windows server 2008 terminal services ts installing and configuring

Windows Server 2008 Terminal Services (TS) is one of the core virtualization features available in Server 2008 which makes it possible to install an application on a Terminal Server and image version of the application can be run on a desktop. All the process is done at the Terminal Server and the client only acts as an Interface. Running application on Terminal Server (TS) provides better administration and better application security hence applications are not directly installed on the user’s desktops. TS can only be installed on none-domain controller server.

Some of the TS roles that you might install on you TS server are;
Terminal Services Remote Application – is what makes applications available for the client computers remotely.
Terminal Services (TS) Session Broker – is a role installed when you have Terminal Services running in a clustered environment and stores the session state information.
Terminal Services (TS) Web Access – is what allows users to access remote applications through the Internet.
Terminal Services (TS) Gateway – is what allows remote users to connect to internal network resources across the network or behind firewall.
Terminal Services (TS) License – is a service role that manages the TS license. You can set Per Device CALS to assign a license for each device or client that connect to the Terminal Services or you can setup Per User CALS to assign a license for each user that connects to the Terminal Services.

Installing Windows Server 2008 Terminal Services (TS)

To install Terminal Services on Windows Server 2008 machine, follow these steps;

1. Click Start -> Server Manger. (Install the TS on a member server which is not a Domain Controller)

2. Click on Roles.

3. On the right panel of the Server Manager under Roles section, click on Add Role.

4. Click next on the “Before You Begin Introduction Console” .

5. Select Terminal Services from the roles list and click next.

6. Click next to the Terminal Services introduction screen.

7. Select Terminal Server and other service roles as required and click next.

8. Select the level of authentication required. Selecting “Require Network Level Authentication” is recommended authentication.


9. Select a Licensing Mode, Per Device or Per User. Using Per Device CALs, you must have a license for each client connecting to TS Services. Using Per User CALS, you must have a license for each user that connects to the TS.

10. Add users or user groups that would access the TS (these users/groups will be added to local remote users) and click next.

11. If you are installing TS Gateway, you need to install SSL certificate. Select one of the three SSL options and click next.

If you decide to install the TS Gateway services, you have additional configurations to settle. Connection Authorization Policy (TS CAPs) allows you to configure users that have authority to connect to the TS server. Resource Authorization Policy (TS RAPs) allows you to configure users that have authority to specific computers or resource.


Configure Terminal Services Connection Authorization (TS CAPS)
a. On the Create Authorization for TS Gateway console, choose to create authorization policy now option and click next.

b. Click Add on the “Choose User Groups that can Connect Through TS Gateway” console, choose the authorized user group and click ok.

c. Type the name of your “TS CAP”, choose an authentication method (password or smart card) and click next.

d. Type the name of your “TS RAP” and choose whether specify user group has authority to access any Remote Destiop Enabled computer on the network or use an specific computer group.

12. Review the summary and click Install to install the TS.

13. Restart the Server once the installation completes.

Note: you will also have to add TS users to the local remote desktop users group unless TS Connection Authorization Policy (TS CAPs) and TS Resource Authorization Policy (TS RAPs) are setup.

To test the TS installation, type mstsc command in the command promtp of an another TS domain member computer.

Publisher: abdirahman isse

Share this post