Windows Server 2003 SP1 Has Goodies for Terminal Server

The first service pack for Windows Server 2003 isn't just a security booster. It adds several features to Windows Terminal Services, Microsoft explained in a white paper out this week.

New SP1 features for Terminal Services include fallback printer capability, server authentication for connections, Group Policy settings for licensing and a Group Policy setting to automatically launch a program on connection to a Terminal Server.

Terminal Services is Microsoft's technology for hosting and running applications on a server that can be delivered to Windows and non-Windows clients without much client-side processing. The approach helps organizations deploy applications rapidly, manage applications that require frequent updates and wring life out of older clients or thin clients that can't handle large local applications.

Once a separate Microsoft server, then a separate version of the operating system, Terminal Services have been built into the core Windows Server operating system as a feature since Windows Server 2000.

SP1, released last week, deals primarily with hardening the OS against security threats. New security features include a Security Configuration Wizard and the Windows Firewall.

One of the new Terminal Services features in SP1 does follow the theme by relating directly to security. While Microsoft's native Remote Desktop Protocol offers encryption, Terminal Server does not provide authentication to verify the identity of a Terminal Server. Microsoft is addressing the problem by configuring Terminal Services connections to use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 1.0. The combination will provide server authentication and encrypted communications.

Among the non-security fixes is the new fallback printer capability. It is designed to make it easier for end users to make printouts nearby even when applications are hosted on faraway servers. The problem arises when no compatible printer driver exists on the Terminal Server for the local printer. The new feature, offered through a Group Policy setting, allows an administrator to default to a Hewlett-Packard-compatible Printer Control Language (PCL) fallback printer driver, an Adobe PostScript (PS) fallback printer driver or provide users with a choice between the two.

In an attempt to reduce the complexity of licensing Terminal Services environments, Microsoft also added new Group Policy settings specifically for licensing. By configuring the type of client access license required to connect to a Terminal Server in Group Policy, administrators override licensing mode choices made during setup or through configuration tools.

While a Group Policy setting was previously available for starting a program on connection to a Terminal Server, the policy setting previously could only be edited in Group Policy if the computer was a Domain Controller. With SP1, the policy can be configured for individual Terminal Servers within a domain. When the policy is enabled, the end user never sees the Windows desktop or the Start menu. Instead, the hosted application immediately appears at logon and ending the program logs the user off.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.