====== Remote Desktop Services ======
FIXME This is an old page being updated.
http://ryanmangansitblog.com/2013/03/11/deploying-rds-2012-single-server-session-based-deployment/
===== Chrome Browser =====
Google Chrome (and other modern web browsers) can cause very high CPU and other resource utilization and this is compounded on RDS servers.
**[[internet:browser:chrome|Google Chrome Browser Tweaks]]**
===== Cached Exchange Mode =====
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28119881.html
Microsoft recommends turning off Cached Exchange Mode. Disable it server-wide:
Create this registry Key:
HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Office/14.0/Outlook/OST
In that key, create a ''DWORD'' named ''NoOST'' and set the value to ''2''.
===== Group Policy Settings =====
http://technet.microsoft.com/en-us/library/ee791756%28v=ws.10%29.aspx
**Session Shadowing**: http://blogs.technet.com/b/askperf/archive/2013/10/22/windows-8-1-windows-server-2012-r2-rds-shadowing-is-back.aspx
**Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections**
* **Set rules for remote control of Remote Desktop Services user sessions -> Enabled - Full Control without user's permission**
===== Step by Step Windows 2016 =====
:!: This does not create an entire RDS configuration, but is does set up a session host suitable for Parallels RAS.
{{ :virtualization:microsoft:create_rds_server_01.png?600 |}}
{{ :virtualization:microsoft:create_rds_server_02.png?600 |}}
{{ :virtualization:microsoft:create_rds_server_03.png?600 |}}
{{ :virtualization:microsoft:create_rds_server_04.png?600 |}}
{{ :virtualization:microsoft:create_rds_server_05.png?600 |}}
{{ :virtualization:microsoft:create_rds_server_06.png?600 |}}
{{ :virtualization:microsoft:create_rds_server_07.png?300 |}}
{{ :virtualization:microsoft:create_rds_server_08.png?600 |}}
===== RemoteFX =====
http://technet.microsoft.com/en-us/library/ff817595%28WS.10%29.aspx
**USB Redirection**: http://blogs.msdn.com/b/rds/archive/2012/09/11/remotefx-usb-redirection-in-windows-server-2012-and-windows-8.aspx
==== WAN Optimization ====
http://support.microsoft.com/kb/2592687/en-us
===== Windows Server 2008 R2 =====
Install Desktop Experience: http://technet.microsoft.com/en-us/library/cc742809.aspx
Configure Audio and Video Playback: http://technet.microsoft.com/en-us/library/dd759165.aspx
Configure Audio Recording Redirection: http://technet.microsoft.com/en-us/library/dd759231.aspx
===== Windows Server 2012 R2 =====
Make sure the **Windows Audio** and **Windows Audio Endpoint Builder** services are be running:
net start Audiosrv
http://www.concurrency.com/blog/remote-desktop-services-in-windows-server-2012-step-by-step-guides/
===== Remote Desktop Roles =====
http://ali.vg/2011/03/three-ways-to-use-rds-remote-desktop-services-from-outside-your-office/
http://redmondmag.com/Articles/2013/12/24/RD-Gateway-in-Windows-Server.aspx?Page=2
{{ :networking:windows:active_directory:rds.jpg |Remote Desktop Roles}}
==== RD Web Access ====
* RD Web Access and RD Gateway are usually installed on the same server
* Provides a list of Remote Desktop services available in a web browser (IE)
==== RD Gateway ====
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
https://www.virtuallyboring.com/setup-rd-gateway-role-on-windows-server-2012-r2/
:!: This tutorial points to Control Panel, Administrative tools, Remote Desktop Gateway Manager for a portion of the configuration. If not there type "Remote Desktop Gateway Manager" on the start menu to find it.
=== Generate a CSR IIS 8 ===
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1160/19/csr-generation--microsoft-iis-8x
* RD Web Access and RD Gateway are usually installed on the same server
* Tunnels RDP traffic over SSL
* Managed with Remote Desktop Gateway Manager
* ''tsgateway.msc''
== Install Self Signed Cert on Win8/10 Client==
http://www.thewindowsclub.com/manage-trusted-root-certificates-windows
==== RD Licensing ====
* Often run on another server such as the domain controller
==== RD Connection Broker ====
* In larger environments, there may be multiple connection brokers
* Connection brokers use a MSSQL (or Express) database for high availability
==== RD Session Host ====
* Terminal Server
==== RD Virtualization Host ====
* Hyper-V Host
===== User Profile Disks =====
http://thewolfblog.com/2014/02/24/user-profile-disks-for-rds-2012-2012-r2/
http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/working-with-user-profile-disks-on-session-based-desktop-deployments.html
* Defined per session collection
* User profile disks can’t be shared across types of collections
:!: If you have a deployment that supports Virtual Desktop Infrastructure (VDI), Remote Desktop session collection(s) and RemoteApp programs, you’ll have three different profile disks for each user.
:!: User Profile Disks are used instead of Roaming Profiles and folder redirection. If you already have roaming profiles and folder redirection configured, you probably don't need to implement UPDs.
:!: UPDs can be used with folder redirection.
User profile disks centrally store user and application data on a single virtual disk that is dedicated to one user’s profile. When the user logs on, their profile disk is attached to their session and detached when the user logs out.
==== UPD File Share per RDS Collection ====
:!: You can create the share with the default share permissions which is **everyone:read**. The permissions will be modified for you when you enable UPDs in the RDS collection.
===== Configure RDS License Server =====
==== Windows Server 2012 ====
:!: You can use Group Policy (''gpmc.msc'') or Local Policy.
On the RDS server, run ''gpedit.msc'' to edit Local Policy:
**Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing**
* **Use the specified Remote Desktop license servers**
* **Set the Remote Desktop licensing mode**
==== Windows Server 2008 ====
http://technet.microsoft.com/en-us/library/cc770585.aspx
After installation of the licenses you need to point the RDS Server to the RDS License Server. They may be on the same server or different servers.
On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
In the Edit settings area, under Licensing, double-click Remote Desktop license servers.
On the Licensing tab of the Properties dialog box, click Add.
In the Add License Server dialog box, select a license server from the list of known license servers, and then click Add. If the license server that you want to add is not listed, in the License server name or IP address box, type the name or IP address of the license server that you want to add, and then click Add.
You can add more than one license server for the RD Session Host server to use. The RD Session Host server contacts the license servers in the order in which they appear in the Specified license servers box.
Click OK to close the Add License Server dialog box, and then click OK to save your changes to the licensing settings.
===== Downgrade 2012 RDS CALS to 2008 R2 CALS =====
Activate the RDS License server. Add licenses using "Telephone" method. Answer no to all prompts until a human answers the phone. Explain that you need to downgrade. If using an Action Pack license number tell them it is "retail".
===== Enable Remote Desktop User Login =====
http://www.ncomputing.com/kb/To-log-on-to-this-remote-computer-you-must-be-granted-the-Allow-log-on_243.html
You receive the error message "To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop Users group does not have this right, you must be granted this right manually"
To correct this issue, first log in as an administrator to the RDS Server. Click Start and then click Run.
Type in "gpedit.msc"
Click "OK"
When the Group Policy Object Editor appears, navigate to:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
In the right-hand pane, locate the entry named "Allow Log on through Remote Desktop Services" and double-click on it.
Click "Add User or Group.."
Type "everyone" into the available text box and click "Check Names"
After the name is underlined, click OK
Click OK
===== Add RDVH to RDS =====
**Deploy VDI**: http://thewolfblog.com/2014/03/26/deploying-vdi-for-rds-2012-2012r2-part-i/
**Publishing a Desktop** http://thewolfblog.com/2014/04/14/deploying-vdi-for-rds-2012-2012olr2-part-ii/
**Updating a Desktop Image** http://thewolfblog.com/2014/04/19/deploying-vdi-for-rds-2012-2012r2-part-iii/
* You need a physical 2012 server with the Hyper-V role installed
* A Hyper-V cluster is preferred
- Join the RDVH server to the AD domain
- Using Server Manager, add the designated RDVH server to be managed
- Add Roles and Features
- Remote Desktop Services installation
- Standard Deployment
- Virtual machine-based desktop deployment
- Select the existing connection broker and web access servers
- Add the new server as a virtualization host
- A new virtual switch is created and will be used for the virtual desktops
- Edit the Deployment Properties
- Select the Active Directory domain and OU for VDI desktops
- Specify the Export Location where VDI templates are copied to
===== Regenerate Temporary Terminal Services CALs =====
==== Windows Server 2003 ====
http://deadlytechnology.com/terminal-services/regenerating-temporary-terminal-server-cals/