Core Enhancements to Terminal Services

Windows Server 2008 has a number of core improvements in how Terminal Service works. Most of the improvements we’ll look at were first introduced in Windows Vista, but for some of these enhancements to work in Windows Vista you need Windows Server 2008 running on the back end as your terminal server. Many of these improvements center around changes to the Remote Desktop Connection client that comes with Windows Vista and Windows Server 2008, so let’s begin there. After that, we’ll look at some core changes on the server side that change some of the ways Terminal Services operates and that terminal server admins need to know about. Finally, we’ll briefly look at how to install Terminal Services, and then move on to other new features such as TS Gateway, TS Web Access, and TS RemoteApp.


Remote Desktop Connection 6.0
On previous versions of Windows, there were effectively two Terminal Services clients:
Remote Desktop Connection, a Win32 client application that is the “full” Terminal

Services client and is included in Windows XP and Windows Server 2003. You could also download a version of this client (msrdpcli.exe) that could be installed on earlier Windows versions to provide similar functionality.

Remote Desktop Web Connection, an ActiveX control you could download from a Web page running on IIS and then use to connect over the Internet to a terminal server. Remote Desktop Web Connection has slightly less functionality than the full Terminal Services client but is easy to deploy-just download it using a Web browser and you can open a Terminal Services session within your Web browser.

Starting with Windows Vista, however (and in Windows Server 2008 too), this ActiveX control has been integrated into the Remote Desktop Connection client, so there is only one client now and users don’t have to download anything to access terminal servers over the Internet. This is good because some organizations might have security policies in place that prevent users from downloading ActiveX controls onto their client machines.

This new version 6.0 client (which is also available for Windows XP Service Pack 2-see article 925876 in the Microsoft Knowledge Base for more info) provides a number of significant improvements in the areas of user experience and security.


Network Level Authentication and Server Authentication
Remote Desktop Connection 6.0 (RDC 6.0) supports Network Level Authentication (NLA), a new authentication method that authenticates the user, the client machine, and server credentials against each other. This means client authentication is now performed before a Terminal Services session is even spun up and the user is presented with a logon screen. With previous RDC clients, the Terminal Services session is started as soon as the user clicks Connect, and this can create a window of opportunity for malicious users to perform denial of services attacks or steal credentials via man-in-the-middle attacks.

To configure NLA, open the System item from Control Panel, click Remote Settings, and select the third option.

The other security enhancement in RDP 6.0 is Server Authentication, which uses Transport Layer Security (TLS) and enables clients to be sure that they are connecting to the legitimate terminal server and not some rogue server masquerading as the legitimate one. To ensure Server Authentication is used on the client side, open RDC and on the Advanced tab select the Don’t Connect If Authentication Fails (Most Secure) setting from the drop-down list box (the default setting is Warn Me If Authentication Fails).

You can also configure Server Authentication using the Terminal Services Configuration snap-in. Using Network Level Authentication together with Server Authentication can help reduce the threat of denial of service attacks and man-in-the-middle attacks.


Display Improvements
RDC 6.0 also provides users with a considerably enhanced user experience in the area of display improvements. For one thing, Terminal Services sessions now support a maximum display resolution of 4096 × 2048. And although before only 4:3 display resolution ratios were supported, now you can define custom resolutions like 16:9 or 16:10 to get the more cinematic experience supported by today’s wide-screen monitors. Setting a custom resolution can be done from the RDC UI or by editing a saved .rdp file using Notepad or by starting RDC from a command line using switches-that is, typing mstsc /w:width /h:height at a command prompt.

Another display improvement is support for spanned monitors-that is, spreading the display across multiple monitors. Note that to do this you have to make sure that all your monitors have the same resolution configured and their total resolution doesn’t exceed 4096 × 2048. Additionally, you can span monitors only horizontally, not vertically (better for the neck, actually) using the /span switch.

A third display improvement is that RDC now supports full 32-bit color depth, which means that users can now experience maximum color quality when running applications in Terminal Services sessions. Personally, I can’t tell the difference between True Color (24-bit) and Highest Quality (32-bit), but I suppose someone who works with Photoshop can quickly notice the difference. To get 32-bit color, you need to configure it both on the client (on the Display tab of the RDC properties) and on the terminal server, which must be running Windows Server 2008. Or you can configure 32-bit color from the server by opening the Terminal Services Configuration snap-in and double-clicking on the RDP connection you want to configure (like the default RDP-Tcp connection). Then switch to the Client Settings tab of the connection’s properties dialog box and change the color depth to 32 bits per pixel. In fact, 32-bit color is now the default; this is because for typical higher-color applications, such as IE and PowerPoint, the new compression engine in RDP6 typically sends less data over the network in 32-bit color mode rather than in 24-bit color mode. If you need high color you should consider 15-bit, 16-bit, and 32-bit color before you consider 24-bit.

Yet another display enhancement is support for ClearType in Terminal Services sessions. This feature of RDC 6.0 is known as font smoothing because it makes the fonts of displayed text a lot easier to read. You can enable this on RDC by selecting the Font Smoothing check box on the Experience tab.

To ensure font smoothing is enabled on the server side of your Windows Server 2008 terminal server, open Appearance And Personalization from Control Panel, click Personalization, click Windows Color And Appearance, click Effects, and make sure ClearType is selected.

Source of Information : Introducing Windows Server 2008