Terminal Services Tools and Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Terminal Services Tools and Settings

In this section:

  • Terminal Services Tools

  • Terminal Services Group Policy Settings

  • Terminal Services WMI Classes

  • Network Ports Used by Terminal Services

  • Related Information

This section summarizes the tools and settings associated with Terminal Services.

Terminal Services Tools

The following tools are associated with Terminal Services.

Change.exe: Change logon

Category

This tool is included in all Microsoft Windows Server 2003 operating systems except the Web edition.

Version compatibility

This tool will run on all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Enables or disables session logons to a server that has Terminal Server enabled. The change logon command disables logons from client sessions other than the system console. Users that are currently logged on are not affected. Client sessions are always re-enabled when you restart the system. If you are connected to the terminal server from a remote location and disable client sessions, and if you log off before re-enabling client sessions, you will not be able to reconnect. You need to logon at the system console in order to re-enable sessions.

Change.exe: Change port

Category

This tool is included in all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Version compatibility

This tool will run on all Windows Server 2003 operating systems except Windows Server 2003, Web edition..

Changes the COM port mappings for MS-DOS application compatibility. Most MS-DOS applications support only COM1 though COM4 serial ports. Change port maps a serial port to a different port number, allowing applications that cannot access high-numbered COM ports to access the serial port. For example, to map COM12 to COM1 for use by a MS-DOS application, type change port com12=com1. Remapping works only for the current session.

You can run Change port without any parameters to display the available COM ports and the current COM port mappings.

Change.exe: Change user

Category

This tool is included in all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Version compatibility

This tool will run on all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Changes the .ini file mapping for the current user. Use change user /install before installing an application to create .ini files for the application in the Terminal Server system directory. These files are used as master copies for the user-specific .ini files. After installing the application, use change user /execute to revert to normal .ini file mapping.

Cprofile.exe: Clean profile

Category

This tool is included in all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Version compatibility

This tool will run on all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Cleans the specified profiles of wasted space and removes user-specific file associations from the registry when disabled.

A terminal server uses file associations to determine which application to use to access files of various types. File types are registered using Windows Explorer.

Per-user file associations allow each user to have a different application associated with a specific file type. For example, one user could have .doc files associated with Microsoft Word and another user could have .doc files associated with Windows WordPad.

If user-specific file associations are enabled, Clean profile only removes the unused space from the user profile. If user-specific file associations are disabled, Clean profile also removes the corresponding registry entries.

Flattemp.exe: Flat Temp

Category

This tool is included in all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Version compatibility

This tool will run on all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Enables or disables flat temporary folders. After each user has a unique temporary directory, use flattemp /enable to enable flat temporary directories.

The default method for creating temporary folders for multiple users (usually pointed to by the TEMP and TMP environment variables) is to create subfolders in the \Temp folder, using the logonID as the subfolder name. For example, if the TEMP environment variable points to C:\Temp, the temporary folder assigned to the user logonID DonHall is C:\Temp\DonHall. Using flattemp, you can point directly to the \Temp folder and prevent subfolders from forming. This is useful when you want the user temporary folders to be contained in home directories, whether on a terminal server local drive or on a shared network drive. You should use this command only when each user has a separate temporary folder.

Logoff.exe: Logoff

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Logs off a user from a session and deletes the session from the server. You can always log off from the session to which you are currently logged on. You must, however, have Full Control permission to log off users from other sessions.

Logging off a user from a session without warning can result in loss of data at the user’s session. You should send a message to the user using the msg command to warn the user before taking this action.

If no ID or name for the session is specified, logoff logs off the user from the current session. If you specify a session name, it must be an active one.

When you log off a user, all processes end and the session is deleted from the server.

You cannot log off a user from the console session.

Msg.exe: Msg

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Sends a message to a user. If you do not specify a name for the user or session, msg displays an error message. When specifying the name of a session, it must be an active one.

The user must have send message access permission to send a message.

Mstsc.exe: Remote Desktop Connection

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Mstsc.exe is the command-line tool that launches Remote Desktop Connection. Remote Desktop Connection (formerly known as the Terminal Services client) is installed by default on all Windows Server 2003 family operating systems. You can use Remote Desktop Connection to connect to terminal servers, or to the desktop of a computer running one of the Windows Server 2003 family operating systems or Windows XP for remote administration.

Remote Desktop Connection allows you to create and configure your connection, save your connection settings to a file, and open and edit your saved connection files, all in the same program.

Query.exe: Query process

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Query process displays information about processes running on a terminal server. You can use this command to find out which programs a specific user is running, and also which users are running a specific program.

If you do not specify the user name, session name, or program name, query process displays only the processes belonging to the current user.

If a session is specified, it must identify an active session. You can use wildcards to identify the process.

Query process returns the following information:

  • The user who owns the process

  • The session that owns the process

  • The ID of the session

  • The name of the process

  • The state of the process

  • The ID of the process

Query.exe: Query session

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Query session displays information about sessions on a terminal server. The list includes information not only about active sessions but about other sessions that the server runs..

A user can always query the session to which the user is currently logged on. To query other sessions, the user must have Query Information access permission.

If you do not specify a session using session name, user name, or session id, query session displays information about all active sessions in the system.

Query.exe: Query termserver

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Query termserver displays a list of all terminal servers on the network.

Query termserver searches the network for all attached terminal servers and returns the following information:

  • The name of the server.

  • The network (and node address if the /address option is used).

Query.exe: Query user

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Query user displays information about user sessions on a terminal server. You can use this command to find out if a specific user is logged on to a specific terminal server. Query user returns the following information:

  • The name of the user

  • The name of the session on the terminal server

  • The session ID

  • The state of the session (active or disconnected)

  • The idle time (the number of minutes since the last keystroke or mouse movement at the session)

  • The date and time the user logged on

If you use query user without specifying a user name, session name, or session ID, a list of all users who are logged on to the server is returned. Alternatively, you can also use query session to display a list of all sessions on a server.

Reset.exe: Reset session

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Enables you to reset (delete) a session from the terminal server. You can always reset your own sessions, but you must have Full Control access permission to reset another user’s session.

Be aware that resetting a user’s session without warning can result in loss of data at the session.

You should reset a session only when it malfunctions or appears to have stopped responding.

Shadow.exe: Shadow

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Shadow enables you to remotely control an active session of another user. You can either view or actively control the session. If you choose to actively control a user’s session, you will be able to input keyboard and mouse actions to the session.

You can always remotely control your own sessions (except the current session), but you must have Full Control access permission to remotely control another session. You can also initiate remote control using Terminal Services Manager.

Before monitoring begins, the server warns the user that the session is about to be remotely controlled, unless this warning is disabled. Your session might appear to be frozen for a few seconds while it waits for a response from the user.

Your session must be capable of supporting the video resolution used at the session you are remotely controlling or the operation fails.

The console session can neither remotely control another session nor can it be remotely controlled by another session.

Tscc.msc: Terminal Services Configuration snap-in

Category

This tool is included in all Windows Server 2003 operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

A Terminal Services connection provides the link clients use to log on to a session on the server. A TCP/IP connection is configured when Terminal Services is installed. Using Terminal Services Configuration, you can change the default properties of the connection or add new connections.

When you open Terminal Services Configuration you will see that a connection has already been configured. This is called the RDP-TCP connection. Typically, this is the only connection that needs to be configured for clients to connect to the server for Remote Desktop for Administration or application sharing with Terminal Server. Only one RDP (Remote Desktop Protocol) connection can be configured for each network adapter. If you want to configure additional RDP connections, you must install additional network adapters.

With Terminal Services Configuration, you can reconfigure the properties of the RDP-TCP connection, which includes limiting the amount of time client sessions can remain active on the server, setting protection levels for encryption, and selecting which permissions you want users and groups to have. Some connection properties can also be configured on a per-user basis using Terminal Services Group Policies or the Terminal Services extension to Local Users and Groups. For example, you can set different session time limits for each user when you use the Terminal Services extension to Local Users and Groups. Using Terminal Services Configuration, you can only set session time limits on a per-connection basis, which means the same time limit applies to all users who log on to the server using the connection.

Tscon.exe: Tscon

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 family operating systems and on all Windows XP operating systems.

Tscon allows you to connect to another session. You must have Full Control access permission or Connect special access permission to connect to another session. You cannot connect to the console session

If you do not specify a password in the password parameter, and the target session belongs to a user other than the current one, tscon fails.

Tsdiscon.exe: Tscon

Category

This tool is included in all Windows Server 2003 family operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Tsdiscon disconnects a session from a terminal server. You must have Full Control permission to disconnect another user from a session.

If no session ID or session name is specified, tsdiscon disconnects the current session. The console session cannot be disconnected.

Any applications that were running when you disconnected the session are automatically running when you reconnect to that session with no loss of data.

Tskill.exe: Tskill

Category

This tool is included in all Windows Server 2003 operating systems and in all Windows XP operating systems.

Version compatibility

This tool will run on all Windows Server 2003 operating systems and on all Windows XP operating systems.

Tskill ends a process. You can use tskill to end only those processes belonging to you, unless you are an administrator. Administrators have full access to all tskill functions and can end processes running in other user sessions.

When all processes running in a session end, the session also ends.

Tsmmc.msc: Remote Desktops snap-in

Category

This tool is included in all Windows Server 2003 operating systems. For Windows XP, this tool is available in the Windows Server 2003 Administration Tools Pack.

Version compatibility

This tool will run on all Windows Server 2003 and Windows XP operating systems.

Windows Server 2003 provides the ability to connect to the console (session 0) of a computer by using a Remote Desktops connection. Because of this, a Connect to Console check box is available in the user interface, but this feature only works when you connect to a Windows Server 2003-based computer.

It is still possible to use the Remote Desktops tool to connect to a computer that is running Microsoft Windows NT 4.0, Terminal Server Edition, or Windows 2000 Server with Terminal Services enabled, but this creates a regular Remote Desktop Protocol (RDP) session. The option to connect to the console session is ignored.

The Remote Desktops snap-in is ideal for administrators who are remotely administering multiple servers or terminal servers. You can create Remote Desktop connections to multiple terminal servers or to computers running Windows 2000 Server or Windows Server 2003 family operating systems with the Remote Desktops snap-in. A navigable tree display provides easy switching between connections.

By default, the Remote Desktops snap-in connects you to the console session of the computer you specify in the connection. To run a specific program on connection, create a new connection that specifies the program name, and ensure that the default behavior is not selected.

Tsprof.exe: Terminal Services profile

Category

This tool is included in all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Version compatibility

This tool will run on all Windows Server 2003 operating systems except Windows Server 2003, Web edition.

Copies the user configuration information, which is displayed in the Terminal Services extensions to Local Users and Groups and Active Directory Users and Computers, from one user to another. Terminal Services profile can also set the profile path for a user.

Tsadmin.exe: Terminal Server administration

Category

This tool is included in all Windows Server 2003 operating systems except Windows Server 2003, Web Edition.

Version compatibility

This tool will run on all Windows Server 2003 operating systems except Windows Server 2003, Web Edition.

Use Terminal Services Manager to view information about terminal servers that reside in trusted domains. Use this tool to monitor users, sessions, and applications on each terminal server, and to carry out assorted actions to manage the server.

When a user creates a session by connecting to a terminal server from a client computer, the session appears in the Session list in Terminal Services Manager. In addition, the name of the user who logs on by using the session appears in the Users list. Any applications run in the user’s session can be monitored on the Processes list. Therefore, you can oversee all users, sessions, and processes on a terminal server from one location.

Terminal Services Group Policy Settings

The following table lists and describes the Group Policy settings that are associated with Terminal Services.

Group Policy Settings Associated with Terminal Services

Group Policy Setting Description

Keep-Alive Connections

Specifies whether persistent connections are allowed.

Automatic reconnection

Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to Terminal Services sessions if their network link is temporarily lost.

Restrict Terminal Services users to a single remote session

Specifies whether to restrict users to a single remote Terminal Services session.

Enforce Removal of Remote Desktop Wallpaper

Specifies whether desktop wallpaper is displayed to remote clients connecting via Terminal Services.

Deny log off of an administrator logged in to the console session

Specifies whether to allow an administrator attempting to connect to the console of a server to log off an administrator currently logged on to the console.

Allow Time Zone Redirection

Specifies whether to allow the client computer to redirect its time zone settings to the Terminal Services session.

Do not allow clipboard redirection

Specifies whether to prevent the sharing of clipboard contents (clipboard redirection) between a remote computer and a client computer during a Terminal Services session.

Do not allow smart card device redirection

Specifies whether to prevent the mapping of smart card devices in a Terminal Services session.

Allow audio redirection

Specifies whether users can choose where to play the remote computer’s audio output during a Terminal Services session.

Do not allow COM port redirection

Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Terminal Services session.

Do not allow client printer redirection

Specifies whether to prevent the mapping of client printers in Terminal Services sessions.

Do not allow LPT port redirection

Specifies whether to prevent the redirection of data to client LPT ports during a Terminal Services session.

Do not allow drive redirection

Specifies whether to prevent the mapping of client drives in a Terminal Services session.

Do not set default client printer to be default printer in a session

Specifies whether the client default printer is automatically set as the default printer in a Terminal Services session.

Always prompt client for password upon connection

Specifies whether Terminal Services always prompts the client for a password upon connection.

Set client connection encryption level

Specifies whether to enforce an encryption level for all data sent between the client and the remote computer during a Terminal Services session.

Secure Server (Require Security)

Specifies whether a Terminal Server requires secure RPC communication with all clients or allows unsecured communication.

Limit number of connections

Specifies whether Terminal Services limits the number of simultaneous connections to the server.

Limit maximum color depth

Specifies the maximum color resolution (color depth) for Terminal Services connections.

Allow users to connect remotely using Terminal Services

Specifies whether to allow users to connect remotely using Terminal Services.

Do not allow local administrators to customize permissions

Specifies whether to disable the administrator rights to customize security permissions in the Terminal Services Configuration tool (tscc.msc).

Remove Windows Security item from Start menu

Specifies whether to remove the Windows Security item from the Settings menu on Terminal Services clients.

Remove Disconnect option from Shut Down dialog

Specifies whether to remove the Disconnect option from the Shut Down Windows dialog box on Terminal Services clients.

License Server Security Group

Specifies the terminal servers and license servers to which a Terminal Server License Server offers licenses.

Prevent License Upgrade

Specifies how a License Server distributes license upgrades to terminal servers running Windows 2000.

Do not delete temp folder upon exit

Specifies whether Terminal Services retains a user’s per-session temporary folders at logoff.

Do not use temp folders per session

Specifies whether to prevent Terminal Services from creating session-specific temporary folders.

Terminal Server IP Address Redirection

Specifies how client devices are directed when reconnecting to an existing terminal server session.

Join Session Directory

Specifies whether Terminal Services uses a Session Directory for tracking user sessions, allowing a group of terminal servers to locate and connect a user back to an existing session.

Session Directory Server

Specifies whether to configure a server as a Session Directory Server for Terminal Services sessions on your network.

Session Directory Cluster Name

Specifies the Cluster Name for the terminal server, associating it with other servers in the same logical group.

Set time limit for disconnected sessions

Specifies a time limit for disconnected Terminal Services sessions.

Sets a time limit for active Terminal Services sessions

Specifies a time limit for active Terminal Services sessions.

Sets a time limit for active but idle Terminal Services sessions

Specifies a time limit for active but idle Terminal Services sessions.

Allow reconnection from original client only

Specifies whether to allow users to reconnect to a disconnected Terminal Services session using a computer other than the original client computer.

Terminate session when time limits are reached

Specifies whether to terminate a timed-out Terminal Services session instead of disconnecting it.

Set path for TS Roaming Profiles

Specifies whether Terminal Services uses the specified network path for roaming user profiles.

TS User Home Directory

Specifies whether Terminal Services uses the specified network share or local directory path as the root of the user’s home directory for a Terminal Services session.

Sets rules for remote control of Terminal Services user sessions

Specifies the level of remote control permitted in a Terminal Services session.

Start a program on connection

Configures Terminal Services to run a specified program automatically upon connection.

For more information about Group Policy settings, see the Group Policy Settings Reference for Windows Server 2003.

Terminal Services WMI Classes

The following table lists and describes the WMI classes that are associated with Terminal Services.

WMI Classes Associated with Terminal Services

Class Name Namespace Version Compatibility

Win32_TerminalService

\\root\Cimv2

Windows Server 2003

Win32_TSSessionDirectory

\\root\Cimv2

Windows Server 2003

Win32_TerminalServiceSetting

\\root\Cimv2

Windows Server 2003

Win32_TSGeneralSetting

\\root\Cimv2

Windows Server 2003

Win32_TSLogonSetting

\\root\Cimv2

Windows Server 2003

Win32_TSSessionSetting

\\root\Cimv2

Windows Server 2003

Win32_TSEnvironmentSetting

\\root\Cimv2

Windows Server 2003

Win32_TSRemoteControlSetting

\\root\Cimv2

Windows Server 2003

Win32_TSClientSetting

\\root\Cimv2

Windows Server 2003

Win32_TSNetworkAdapterSetting

\\root\Cimv2

Windows Server 2003

Win32_TSPermissionsSetting

\\root\Cimv2

Windows Server 2003

Win32_TSAccount

\\root\Cimv2

Windows Server 2003

For more information about these WMI classes, see the WMI SDK documentation on MSDN.

Network Ports Used by Terminal Services

Terminal Server uses RDP to communicate between client and server computers. RDP works only across a TCP/IP connection, such as a local area network (LAN), wide area network (WAN), dial-up, Integrated Services Digital Network (ISDN), digital subscriber line (DSL), or virtual private network (VPN) connection. You can still use other protocols, such as Internetwork Packet Exchange (IPX) or NetBIOS Extended User Interface (NetBEUI), as the transport protocol for non-Terminal Server traffic, such as network file or printer sharing, or between the client portion of a client-server application and its server.

Port Assignments for Terminal Services

Service Name UDP TCP

Remote Desktop Protocol

 

3389

The following resources contain additional information that is relevant to this section.