Microsoft KB Archive/814590

= How to enable and to configure Remote Desktop for Administration in Windows Server 2003 =

Article ID: 814590

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-





For a Microsoft Windows 2000 version of this article, see 306624.





IN THIS TASK

 * SUMMARY
 * Enable Remote Desktop for Administration
 * Change the session encryption level
 * Troubleshooting
 * REFERENCES

SUMMARY
This step-by-step article describes how to enable and to configure Remote Desktop for Administration in Microsoft Windows Server 2003.

Windows Server 2003 Terminal Services includes the following two components:  Remote Desktop for Administration

With Remote Desktop for Administration, administrators can remotely manage Microsoft Windows 2000-based servers and Windows Server 2003-based servers from any Terminal Services client. For demonstration and collaboration purposes, two administrators can share a session. Additionally, an administrator can also remotely connect to the real console of a server by using the -console command.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

278845 How to connect to and shadow the console session with Windows Server 2003 Terminal Services

Notes  You do not have to have a Terminal Server Client Access License to use Remote Desktop for Administration. However, only members of the Administrators group can gain access to the server. By default, Remote Desktop for Administration is installed when Windows Server 2003 is installed. However, Remote Desktop for Administration is disabled for security reasons.  Terminal Server

Terminal Server allows simultaneous access by multiple remote clients to Windows-based programs that run on the server. This is the conventional Terminal Server deployment.

When you use Terminal Server mode, the server accepts more than two simultaneous connections by non-administrators. When you use this mode, you can install the Terminal Services Licensing service on any member server. However, you must configure a preferred license server on all terminal servers that have to communicate with non-domain controller license servers that are configured as domain license servers. Enterprise domain license servers that are deployed on non-domain controllers are automatically discovered.

For additional information about how to configure a preferred license server, click the following article number to view the article in the Microsoft Knowledge Base:

279561 How to override the license server discovery process in Windows Server 2003 Terminal Services

301932 Terminal Services Licensing service discovery

239107 Establishing Preferred Windows 2000 Terminal Services License Server

For additional information about Terminal Services licensing, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/techinfo/overview/termservlic.mspx



Before you enable Windows Server 2003 Terminal Services, review the following terms:
 * server

The server is the computer where most of the computing resources reside. The server is used in the Terminal Services networking environment. The server receives and processes the key strokes and the mouse movements that occur at the client. The server displays the desktop and the programs that are running on the server in a window on the client.
 * messaging

Messaging is the communication that occurs between the server and the clients by using Remote Desktop Protocol (RDP) 5.2. RDP is a program-layer protocol that relies on TCP/IP.
 * client

The remote desktop that is running on the server is displayed in a window on the client computer. When you start programs on the client computer, these programs are actually running on the server. Remote Desktop Connection is named Terminal Services client in Windows 2000. Remote Desktop Connection uses the latest advances of RDP 5.2 to provide significant improvements over earlier versions. Remote Desktop Connection can be used to connect to earlier versions of Terminal Services.

back to the top

Enable Remote Desktop for Administration
By default, Remote Desktop for Administration is disabled. To enable it, follow these steps:
 * 1) Click Start, click Control Panel, and then click System.
 * 2) Click the Remote tab, click to select the Allow users to connect remotely to your computer check box, and then click OK.

Note You do not have to have a Terminal Server Client Access License for Remote Desktop for Administration. A maximum of two concurrent connections are automatically permitted on a terminal server with Remote Desktop for Administration enabled.

back to the top

Change the session encryption level
By default, the encryption level for Terminal Services sessions is set to Client Compatible to provide the highest encryption level that is supported by the client. Other available settings are:
 * High - This setting provides bidirectional security by using a 128-bit cipher.
 * Low - This setting uses 56-bit encryption.
 * FIPS Compliant - All data is encrypted by using Federal Information Processing Standard 140-1 validated methods.

All levels use the standard RSA RC4 encryption.

To change the encryption level, follow these steps:
 * 1) Click Start, point to All Programs, point to Administrative Tools, and then click Terminal Services Configuration.
 * 2) In the left pane, click Connections.
 * 3) In the right pane, right-click RDP-tcp, and then click Properties.
 * 4) Click the General tab, click the encryption level that you want in the Encryption list, and then click OK.

back to the top

Troubleshooting
If Terminal Services does not run as expected, examine the IP address. Issues may occur if you provide an IP address that is not valid. If a program does not run as expected, consider the following issues:
 * Programs that lock files or DLL files may not run correctly. This issue may occur if more than one user is trying to use the same program at the same time.
 * Programs that use a computer name or an IP address for identification purposes may not run correctly. This issue may occur if more than one user at a time runs the program while using the same computer name or IP address.

back to the top