Terminal Services Core Functionality

Applies To: Windows Server 2008

For Windows Server® 2008, Terminal Services includes new core functionality that enhances the end-user experience when connecting remotely to a Windows Server 2008 terminal server. This new core functionality includes:

  • Remote Desktop Connection 6.1

  • Plug and Play Device redirection for media players and digital cameras

  • Microsoft Point of Service for .NET device redirection

  • Remote Desktop Connection display improvements, including:

    • Custom display resolutions

    • Monitor spanning

    • Desktop Experience

    • Font smoothing

    • Display data prioritization

  • Single sign-on

Who will be interested in these features?

The new core functionality in Terminal Services will be of interest to organizations that currently use or are interested in using Terminal Services. Terminal Services provides technologies that enable access, from almost any computing device, to a server running Windows-based programs or the full Windows desktop. Users can connect to a terminal server to run programs and use network resources on that server.

For Windows Server 2008, you might be interested in the new core functionality in Terminal Services if you use any of the following hardware:

  • Windows Portable Devices

  • Microsoft Point of Service for .NET devices

  • Monitors that support higher resolutions, such as 1680 x 1050 or 1920 x 1200

  • Multiple monitors

You also might be interested in the new core functionality in Terminal Services if you want to support any of the following scenarios:

  • Have users connect to a terminal server and have the remote computer look and feel more like the user's local Windows Vista® desktop experience.

  • Ensure that display, keyboard, and mouse data passed over a remote connection is not adversely affected by bandwidth intensive actions, such as large print jobs.

  • Allow users with a domain account to log on once by using a password, and then gain access to a terminal server without being asked for their credentials again.

Are there any special considerations?

In order to take advantage of the new Terminal Services core functionality, you will need to use the following:

  • Remote Desktop Connection (RDC) 6.0 or RDC 6.1

  • Windows Server 2008 configured as a terminal server

In some cases, you will also need to use Windows Vista.

What new functionality do these features provide?

Remote Desktop Connection 6.1

Remote Desktop Connection (RDC) 6.1 is available with the following operating systems:

  • Windows Server 2008

  • Windows Vista with Service Pack 1 (SP1)

  • Windows XP with Service Pack 3 (SP3)

The RDC 6.1 (6.0.6001) client supports Remote Desktop Protocol 6.1.

Remote Desktop Connection (RDC) 6.0 is available with Windows Vista.

The Remote Desktop Connection 6.0 software is also available for use on Windows Server® 2003 with SP1, Windows Server 2003 with Service Pack 2 (SP2), and Windows® XP with SP2. To use any new Terminal Services features on any of these platforms, download the installer package from article 925876 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=79373).

Plug and Play Device redirection for media players and digital cameras

In Windows Server 2008 redirection has been enhanced and expanded. Now you can redirect Windows Portable Devices, specifically media players based on the Media Transfer Protocol (MTP) and digital cameras based on the Picture Transfer Protocol (PTP).

To redirect Plug and Play devices

  1. Open Remote Desktop Connection. To open Remote Desktop Connection on Windows Vista, click Start, point to All Programs, click Accessories, and then click Remote Desktop Connection.

  2. In the Remote Desktop Connection dialog box, click Options.

  3. On the Local Resources tab, click More.

  4. Under Local devices and resources, expand Supported Plug and Play devices.

    Plug and Play devices that are currently plugged in and that are supported for redirection will show up in this list. If the device that you have plugged in does not show up in the list, the device is currently not supported for redirection. Check the device manual to see if the device supports MTP or PTP.

  5. Choose the device that you want to redirect by selecting the check box next to the device's name.

  6. You can also redirect devices that have not been plugged in yet but will be plugged in later when a session to a remote computer is active. To make Plug and Play devices that you will plug in later available for redirection, select the Devices that I plug in later check box.

Note

You can also redirect drives that will be connected after a session to a remote computer is active. To make a drive that you will connect to later available for redirection, expand Drives, and then select the Drives that I connect to later check box.

  1. Click OK and proceed to connect to the remote computer.

Note

The Remote Desktop Protocol (.rdp) file created by the RemoteApp Wizard automatically enables Plug and Play device redirection. For more information about TS RemoteApp, see the TS RemoteApp Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=84895).

When the session to the remote computer is launched, you should see the Plug and Play device that is redirected get automatically installed on the remote computer. Plug and Play notifications will appear in the taskbar on the remote computer.

If you have selected the Devices that I plug in later check box in Remote Desktop Connection, you should see the Plug and Play device get installed on the remote computer when you plug the Plug and Play device into your local computer while the session to the remote computer is active.

After the redirected Plug and Play device is installed on the remote computer, the Plug and Play device is available for use in your session with the remote computer. For example, if you are redirecting a Windows Portable Device such as a digital camera, the device can be accessed directly from an application such as the Scanner and Camera Wizard on the remote computer.

Note

Plug and Play device redirection is not supported over cascaded terminal server connections. For example, if you have a Plug and Play device attached to your local client computer, you can redirect and use that Plug and Play device when you connect to a terminal server (Server1, for example). If from within your remote session on Server1, you then connect to another terminal server (Server2, for example), you will not be able to redirect and use the Plug and Play device in your remote session with Server2.

You can control Plug and Play device redirection by using either of the following Group Policy settings:

  • Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection\Do not allow supported Plug and Play device redirection policy setting

  • Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings

You can also control Plug and Play device redirection on the Client Settings tab in the Terminal Services Configuration tool (tsconfig.msc) by using the Supported Plug and Play Devices check box.

Microsoft Point of Service for .NET device redirection

In Windows Server 2008 you can also redirect devices that use Microsoft Point of Service (POS) for .NET 1.11.

Important

Microsoft POS for .NET device redirection is only supported if the terminal server is running an x86-based version of Windows Server 2008.

You can download Microsoft POS for .NET 1.11 from the Microsoft Download Center (https://go.microsoft.com/fwlink/?linkid=66169).

Configuring a terminal server

To implement Microsoft POS for .NET 1.11 on your terminal server

  1. Install Microsoft POS for .NET 1.11.

  2. Install the .NET service objects or configuration XML files for the Microsoft POS for .NET device. The device service objects or configuration XML files are usually provided by the device vendor and are written to work with POS for .NET by using the Microsoft POS for .NET 1.11 Software Development Kit (SDK). You can install the device service objects or configuration XML files through the standard installation software that accompanies the device. For installation instructions for the specific Microsoft POS for .NET device that you are using, consult the device’s manual.

  3. After you install the device service objects or configuration XML files for all the Microsoft POS for .NET devices that you are supporting on the terminal server, you need to stop and start the Terminal Services UserMode Port Redirector service. To restart the Terminal Services UserMode Port Redirector service, follow these steps:

    1. Open the Services snap-in. To open the Services snap-in, click Start, point to Administrative Tools, and then click Services.

    2. In the Services dialog box, in the Name column, right-click Terminal Services UserMode Port Redirector, and then click Restart.

Note

Restart the Terminal Services UserMode Port Redirector service only after you have installed the device server objects or configuration XML files for all the Microsoft POS for .NET devices that you are supporting on the terminal server. If you later install a new device server object or configuration XML file on your terminal server for a Microsoft POS for .NET device, you will need to restart the Terminal Services UserMode Port Redirector service.

Configuring a Remote Desktop Protocol file

Microsoft POS for .NET devices, by default, are not listed under Local devices and resources on the Local Resources tab in Remote Desktop Connection. Therefore, to enable Microsoft POS for .NET devices for redirection, you need to edit the Remote Desktop Protocol (.rdp) file that you use to connect to the terminal server.

To enable Microsoft POS for .NET device redirection in an .rdp file

  • Open the .rdp file in a text editor. Add or change the following setting:

    redirectposdevices:i:<value>

    • If <value> = 0, Microsoft POS for .NET device redirection is disabled.

    • If <value> = 1, Microsoft POS for .NET device redirection is enabled.

For more information about .rdp file settings, see article 885187 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?linkid=66168).

Note

The .rdp file created by the RemoteApp Wizard does not automatically enable Microsoft POS for .NET device redirection. For more information about TS RemoteApp, see the TS RemoteApp Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=84895).

Using redirected Microsoft POS for .NET devices

After you have implemented Microsoft POS for .NET 1.11 on your terminal server and have enabled Microsoft POS for .NET device redirection in your .rdp file, plug in your Microsoft POS for .NET device and then connect to the remote computer by using the modified .rdp file. After you connect to the remote computer, you should see the Microsoft POS for .NET device that is redirected get automatically installed on the remote computer. Plug and Play notifications will appear in the taskbar on the remote computer.

After the redirected Microsoft POS for .NET device is installed on the remote computer, any Microsoft POS for .NET application residing on the terminal server can access the Microsoft POS for .NET device as if the device were available locally. There is a sample application in the POS for .NET 1.11 SDK that you can use to test access to and the functionality of the redirected Microsoft POS for .NET device. The sample application is called ccltestapp.exe and can be found in the \SDK\Samples\Sample Application folder in the folder where you installed POS for .NET.

You can control Microsoft POS for .NET device redirection by using either of the following Group Policy settings:

  • Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection\Do not allow supported Plug and Play device redirection policy setting

  • Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings

You can also control Microsoft POS for .NET device redirection on the Client Settings tab in the Terminal Services Configuration tool (tsconfig.msc) by using the Supported Plug and Play Devices check box.

Remote Desktop Connection display

Remote Desktop Connection (RDC) 6.0 and RDC 6.1 add support for using higher-resolution desktops and spanning multiple monitors horizontally to form a single large desktop. Also, the Desktop Experience feature and the display data prioritization settings are designed to enhance the end-user experience when connecting remotely to a Windows Server 2008 terminal server.

Custom display resolutions

Custom display resolution provides support for additional display resolution ratios, such as 16:9 or 16:10. For example, newer monitors with resolutions of 1680 x 1050 or 1920 x 1200 are now supported. The maximum resolution supported is 4096 x 2048.

Note

Previously, only 4:3 display resolution ratios were supported, and the maximum resolution supported was 1600 x 1200.

You can set a custom display resolution in an .rdp file or from a command prompt.

To set a custom display resolution in an .rdp file

  • Open the .rdp file in a text editor. Add or change the following settings:

    desktopwidth:i:<value>

    desktopheight:i:<value>

    where <value> is the resolution, such as 1680 or 1050.

For more information about .rdp file settings, see article 885187 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?linkid=66168).

To set a custom display resolution from a command prompt

  • At a command prompt, use the mstsc.exe command with the following syntax, and then press ENTER.

    mstsc.exe /w:<width> /h:<height>

Monitor spanning

Monitor spanning allows you to display your remote desktop session across multiple monitors.

The monitors used for monitor spanning must meet the following requirements:

  • All monitors must use the same resolution. For example, two monitors using 1024 x 768 resolution can be spanned. But one monitor at 1024 x 768 and one monitor at 800 x 600 cannot be spanned.

  • All monitors must be aligned horizontally (that is, side by side). There is currently no support for spanning multiple monitors vertically on the client system.

  • The total resolution across all monitors cannot exceed 4096 x 2048.

You can enable monitor spanning in an .rdp file or from a command prompt.

To enable monitor spanning in an .rdp file

  • Open the .rdp file in a text editor. Add or change the following setting:

    Span:i:<value>

    • If <value> = 0, monitor spanning is disabled.

    • If <value> = 1, monitor spanning is enabled.

For more information about .rdp file settings, see article 885187 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?linkid=66168).

To enable monitor spanning from a command prompt

  • At a command prompt, type the following command, and then press ENTER.

    mstsc.exe /span

Desktop Experience

Remote Desktop Connection (RDC) 6.0 and RDC 6.1 reproduce the desktop that exists on the remote computer on the user’s client computer. To make the remote computer look and feel more like the user's local Windows Vista desktop experience, you can install the Desktop Experience feature on your Windows Server 2008 terminal server. Desktop Experience installs features of Windows Vista, such as Windows Media® Player 11, desktop themes, and photo management.

To install Desktop Experience on your terminal server

  1. Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.

  2. Under Features Summary, click Add features.

  3. On the Select Features page, select the Desktop Experience check box, and then click Next.

  4. On the Confirm Installation Options page, verify that the Desktop Experience feature will be installed, and then click Install.

  5. On the Installation Results page, you are prompted to restart the server to finish the installation process. Click Close, and then click Yes to restart the server.

  6. After the server restarts, confirm that Desktop Experience is installed.

    1. Start Server Manager.

    2. Under Features Summary, confirm that Desktop Experience is listed as installed.

Font smoothing

Windows Server 2008 supports ClearType®, which is a technology for displaying computer fonts so that they appear clear and smooth, especially when you are using an LCD monitor.

A Windows Server 2008 terminal server can be configured to provide ClearType functionality when a client computer connects to the Windows Server 2008 terminal server by using Remote Desktop Connection. This functionality is referred to as font smoothing. Font smoothing is available if the client computer is running any of the following:

  • Windows Vista

  • Windows XP with Service Pack 3 (SP3)

  • Windows Server 2003 with SP1 or SP2 and the Remote Desktop Connection 6.0 software

  • Windows XP with SP2 and the Remote Desktop Connection 6.0 software

By default, ClearType is enabled on Windows Server 2008. To ensure that ClearType is enabled on the Windows Server 2008 terminal server, follow this procedure.

To ensure that ClearType is enabled

  1. Click Start, click Control Panel, and then click Appearance and Personalization.

  2. Click Personalization, and then click Window Color and Appearance.

  3. On the Appearance tab, click Effects. Select the Use the following method to smooth edges of screen fonts check box, select ClearType, and then click OK.

To make font smoothing available for a remote desktop connection, follow this procedure on the client computer.

To make font smoothing available

  1. Open Remote Desktop Connection. To open Remote Desktop Connection on Windows Vista, click Start, point to All Programs, click Accessories, and then click Remote Desktop Connection.

  2. In the Remote Desktop Connection dialog box, click Options.

  3. On the Experience tab, select the Font smoothing check box.

  4. Configure any remaining connection settings, and then click Connect.

When you allow font smoothing, you are specifying that the local settings on the client computer will help determine the user experience in the remote desktop connection. Note that by allowing font smoothing, you are not changing the settings on the Windows Server 2008 terminal server.

Using font smoothing in a remote desktop connection will increase the amount of bandwidth used between the client computer and the Windows Server 2008 terminal server.

Display data prioritization

Display data prioritization automatically controls virtual channel traffic so that display, keyboard, and mouse data is given a higher priority over other virtual channel traffic, such as printing or file transfers. This prioritization is designed to ensure that your screen performance is not adversely affected by bandwidth intensive actions, such as large print jobs.

The default bandwidth ratio is 70:30. Display and input data will be allocated 70 percent of the bandwidth, and all other traffic, such as clipboard, file transfers, or print jobs, will be allocated 30 percent of the bandwidth.

You can adjust the display data prioritization settings by making changes to the registry of the terminal server. You can change the value of the following entries under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD subkey:

  • FlowControlDisable

  • FlowControlDisplayBandwidth

  • FlowControlChannelBandwidth

  • FlowControlChargePostCompression

If these entries do not appear, you can add them. To do this, right-click TermDD, point to New, and then click DWORD (32-bit) Value.

You can disable display data prioritization by setting the value of FlowControlDisable to 1. If display data prioritization is disabled, all requests are handled on a first-in-first-out basis. The default value for FlowControlDisable is 0.

You can set the relative bandwidth priority for display (and input data) by setting the FlowControlDisplayBandwidth value. The default value is 70; the maximum value allowed is 255.

You can set the relative bandwidth priority for other virtual channels (such as clipboard, file transfers, or print jobs) by setting the FlowControlChannelBandwidth value. The default value is 30; the maximum value allowed is 255.

The bandwidth ratio for display data prioritization is based on the values of FlowControlDisplayBandwidth and FlowControlChannelBandwidth. For example, if FlowControlDisplayBandwidth is set to 150 and FlowControlChannelBandwidth is set to 50, the ratio is 150:50, so display and input data will be allocated 75 percent of the bandwidth.

The FlowControlChargePostCompression value determines if flow control will calculate the bandwidth allocation based on pre-compression or post-compression bytes. The default value is 0, which means that the calculation will be made on pre-compression bytes.

If you make any changes to the registry values, you need to restart the terminal server for the changes to take effect.

Single sign-on

Single sign-on is an authentication method that allows a user with a domain account to log on once by using a password, and then gain access to remote servers without being asked for their credentials again.

The key scenarios for single sign-on are:

  • Line of Business (LOB) applications deployment

  • Centralized application deployment

Due to lower maintenance costs, many companies prefer to install their LOB applications on a terminal server and make these applications available through RemoteApps or Remote Desktop. Single sign-on makes it possible to give users a better experience by eliminating the need for users to enter credentials every time they initiate a remote session.

Prerequisites for deploying single sign-on

To implement single sign-on functionality in Terminal Services, ensure that you meet the following requirements:

  • You can only use single sign-on for remote connections from a Windows Vista-based computer to a Windows Server 2008-based terminal server. You can also use single sign-on for remote connections from a Windows Server 2008-based server to a Windows Server 2008-based server.

  • Make sure that the user accounts that are used for logging on have appropriate rights to log on to both the terminal server and the Windows Vista client.

  • Your client computer and terminal server must be joined to a domain.

  • You must use password-based authentication. Smart cards are not supported.

To configure the recommended settings for your terminal server, complete the following steps:

  • Configure authentication on the terminal server.

  • Configure the Windows Vista-based computer to allow default credentials to be used for logging on to the specified terminal servers.

To configure authentication on the terminal server

  1. Open Terminal Services Configuration. To open Terminal Services Configuration, click Start, click Run, type tsconfig.msc and then click OK.

  2. Under Connections, right-click RDP-Tcp, and then click Properties.

  3. In the Properties dialog box, on the General tab, verify that the Security Layer value is either Negotiate or SSL (TLS 1.0), and then click OK.

To allow default credential usage for single sign-on

  1. On the Windows Vista-based computer, open Local Group Policy Editor. To open Local Group Policy Editor, click Start, and in the Start Search box, type gpedit.msc and then press ENTER.

  2. In the left pane, expand the following: Computer Configuration, Administrative Templates, System, and then click Credentials Delegation.

  3. Double-click Allow Delegating Default Credentials.

  4. In the Properties dialog box, on the Setting tab, click Enabled, and then click Show.

  5. In the Show Contents dialog box, click Add to add servers to the list.

  6. In the Add Item dialog box, in the Enter the item to be added box, type the prefix termsrv/ followed by the name of the terminal server; for example, termsrv/Server1, and then click OK.

Additional references

For information about other new features in Terminal Services, see the Terminal Services Role topic.