CBLM Basic CSS NC II

Go to Start > Administrative Tools > Print Management.
Click All Printers. Right click network printer and select Deploy with
Group Policy…

Specify where
to deploy the
printer. In this
example, the
network printer
will be deployed
to Students OU
(organizational
unit)
Create a new policy. Right-click anywhere in the white space and select New. Type “Printer Deployment”
for example.

51

Deploy the printer by clicking Add button. Check both “The users that this GPO applies” and “The
computers that this GPO applies”

Click Apply and OK.
Update the policy on both computers using the command gpupdate /force.

52

RemoteDesktopServicesinWindows2008R2-Part1

the renaming of Terminal Server and it’s services;

Previous name (Windows 2008) Name in Windows Server 2008 R2

Terminal Services Remote Desktop Services
Terminal Server Remote Desktop Session Host (RD Session Host)
Terminal Services Licensing (TS Licensing) Remote Desktop Licensing (RD Licensing)
Terminal Services Gateway (TS Gateway) Remote Desktop Gateway (RD Gateway)
Terminal Services Session Broker (TS Session Remote Desktop Connection Broker (RD Connection
Broker) Broker)

Terminal Services Web Access (TS Web Access) Remote Desktop Web Access (RD Web Access)
Before delving into the step by step guide I will quickly highlight some of the enhancements and
improvements that have been incorporated in this release; This is by no means a comprehensive list,
however I have provided a number of links at the end of this post to

TechNet articles outlining What’s New in RDS.
 Windows Server 2008 R2 is 64 bit only, meaning that RDS is also 64 bit.
 Forms based authentication for Remote Desktop Web Access
 Per user RemoteApp program filtering
 Enhancements to Remote Desktop Client experience such as multiple monitor support, Audio

recording redirection and Audio and Video playback
 Windows Installer compatibility
 Introduction of Remote Desktop Virtualisation Host providing personal virtual desktops utilising

Hyper-V (note: This technology will not be discussed in this series, however I will have a future
post dedicated to this new inclusion)



So let’s begin the installation by Navigating to Start / Administrative Tools / Server Manager (This post is
assuming that you already have a dedicated Windows 2008 R2 server setup)
Click on Roles located on the left navigation pane and then select Add Roles located on the right pane to
invoke the Add Roles Wizard.

Click Next

53

Select Remote Desktop Services as the role to install on this server.

Click Next.
The below introduction to Remote Desktop Services is displayed. Microsoft have done a great
job in providing administrators with thorough documentation pertaining to the role being
installed.

Click Next
This is a single server setup so I will select all of the role services for Remote Desktop Services excluding
Remote Desktop Virtualisation Host (this will be covered in a future post). I have provided Microsoft’s
description of each service in the table below;

54

Remote Desktop Session Host RD Session Host, formerly known as Terminal
Server, enables a server to host Windows-
based programs or the full Windows desktop.
Users can connect to an RD Session Host
server to run programs, save files and use
network resources on the that server

Adding the Remote Desktop Gateway and or Remote Desktop Web Access will prompt you to install
other services that are prerequisites such as IIS.

Click Add Required Role Services

55

After you have the Selected Roles checked, click Next.
The below warning will appear advising that it is recommended to install the Remote Desktop
Session Host prior to installing any “client” applications.

Because this is a new install of Windows 2008 R2, I can ignore this warning and click Next.
You will now be required to specify an Authentication Method for the Remote Desktop Session Host.
The two options provided below are as follows;

Click Next.
Specify your Licensing Mode

Click Next

56

You will then be prompted to select user groups that you would like to provide access to the
Remote Session Host Server. By Default, the “Administrators” group is added and I will also be
adding a security group that I have created specifically for my Remote Desktop Users. Users or
User groups added in this section will be automatically added to the local Remote Desktop Users
group.

Click Next
The next screen will allow you to configure the client experience providing your end users with similar
functionality and visual experience found from a Windows 7 desktop.

I will be selecting all 3 options provided, with one of the enhancements to Remote Desktop Services in
R2 being the ability to provide users with a much better Video playback experience than in previous
releases. It does so by offloading the actual video playback to the local graphics processing unit. More
information on Multimedia Redirection Improvements in Windows 7 and WS2008 R2 can be found
here; http://blogs.msdn.com/rds/archive/2009/07/24/multimedia-redirection-improvements-in-
windows-7-and-ws2008-r2-part-1.aspx
Click Next
The next screen provides you with the ability to configure discovery scope for RD licensing. Following
Microsoft’s recommendation, I will not configure a discovery scope for the license server and will utilise
the inbuilt RDS Host configuration tool instead.

57

Click Next
The next screen is requesting a server authentication certificate for SSL encryption. To simplify
matters during the installation I will select create a self-signed certificate for SSL encryption and
will discuss this in more detail in part 2 of this series. Note that using a self-signed certificate
will create additional administrative overhead for administrators as the certificate will need to be
exported and imported to your remote desktop client computers. Using a 3rd party certificate
from a Trusted certificate authority will remove that administrative burden and provide end users
with a seamless experience.

Click Next
The next screen introduces Authorisation policies for the RD Gateway. Recall, the RD Gateway is
designed to provide users with the ability to log onto a Remote Desktop Host via the Internet and SSL.

58

The next part of the wizard is all about creating your RD CAP and RD RAP. Don’t worry too much if you
don’t get everything right in the wizard as all of these options are configurable post wizard installation.

Notice, I have created a specific Active Directory Group called “Remote Desktop Computers” in which I
have added computers with Remote Desktop enabled.

59

Click Next
The next part of this wizard provides you with a primer on Network Policy and Access Services.

Click Next
Leave Network Policy Server selected….

Click Next

60

The following screen provides you with an introduction to the Web Server Role that is required to be
installed for Remote Desktop Web Access.

Click Next and Next again to accept the default role services options.

We are finally presented with a summary of the confirmed installation selections that we have made
throughout this wizard. It is worthwhile printing and or saving this information via the available
hyperlink to form part of your documentation. Kudos to Microsoft who in my own opinion have done a
great job with their wizard based installations which eases the usual configuration pains associated with
such an install.

Click Install. The installation process will now begin and you will be presented with the installation
results screen below notifying you of completion. Click Close and then restart your server to complete
the process.

61

Upon shutdown, restart and logon, Windows will proceed with the installation and configuration of our
roles and services.

That’s it for now. In this first article of this series on RDS, we went through the process of adding and
configuring the necessary roles and services associated with Remote Desktop Services via Windows
2008 R2 Server manager. In the next article, I will be discussing the Remote Desktop Gateway (RD
Gateway) in some detail and will go through some of it’s configuration settings both at the server and
remote desktop client level.

62

Configure Users for Remote Desktop Connection

3. In the Server Manager, click Add Roles and select Remote Desktop
Services Role.

4. Select only the following services:
Remote Desktop Session Host - Users can connect to an
RD Session Host server to run programs, to save files, and to

 use network resources on that server.
Remote Desktop Connection Broker - This prevents a user with a
disconnected session from being connected to a different RD Session

 Host server.
Remote Desktop Licensing - manages the Remote Desktop
Services client access licenses (RDS CALs) that are required for
each device or user to connect to a Remote Desktop Session Host
(RD Session Host) server.

2. For level authentication, select Require Network Level of Authentication.
3. Leave other settings by default. Just click Next to continue the

installation.

By default, only Administrators group are allowed to access the server
remotely. Local security policy for terminal services should be configured to
allow users or groups to logon using remote desktop services.

63

To allow users for remote desktop services, we will add Remote Desktop Users
Group in the list of allowed groups for remote connection.

7. Go to Start > Run. Type: secpol.msc. This will open a Local Security
Policy window.

6. In the Local Policy Window, navigate to Local Policies > User Rights
Assignment and double-click “Allow log on…Services “.

On the new Allow log on through Remote Desktop Services
Properties window, click Add User or Group button.

64

4. Enter the Remote Desktop Users group

There you have Remote Desktop Users included in the list. Click OK to close.

Now, let’s configure the any Domain User available to be a member of Remote
Desktop Users.

1. Go to Start > Administrative Tools > Active Directory Users and
Computers.

2. Select any available Domain User.
3. Right click on the selected Domain user and select Properties.

65

4. Click Member Of tab.
5. Click Add button to add user groups.
6. Type or enter: Remote Desktop Users. Click OK to close.

66

7. Done. The selected user is now allowed to logon using remote
desktop services.

To check:
1. Logon to client computer.
2. Go to Start > Run. Enter mstsc. You may also search “Remote
Desktop Connection” in the search bar.

3. Enter the computer name or IP address of the server.
4. On the next window, enter your domain account and password

to connect.
5. Done.

67

68

69

70

71