A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network. Download FREE
trial
Terminal Services Group Policy in Server 2003
Terminal Services can be tricky to control, fortunately Windows Server
2003 has a comprehensive
selection of
policies. My aim is to help you get the fastest, most stable Terminal
Server for your users.
Actually, I find that the two most useful policies are in the first (Root)
folder and the last section,
'Sessions'.
As an MCT trainer, I can thoroughly recommend TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Group Policy or go for
a combination of modules.
See more about Group Policy training here
We start with two Group Policies to aid the users.
'Keep-Alive connections' and * 'Automatic reconnect'.
These are just the sort of policies that will improve the users' experience of terminal service.
Now we come to policies to stop the users from getting into mischief. I
thoroughly recommend * 'Remove
disconnect option from Shut down', this encourages users to logoff
properly. What you don't want is for people to merely disconnect from
the terminal server, because that just wastes resources keeping an unnecessary connection alive.
I am less keen on 'Remove Windows Security from the start menu'.
The idea is to stop users logging off, but I would find it irritating to
remember the Ctr Alt, Del sequence every time that I wanted to finish a terminal
services session.
Finally in this section, you have important decisions on how you to configure the
home directory and roaming profile path. Bear in mind that these are
additional folders for terminal server sessions and not the regular Windows Server 2003 home
directory path.
Remember with Microsoft terminal server, programs behave as though the client was
logged on locally at the server. However, by default the client can
redirect certain resources to the machine where they are physically sitting
for example,
Printer, COM ports and Drive Letters.
So your choice is to continue allowing clients to use local resources
or disable redirecting of printers and drive letters to their
machines. Before you make your Group Policy decision, check the logic.
Disabling, 'Do not allow printer redirection' means that users CAN continue
to redirect their print jobs to a local printer.
Enabling 'Always prompt client for password' will boost your security.
The rest of the policies in this folder are only needed for high security networks where
you wish to encrypt the data.
The RPC Group Policy subfolder is to secure connections when terminal services is used
in Administrative mode, so
* 'Secure Server (Require Security)' is worth setting where
administrators dial-in to the Windows Server 2003 network.
The idea here is to conserve Microsoft licences by saying, 'Only those computer in
a
group called Terminal Services Computers, are allowed to connect'.
Perhaps one day we will all be running terminal services in a cluster.
If that day has already arrived for you, then you need to configure these
settings, for the rest of us, we can ignore the policies in this folder.
Last, but not least, are policies to control the time limits for the
users'
connections.
* 'Time limit for disconnected sessions', this must be worth setting
because all those disconnected session soon eat up precious RAM and disk space.
Following the same logic of conserving resources, I would also set an Idle
timeout. * 'Set time
limit for active but idle...' Let's face it, user can
easily reconnect when they return to their machines.
