Remote Desktop Services Management

  • Article

What are the major changes?

Remote Desktop Services in Windows Server 2008 R2 offers new management features designed to minimize the amount of administrative overhead required to deploy and maintain a Remote Desktop Services environment.

The following management features are available in Windows Server 2008 R2:

  • Remote Desktop Services module for Windows PowerShell

  • Remote Desktop Services Best Practices Analyzer

Who will be interested in these features?

The Remote Desktop Services management features will be of interest to organizations that currently use or are interested in Remote Desktop Services.

What new functionality do these features provide?

The new functionality provided by these features is described in the following sections.

Remote Desktop Services module for Windows PowerShell

The Remote Desktop Services module enables Windows PowerShell users to access configuration settings of Remote Desktop Services and its various role services. The Remote Desktop Services module presents a hierarchical view of the settings for a Remote Desktop Services environment.

What does the Remote Desktop Services module for Windows PowerShell do?

By using the Remote Desktop Services module, a Remote Desktop Session Host (RD Session Host) server administrator can complete tasks such as:

  • View configuration settings for an RD Session Host server.

  • Edit configuration settings for an RD Session Host server.

  • Create and configure an RD Session Host connection.

  • Publish or remove a RemoteApp program.

  • Create and configure an RD Session Host farm.

  • Configure RemoteApp and Desktop Connection for virtual desktops and RemoteApp.

  • Assign personal virtual desktops to user accounts.

  • Manage a Remote Desktop license server.

  • Manage a Remote Desktop Gateway server.

The advantage of using Windows PowerShell to manage Remote Desktop Services role services is that administrative tasks can be scripted, thus enabling an administrator to automate complex and recurring administrative tasks. Administrators can change settings and perform tasks directly from the Windows PowerShell command line without having to write, save, and run a script.

Remote Desktop Services Best Practices Analyzer

Best Practices Analyzer (BPA) is a server management tool that is available in Windows Server 2008 R2. BPA can help administrators reduce best practice violations by scanning one or more roles that are installed on Windows Server 2008 R2, and reporting best practice violations to the administrator. Administrators can filter or exclude results from BPA reports that they don’t need to see. Administrators can also perform BPA tasks by using either Server Manager or Windows PowerShell.

What does the Remote Desktop Services BPA do?

The Best Practices Analyzer (BPA) for Remote Desktop Services running on Windows Server 2008 R2 can help you bring Remote Desktop Services into compliance with best practices. These best practices are most valuable to administrators who have completed a BPA scan of Remote Desktop Services, and who want information about how to interpret and resolve scan results that identify areas of Remote Desktop Services that are noncompliant with best practices.

There are two categories of rules for the BPA for Remote Desktop Services:

  • Configuration. Configuration rules are applied to identify settings that might require modification for Remote Desktop Services to perform optimally. Configuration rules can help prevent setting conflicts that can result in error messages, or prevent Remote Desktop Services from carrying out its prescribed duties in an enterprise.

  • Operation. Operation rules are applied to identify best-practice-related possible causes of a role’s failures to carry out its prescribed tasks in the enterprise. An example of a violation of operation rules that a BPA scan might find is a service that is paused or stopped.

In Windows Server 2008 R2, the Remote Desktop Services BPA scan verifies the following Remote Desktop Services configuration settings:

  • Members of a Remote Desktop Gateway (RD Gateway) server farm must be available on the network and configured identically.

  • RD Gateway must be configured to use an SSL certificate signed by a trusted certification authority.

  • The Remote Desktop Licensing (RD Licensing) server must be activated before you can install RDS CALs onto the license server.

  • The Remote Desktop connection authorization policy (RD CAP) stored on the server running NPS must be configured correctly to support RD Gateway.

  • The RD Gateway server must be configured to use a valid SSL certificate.

  • The RD Gateway server must have at least one RD CAP enabled.

  • The RD Gateway server must have at least one Remote Desktop resource authorization policy (RD RAP) enabled.

  • The RD Gateway server should be configured to allow an adequate number of simultaneous connections.

  • The RD Gateway server should be configured to allow connections from all supported clients.

  • The RD Gateway server should be configured to allow new connections.

  • The Remote Desktop Users group on the RD Session Host server must contain users or groups.

In Windows Server 2008 R2, the Remote Desktop Services BPA scan verifies the operational status of Remote Desktop Services by checking the following:

  • The RD Gateway server must be able to contact Active Directory Domain Services.

  • The RD Gateway server must be able to contact the server running NPS.

  • The Remote Desktop Gateway service must be running on the RD Gateway server.

  • The Web site that the RD Gateway server is configured to use must be started on the Web (IIS) server.