Experiment 

7
Date :

Remote Desktop Administration

Aim: To understand how to connect Server using Remote Desktop Administration.
Theory:
In the real world systems running Windows Server  will most likely be located in large rack 
systems in a server room. As such, it is highly unlikely that system administrators are going 
to physically visit each of these servers to perform routine administrative tasks such as 
system configuration and monitoring. A far preferable scenario involves these 
administrators remotely logging into the servers from their own desktop systems to perform
administrative tasks. Windows Server provides precisely this functionality through Remote 
Desktop and the remote administration features of the Machine Management Console 
(MMC). 
Windows Server, this service is provided by Terminal Services running on the remote server
systems and the Remote Desktop Connection (RDC) client on the local system. 

Procedure:
To add the Terminal Services Role to Windows Server 2008 R2, follow these steps:

    Log on to your Windows Server 2008 computer as an administrator. Click Start, and then
click Server Manager.
    Right­click Roles, and then click Add Roles.
    The Add Roles Wizard appears.
    On the Before You Begin page, click Next.
    On the Select Server Roles page, select Terminal Services. Then, click Next.
    On the Terminal Services page, click Next.
    On the Role Services page, select TS Gateway. When prompted, click Add Required Role 
Services. Then, click Next.
    On the Server Authentication Certificate page, select an SSL certificate, and then click 
Next.
    On the Authorization Policies page, click Now, and then click Next.
    On the TS Gateway User Groups page, click Add to select the user groups that can 
connect through the terminal server gateway. Typically, you should create an Active 
Directory security group for Remote Desktop users connecting from the Internet, and add 
all authorized users to that group. Then, click Next.
    On the TS CAP page, enter a name for the Terminal Services Connection Authorization 
Policy, and choose whether to allow authentication using passwords, smart cards or both. 
Click Next.
    On the TS RAP page, enter a name for the Terminal Services Resource Authorization 
Policy. Then, choose whether to allow remote clients to connect to all computers on your 
internal network or just computers in a specific domain group. For best results, create an 
Active Directory security group, and add the computer accounts for all authorized Remote 
Desktop servers to that group. Click Next.
    Note: The CAP defines who can connect to the TS Gateway, while the RAP defines which
computers they can use the gateway to access. Both must be defined for a user to establish 
a connection.
    Complete any other wizard pages that appear for dependant roles by accepting the 
default settings, and then click Install on the Confirmation page.
    After the installation is complete, click Close, and then click Yes to restart the computer if
required.
    After the computer restarts, log back on and click Close in the Resume Installation 
Wizard.

Later, you can use the Server Manager console to modify the CAPs or RAPs by clicking the 
roles\terminal services\ts gateway manager\computer_name\policies node.

If necessary, configure your firewall to allow incoming HTTPS connections to your TS 
Gateway on TCP port 443. Additionally, the TS Gateway must be able to communicate to 
Remote Desktop servers using TCP port 3389.

Starting the Remote Desktop Client

With the appropriate configuration tasks completed on the remote server system the next step is to
launch the Remote Desktop Client on the local system. The client can be run in either
administration mode which provides full integration with the console of the remote server, or virtual
session mode which provides some administrative privileges but does not provide console access or
allow applications to be installed.
Initial screen will appear requesting details of computer to which the client is to connect. This can
either be an IP address or a computer name. If previous connections have been established the User
name field will be populated with the user name used in the preceding session. If you need to log in
as a different user this option will be provided on the next screen which appears after the Connect
button is pressed:
In this screen enter the password for the selected user (note that remote desktop access is only
available for user accounts which are password protected). If a user other than the one displayed is
required, simply click on the Use another account link and enter the necessary details. Click on OK
to establish the connection. After a short delay the remote desktop will appear on the local computer
screen.

Result:  
Configured windows terminal server .