In-Depth
10 Tasty Terminal Server Tools
Choosing the right Terminal Server admin tool can be a little like concocting the perfect latte.
- By Greg Shields
- 04/01/2007
In the espresso world, it's called the "god shot." It's that stunningly
perfect combination of correct pressure, stable temperature, fresh beans and
barista technique which produces a cup that makes you swear there's a higher
power. It's hard to make a god shot and even harder to make one consistently,
but the central requirement in producing one is a good set of espresso-making
tools.
Terminal Servers are no different. When you're playing systems babysitter,
struggling to keep 40 or 50 users humming happily on those giant workstations
we call Terminal Servers, you've probably thought the same thing: "If I
had just the right tool, I could produce the ideal computing environment."
Let's take a look at some of the tastier Terminal Server tools you can inexpensively
add to your cup-warming tray.
TS Task Manager
Windows' Task Manager can be a boon for troubleshooting processor spikes and
memory leaks. But it can also be a pain in the neck for Terminal Server users
who have all the options but none of the permissions to make it work. That being
said, some of the functionality of Task Manager can be useful should users need
to end a malfunctioning application or kill a process.
| Where
To Download These Tools? |
|
|
|
For Windows Server 2003, native Group Policy doesn't have much in the way of
controlling Task Manager. One GPO setting called Remove
Task Manager is exposed at the path -- Administrative
Templates / System / Ctrl+Alt+Delete Options. That setting however, only
disables Task Manager in its entirety.
To combat this limited on-or-off option, the people at Thincomputing.net
have developed a hacked Task Manager that exposes only the necessary Task Manager
bits. Once you download and install this freeware tool, users are limited strictly
to the Applications, Processes and Networking tabs.
If you combine this install with the Group Policy setting -- Remove
Run menu from Start Menu at the path Administrative Templates / Start Menu and
Taskbar -- you can also restrict the ability to use Task Manager to start
new tasks.
ReconnACT
Windows has the capability to run scripts at log on and log off as well as startup
and shutdown. These timeframes are usually sufficient, as most configuration
activity needs to occur during one of those four events. However, in the world
of Terminal Services, two other events can occur for which Windows Server 2003
has no native capability to handle, namely session disconnection and reconnection.
If you allow your Terminal Server users to disconnect from their session and
reconnect from another location, you probably wish you could run scripts or
other configuration changes during those two events. The ReconnACT tool, written
by Dennis Damen of Login Consultants, does just that.
A simple but elegant tool, ReconnACT adds two user environment variables for
each user, called CURRENT_ CLIENTIP and CURRENT_CLIENTNAME. These two variables
store the client name and IP address of the attached client. When a client disconnects
or reconnects, the ReconnACT process will read the values of those variables
and use them to run an administrator-defined script or executable.
TSWhereIs
TSWhereIs is the first of three free tools we'll discuss that are written by
the Ctrl-Alt-Del Consultancy Pty Ltd. TSWhereIs addresses a specific problem
that plagues administrators in large Terminal Server farms: locating users.
Native Windows tools like quser are available on
the system to tell which users are logged into a specific server. But there's
no native tool that reveals the opposite, finding which Terminal Servers a stated
user is logged into.
Arriving as a simple command-line tool, if you want to search all Terminal
Servers in your network for a username just enter tswhereis
{username}. To check other domains, enter tswhereis
{username} {domain name}.
TSLogoff
The second of our command-line tools from the Ctrl-Alt-Del Consultancy, TSLogoff,
expands the native logoff.exe tool with the capability to log off all users
on a specific server at the same time. If you've ever needed to complete an
emergency patching in the middle of the workday, or just needed to get everyone
off your Terminal Servers in a hurry, you'll be happy to have this feature.
To use TSLogoff, enter tslogoff {session ID}.
The session ID for each user can be gathered by using the native quser
command. Users on remote Terminal Servers can be logged off by using tslogoff
{session ID} /server:{remote server}. In any case, you can replace the
session ID with the word ALL to log them all off
at once.
One interesting quirk with this tool is that if you enter tslogoff
with no other switches, it will immediately close all your open Windows and
log you off, so be careful.
ICSweep
Our final tool from the Ctrl-Alt-Del Consultancy is ICSweep. Terminal Services
and some of the third-party products like Citrix sometimes have problems when
corruption occurs within Temporary Internet Files. This problem is exacerbated
when browser-based applications are installed to the Terminal Server and those
tools are not clean about what they store in that location. Users with Internet
Explorer on their Terminal Server can also cause Temporary Internet Files bloat,
which can fill up the system drive.
Locating and clearing this location for every user can be a cumbersome process.
The ICSweep tool was developed to provide a single command-line that automatically
clears the Temporary Internet Files cache for all user profiles that are not
in use.
Other than bringing up the help file, there are no switches with this command.
Typing icsweep immediately identifies users and
starts the deletion process.
TSListUsers
As we've said before, the native quser tool provides
most of the information an administrator needs, but not everything. It focuses
on attached users. But if we need to find information about the attached computers
we need to look elsewhere.
Written by Joe Klemencic, computer security coordinator for Fermilab, this
tool does just that. If you enter tslistusers or
tslistusers {server name} at the command line,
the tool will return a list of users attached to the local Terminal Server as
well as their computer name and client IP address.
This information comes in especially handy when you're attempting to track
down performance problems for specific clients. Is it the server or is it the
network? This sort of client information offers a perfect segue to our next
tool that answers that very question.
Ping Plotter
If you're a Terminal Services administrator, then you're likely tired of hearing
that old complaint: "The server is slow." The constant plight of the
Terminal Services administrator in the large network is figuring out whether
that slowness comes from resource overuse on the server or network latency on
the connection.
Even though the RDP protocol is designed to be used in low-bandwidth situations,
the user's experience relies on a constant and uninterrupted flow of communication
between client and server. Even the slightest degree of network latency can
make that experience intolerable.
[Click on image for larger view.] |
| Figure 1. Ping
Plotter shows low latency but a hefty packet loss in an Internet connection
to Google. |
Ping Plotter is a GUI-based tool designed to help answer the question: "Is
it the server or is it the network?" Using the client IP information you
receive from TSListUsers, you can set up Ping Plotter to graphically analyze
each hop between server and client to hunt down that nasty latency. Knowing
the latency from the server to each progressive hop will help you track down
the node in your network that is the source of the slowdown.
To use Ping Plotter, install the tool to your Terminal Server and run the executable.
You'll need to enter the IP address for the remote client so you can start the
trace. A graphical representation of the connection's latency and packet loss
will eventually develop. If you don't feel like waiting for the latency to occur,
you can configure Ping Plotter to alert you via e-mail or other methods when
high latency occurs.
The basic version of Ping Plotter is freeware, but additional feature levels
exist for those willing to pay for that level's progressive pricing.
ThreadMaster
So you've identified that your slowness problem isn't the network. You've figured
out that a few users are using more than their fair share of processor resources
on your Terminal Server. Asking those users to stop working isn't an option,
and de-prioritizing their processes is too time-consuming. So what can you do?
You can install a tool like Soren Pederson's ThreadMaster to monitor for processor
overuse. ThreadMaster watches for processes that consume greater than a preconfigured
percentage of the processor over a set period of time. When a process misbehaves
and exceeds the administrator's thresholds, ThreadMaster will reduce the priority
of the process. This prevents one runaway process from impacting the user experience
for everyone else.
The ThreadMaster service does not have a user interface. Once installed, it's
administered via a number of registry keys. These registry keys control the
threshold maximum amount of CPU percentage for any process, the number of seconds
that process can exceed the threshold, any processes exempt from ThreadMaster
monitoring and a number more.
TSPing
Perhaps the worst way to find out about a problem is hearing about it from your
users. Why? Because it gives you no chance to fix it before someone complains,
and it can make you look bad as the administrator (who's supposed to know everything,
right?). Rather than manually watching your Terminal Servers and waiting for
them to fail, use TSPing from DABCC.com to watch
them for you. TSPing monitors the state of three critical Terminal Server services
on any number of machines: Net Logon, Print Spooler and Terminal Server. If
any of these three services incur a problem and stop running, this tool can
be configured to notify an administrator via e-mail and even to attempt a restart
of that process.
The e-mail notification requires an SMTP server to work, so you'll need to
ensure one is available and secured to support the notification e-mails.
WTSConfigurator
No matter what your problems are, ensuring a consistent server configuration
is important. With so many individual settings in so many different places,
this consistency can become difficult.
[Click on image for larger view.] |
| Figure 2. The
WTSConfigurator exposes dozens of Terminal Server-specific registry values,
all in one place. |
The WTSConfigurator is a tool from WTSTEK.com
that encapsulates many of those individual configurations into a single GUI
interface. Giving the administrator the ability to change RDP settings, client
device mappings, crash dump locations, log-in banners and all kinds of other
Terminal Server specific settings in one location, this tool helps ensure that
common configuration.
The author suggests, however, that the tool should not be used in production
environments, especially for making changes to configurations. It's a handy
tool for validating a configuration once you've completed your Terminal Server
build. The WTSConfigurator is a single-executable freeware tool.
Whether it's coffee you're making or remote desktops you're administering,
keeping a few good tools in the drawer will make the difference between a perfect
crema and a burnt flavor. So always remember: To keep your customers happy,
keep the portafilter warm between shots, the key to good foam is a little spin,
and good monitoring will help prevent the dreaded "the server is slow today"
call.