Designing Server Setting Configurations
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Use the following guidelines to design the configuration of your terminal servers.
Configure this Group Policy setting to Enabled to ensure that the session state remains consistent with the client state. Use this setting only if you are having problems with users who cannot reconnect.
These settings can be set in the Server Settings folder of TSCC or in the Temporary Folders node of the Terminal Services administrative template in the Group Policy Object Editor. In TSCC, both of these settings are configured Yes by default, which means that temporary folders are used per session and deleted upon logging off. It is recommended that you keep the default settings unless there is a compelling business reason to change them.
Delete or retain temporary folders when exiting It is recommended that you configure your servers so that the data stored in the temporary folder for user sessions is deleted when users log off. This provides added security by eliminating a point of access for user data. It also provides a way to manage the load on the server, because temporary folders tend to grow quickly in size in a multiuser environment. If you are using Group Policy to set this setting (set to Disable to delete temporary folders), you must also configure the server to use per-session temporary folders.
Use separate temporary folders for each session This setting keeps each session’s temporary folders in a separate folder, which enables you to configure the server to delete temporary folders when a single user logs off without affecting other users’ sessions.
You can restrict users from using Active Desktop by using TSCC or Group Policy under User Configuration/Administrative Templates/Desktop/Active Desktop. Active Desktop allows users to choose JPEG and HTML wallpaper, both of which can affect performance for the user because of the amount of data that needs to transfer from the server to the desktop. The default setting is Enable. It is recommended that you disable Active Desktop.
Session Directory Settings
If you are load balancing several terminal servers and using Session Directory, you can use TSCC or Group Policy to configure the servers to use Session Directory. Session Directory is a database that tracks user sessions that are running on load-balanced terminal servers. For more information about using Session Directory (including configuring Session Directory), see "Load Balancing Terminal Servers" earlier in this chapter. For more information about Session Directory, see the "Session Directory and Load Balancing Using Windows Server 2003 Terminal Server" white paper at the Terminal Services link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
Use the following settings to configure the license server for Terminal Server. Most of these settings can be configured only through Group Policy. Exceptions are noted.
Licensing Mode You can set the licensing mode to Per Device or Per User through the TSCC Server Settings folder. For more information about licensing modes for Terminal Server, see "Choosing the Licensing Model" earlier in this chapter.
License Server Security Group Enabling this Group Policy setting and applying it to your license server creates a local group called Terminal Services Computers. The license server issues licenses only to the terminal servers in this group. You must add both the terminal servers for which you need to provide licenses and any license servers that might need to acquire licenses to this group for each license server. For ease of management in a large Terminal Server deployment, create an Active Directory global group named Terminal Server Licensing and add all of your terminal servers and all of your license servers to this group. Then add this group to the Terminal Services Computers group of each license server. Whenever you deploy a new terminal server or license server, if you add it to the Terminal Server Licensing group, it automatically appears in the Terminal Services Computers group for each license server.
Prevent License Upgrade In an environment with both Windows Server 2003 and Windows 2000 Terminal Server, enable this Group Policy setting to prevent the license server from handing out Windows Server 2003 CALs to terminal servers that are running Windows 2000.
Limit users to one remote session
By default, the TSCC setting that restricts users to one session is set to Yes. This ensures that a user who disconnects can reconnect to the same session. This also conserves server resources by keeping the number of sessions on your server to a known number. You can enforce this setting domain-wide by using Group Policy. Limit users to one session unless you have a valid business reason for allowing more than one.
This TSCC setting is set to Full Security by default. It restricts access to system resources, such as the registry, to members of the Users group on a terminal server.
Although some older applications require such access, do not set this setting to Relaxed Security unless you have determined through testing that your applications do not work properly in Full Security mode.
Use this Group Policy setting to set the path for storing your user home directories. For more information about planning for storage of home directories, see "Using Home Directories with Terminal Server" earlier in this chapter.
Use this Group Policy setting to set the path for storing your roaming user profiles. For more information about planning for storage of roaming user profiles, see "Using User Profiles in Windows Server 2003" earlier in this chapter.