Upgrading to Windows Server 2003 Terminal Server
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The best way to install Terminal Server is by performing a clean installation. However, if you already have a Windows 2000 Terminal Services in Application Mode or Windows NT 4.0 Terminal Server Edition infrastructure in place, you might want to perform an upgrade. There are a number of other reasons why you might perform an upgrade, for example, if you are transitioning gradually to Windows Server 2003 or if you want to retain the ability to use your older software and device drivers. If you are upgrading your terminal servers from Windows 2000 to Windows Server 2003, you must take into consideration a number of changes and new requirements with Windows Server 2003.
Note
- When performing an operating system upgrade on a terminal server, the security template that is applied does not reset the access control lists (ACLs). This is in contrast to a non-Terminal Server upgrade, which resets the ACLs. If you are moving from Windows NT 4.0 Terminal Server Edition or Windows 2000 in Relaxed Security mode to Windows Server 2003 Terminal Server, consider performing a clean installation.
Upgrading Terminal Server Licensing
With Windows Server 2003, you must use a license server that is running Windows Server 2003. You can still issue licenses to Windows 2000 Terminal Server with a license server that is running Windows Server 2003, if you plan to gradually upgrade your terminal servers. Also, with Windows Server 2003 you no longer need to host your license server on a domain controller. For more information about choosing a host server for Terminal Server Licensing, see "Planning the License Server" earlier in this chapter.
Table 4.1 summarizes the licensing issues to be aware of when upgrading from Windows 2000 Terminal Services to Windows Server 2003 Terminal Server.
Table 4.1 Licensing Issues for Upgrading Terminal Server
If you are... | You need to... | ||
---|---|---|---|
Gradually upgrading your terminal servers to Windows Server 2003 from Windows 2000. |
Upgrade your license server to Windows Server 2003 at the same time that you upgrade the first terminal server. You can also ensure that the license server issues the appropriate CAL for Windows 2000 or Windows Server 2003 through Group Policy. For more information, see "Designing the Terminal Server Configuration" later in this chapter. |
||
Performing an in-place upgrade of the domain controller that hosts Terminal Server Licensing. |
Consider keeping your licenses on the same server whether or not you plan to host your license server on a domain controller. You can demote the domain controller either before or after you upgrade the server to Windows Server 2003 by using the Active Directory Installation Wizard (dcpromo.exe). If you upgrade your license server, you must reactivate the license server. For information about upgrading a domain controller, see "Upgrading from Windows 2000 Domains to Windows Server 2003 Domains" in Designing and Deploying Directory and Security Services of this kit. |
||
Performing a clean installation of the server that hosts Terminal Server Licensing. |
Deploy Terminal Server Licensing on a server that runs Windows Server 2003, migrate the client access licenses (TS CALs) to the new license server, and then deactivate the previous license server by doing the following:
|
||
Redeploying Terminal Server Licensing to a new server. |
Deploy Terminal Server Licensing on a server that runs Windows Server 2003, migrate the client access licenses (TS CALs) to the new license server, and then deactivate the previous license server by doing the following:
|
Group Policy Upgrade Issues
Windows Server 2003 offers more Terminal Server–specific Group Policy settings than did earlier versions of the Windows operating system. Your initial Group Policy settings vary depending on whether you perform an upgrade or clean installation. When you upgrade your terminal servers to Windows Server 2003, the new Group Policy settings are left Not Configured rather than set to their default. When you perform a clean installation, the default settings are used. Carefully review the Group Policy settings for Terminal Server to choose the best settings for your environment. For more information, see "Designing the Terminal Server Configuration" later in this chapter.
Also new with Windows Server 2003 is the Remote Desktop Users group. Users are required to be members of this built-in local group in order to gain access to the terminal server. This group is empty by default. For more information, see "Planning Terminal Server User Rights and Logon" earlier in this chapter.
Permission Compatibility
If you are upgrading from Windows 2000 Terminal Services or Windows NT 4.0 Terminal Server Edition, and are planning to host the same applications with Windows Server 2003, be aware that, in order for them to work, some older applications require access to system resources, such as the registry, for members of the Users group on a terminal server. If your older applications require this type of access, you can control the Permission Compatibility setting in TSCC on the Server Configuration tab for application compatibility. This setting is set to Full Security by default, which restricts access to system resources.
Important
- Do not set this setting to Relaxed Security unless you have performed thorough testing and have determined that your applications will not work properly otherwise. Relaxed Security mode gives users access to system components on the server, such as the ability to modify the system32 directory where operating system files are stored, access to the Program Files directories, and read/write access to registry settings in HKEY_LOCAL_MACHINE.
For more information about configuring this setting, see "Designing the Terminal Server Configuration" later in this chapter.
Automated Installation
If you are planning to use an automated installation method to upgrade your terminal servers, you can do this only by using Unattended Setup. For more information about using Unattended Setup with Terminal Server, see "Designing Application Installation" later in this chapter. For more information about installing Windows Server 2003 by using an automated installation method, see Automating and Customizing Installations of this kit.
Internet Explorer Enhanced Security Configuration
When you upgrade from Windows 2000 Terminal Services, Internet Explorer Enhanced Security Configuration is enabled for administrators and disabled for users by default. With this configuration, users are able to browse and download files from the Internet without restriction, but administrators cannot do so. For more information about Internet Explorer Enhanced Security Configuration settings, see "Internet Explorer Enhanced Security Configuration" in Help and Support Center for Windows Server 2003.