Windows Server 2003 SP1 Has Goodies for Terminal Server

The first service pack for Windows Server 2003 isn't just a security booster. It adds several features to Windows Terminal Services, Microsoft explained in a white paper out this week.

New SP1 features for Terminal Services include fallback printer capability, server authentication for connections, Group Policy settings for licensing and a Group Policy setting to automatically launch a program on connection to a Terminal Server.

Terminal Services is Microsoft's technology for hosting and running applications on a server that can be delivered to Windows and non-Windows clients without much client-side processing. The approach helps organizations deploy applications rapidly, manage applications that require frequent updates and wring life out of older clients or thin clients that can't handle large local applications.

Once a separate Microsoft server, then a separate version of the operating system, Terminal Services have been built into the core Windows Server operating system as a feature since Windows Server 2000.

SP1, released last week, deals primarily with hardening the OS against security threats. New security features include a Security Configuration Wizard and the Windows Firewall.

One of the new Terminal Services features in SP1 does follow the theme by relating directly to security. While Microsoft's native Remote Desktop Protocol offers encryption, Terminal Server does not provide authentication to verify the identity of a Terminal Server. Microsoft is addressing the problem by configuring Terminal Services connections to use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 1.0. The combination will provide server authentication and encrypted communications.

Among the non-security fixes is the new fallback printer capability. It is designed to make it easier for end users to make printouts nearby even when applications are hosted on faraway servers. The problem arises when no compatible printer driver exists on the Terminal Server for the local printer. The new feature, offered through a Group Policy setting, allows an administrator to default to a Hewlett-Packard-compatible Printer Control Language (PCL) fallback printer driver, an Adobe PostScript (PS) fallback printer driver or provide users with a choice between the two.

In an attempt to reduce the complexity of licensing Terminal Services environments, Microsoft also added new Group Policy settings specifically for licensing. By configuring the type of client access license required to connect to a Terminal Server in Group Policy, administrators override licensing mode choices made during setup or through configuration tools.

While a Group Policy setting was previously available for starting a program on connection to a Terminal Server, the policy setting previously could only be edited in Group Policy if the computer was a Domain Controller. With SP1, the policy can be configured for individual Terminal Servers within a domain. When the policy is enabled, the end user never sees the Windows desktop or the Start menu. Instead, the hosted application immediately appears at logon and ending the program logs the user off.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


comments powered by Disqus

Subscribe on YouTube