-year delay between this and our last server OS, Microsoft has
had plenty of time to work on a host of new feature sets. But, there is
one in particular that rises above the rest and has the potential for
driving the most immediate desire to upgrade: Terminal Services.

But before we start talking about what's new and exciting in the
server-side of Terminal Services, we need to spend a little talk talking
about its client and the new functionality already available within. The
new Remote Desktop Client version 6.0 actually isn't all that new,
having been released with Windows Vista. But, there are a few features
of RDC 6.0 you may not be aware of.

-- advertisement --

New Client = New Features
Other than the obvious facelift to its graphical interface, RDC has
gotten quite a bit more useful. In the previous version, the ActiveX and
full-client instances were two separate tools with two separate
installations. Now with RDC 6.0, these two functionalities have been
merged. Integrating the web-based client version with the full client
version means administrators no longer need to consider separate
installation and management of two different tools. The integration of
these two tool sets means that.RDP files on file shares as well as
web-based hosting of published desktops and applications are now
supported from the same client installation.

RDC also sports a host of new improvements in the types of devices it
can bring from the remote server to the local client. Some of those
improvements include:

* Maximum screen resolution increase to 4096x2048
* Maximum color depth increase to 32-bit color
* Support for ClearType fonts (called "font smoothing")
* Support for connected USB and other peripheral devices
* Support for Single Sign-On
* Support for spanning multiple horizontally-connected monitors
using the "/span" switch
* Enhanced security using Network Location Awareness (we'll discuss
this further in the next post)
* Ability to use client-side themes in remoted sessions
* SSL-based security using TS Gateway (we'll also talk about this in
a later post)

Each of these new visual and security-based improvements makes RDC 6.0 a
compelling upgrade, even before Server 2008 makes its debut.

Reversing Bad Security
From a security perspective, the original RDC's design was actually
backwards from what is considered good security.

Think about how you connect to a pre-W2008 Terminal Server. You enter
the name of the server and a connection is initiated to its logon
screen. Then, once you hit that logon screen you begin the process to
authenticate. From a security perspective, this isn't a good idea. By
doing it in this manner, you're actually accessing a server prior to
authenticating to it. This is the reverse of how nearly all other
network services provide authentication security.

NLA, or Network Level Authentication with RDC 6.0, reverses the order in
which a client attempts to connect. If you've used the new client,
you've probably noticed how it asks for your username and password
before it takes you to the logon screen. If you're attempting to connect
to a pre-W2008 server, a failure in that initial logon will fail back to
the old login process. But where this new feature shines is when
connecting to Windows Vista and W2008 servers with NLA configured. Here,
that failback authentication can be prevented from ever occurring. This
prevents the bad guys from gaining console access to your server without
a successful authentication.

You can set up Network Level Authentication in Vista and W2008 by right
clicking on Computer and choosing Properties, then selecting Remote
Settings. Under Remote Desktop, ensure Allow connections only from
computers running Remote Desktop with Network Level Authentication (more

Accessing the Console
Every previous version of Terminal Server -- and indeed every previous
version of Windows -- reserved "Session ID 0" as the connection used
when the user is directly on the console of the machine. Reserving this
session in this way was easy for software installations that pushed
error messages to the console session. But it also added the potential
for misuse as a vector for exploit. In W2008, "Session ID 0" is no
longer a session that can be used by normal users. Instead, it is the
session where system services reside. By limiting session connections in
this way, the security profile of the Terminal Server is enhanced.

What is different, though, about making this change is that what
administrators used to think of as the "console session" can now be tied
to any session ID number. The command

mstsc.exe {servername} /console

can be used to connect the user to session ID 0 for those older O/S
versions. Using the same switch with Vista and W2008, RDC 6.0 will now
automatically connect to the correct console session.

Where this comes in particularly handy is when servers run out of
licenses. Using RDC to connect to the console session doesn't consume a
TS CAL. So, in addition to being able to install software through
terminal services directly on the console, you can also use this feature
to remotely troubleshoot a Terminal Server that has stopped accepting
new connections.

Because of how this change in connections to Session ID 0 has been done,
there is one major difference between how W2003 and W2008 handle the
acceptance of incoming connections: You get one fewer concurrent

W2008 supports a total of two rather than three concurrent connections
in Remote Administration mode. With W2003, a server would support two
TermServ connections in addition to the console connection. With W2008,
a server will only accept two concurrent connections, no matter if
they're at the console or via TermServices.

This seems like bad news at first blush, but there's a bit of good news
to go with it. With W2008 the third user who attempts to connect now
gets an opportunity to kick off another user. Once the third user
connects, they'll be asked if they want to disconnect one of the other
users instead of our old error message, "The terminal server has
exceeded the maximum number of allowed connections."

All of these features are currently supported with the new RDC, which
comes native with Vista. But for those of us with XP SP2 clients on the
network, a free download from Microsoft is available that will allow you
can take advantage of these feature upgrades as well. Download the
upgrade to RDC 6.0 here.

No comments:

If you think my website is useful, please donate, contribute, ask question, & discussion can be addressed by contacting me at dcputranto et yahoo dot com. Thanks to .. unique person coming..
Feel know more.. To keep my research continue and provide better review/assessment and knowledge, feel free to donate by clicking button below....