Windows 2012r2 Remote desktop services: session based: Locked down

Similar Messages

• Accessing ASDM through MS Remote Desktop Services session based system

  I am setting up a MS Remote Desktop Services system for a client.  This is being configured as a jump server so everyone at the client will go through this system (aka jump server) to access systems via ssh, https, etc that are in a restricted part of the network.  I am running into a problem getting ASDM to work.  I can bring up the initial web page directly on the server via Internet Explorer, so that tells me I can get to the ASA.  I have installed Java 1.7.10 as this is the recommended version on looking at the Java site for Windows 2012.  When I try to install the dm_launcher, it says that Java isnt installed..
  Has anyone been able to get this to work ?
  Ron

  I've used ASDM fine from an RDS platform. I used Java 7 update 45. How are you trying to install the launcher?
  Sent from Cisco Technical Support iPad App

• Windows Components/remote desktop services/remote desktop session host/profile doesn't appear to be working on 2008R2 boxes

  I have two domains.   One is an account domain with a one way trust with the resource domain.   Resource domain trusts the account domain and has a number of 2008R2 servers running within.  I am experiencing severe logon delays
  due to these servers being unable to access the server that hosts the user home folder specified directly on the user account profile tab from the account domain.   When using my workstation in the actual account domain (corporate) I have no
  problems.
  Because of these network restrictions,  I need to override the 2008R2's desire to access that user home folder location in the account domain.
  So far the best thing I have found to try is Windows Components/remote desktop services/remote desktop session host/profile/Set Remote Desktop User Home Directory
  The problem is that so far I have tried to configure this to point to both a local folder as well as a network path and it doesn't appear to be doing anything.   Not seeing any errors in the app or system log either.
  It is still trying to map the path in the account domain.
  Any ideas?
  Is there a better way to accomplish my goal?   The servers in the resource domain will be Citrix servers and there will be a lot of users connecting from the account domain.
  I tried this setting too,  but it only seems to work on the 2012 machines in my Resource domain.
  With the introduction of Windows 8 and Windows Server 2012 there is now a new group policy setting called “Set user home folder” and is found under Computer Configuration > Policies > Administrative Templates > System > User Profiles
  Help!

  Hi,
  This might be due to permission problems. Please check whether the user accounts for whose home folder to be redirected have permissions in the shared folder specified in the server. 
  Checkout the below link on Best Practice for creating Roaming Profile and Folder Redirection
  http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
  Regards,
  Gopi
  JiJi
  Technologies

• Your Remote Desktop Services Session Has Ended - Occurs when running in background

  Our remote desktop users are having an issues with the RD session ending whenever we are running it in the background. Namely the session will run as long as the computer is idle or I am actively working in RD. Within 4 minutes of leaving RD and working
  in another application, I receive the message: Your Remote Desktop Services Session Has Ended

  You are posting in the wrong forum.  Post in the RDS forum  for help with the RDS product.
  ¯\_(ツ)_/¯
  Direct link:
  https://social.technet.microsoft.com/Forums/en-us/home?forum=winserverTS%2CwinRDc&filter=alltypes&sort=lastpostdesc
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Questions in regards to server 2012R2 Remote desktop Service deployment and GPO

  Hi Everyone
  We have a business requirement moving to 2012R2 RDSH server. I have installed a 2012R2 member servers and enabled Remote desktop licensing role. I have activated the licenses. the servers is in operational
  I have deployed 3 windows 2012R2 member server "RDS1" , "RDS2" and "RDS3".
  on RDS1 I ran Add roles and Feature Wizard > Remote Desktop Services installation > Quick Start >Session based desktop deployment to complete the installation.
  On RDS1 Server Manage Dashboard Page Select Remote Desktop Services > Overview. Under RD Licensing I added my 2012R2 license server "2012r2-tslic". Go to task. Edit deployment properties RD license mode to per device and click OK.
  Reboot RDS1
  Check RD Licensing Diagnoser everything is clear
  On RDS2 I did the exact same thing ran Add roles and Feature Wizard > Remote Desktop Services installation > Quick Start >Session based desktop deployment to complete the installation. 
  But With RDS2 I move this server to an OU that link to a GPO with RD licensing details. after reboot the servers check RD Licensing Diagnoser I can see 2012r2-tslic specified as the license servers.  
  Based on this document
  http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx  Are you suppose to configure RD license server via Remote desktop Service deployment ? Not GPO ?
  Here are my questions
  We currently have ten 2008r2 terminal servers in a NLB cluster. each RDSH server have in house application installed on each one of them. User connect to the 2008R2 RDSH servers via RDP connection. we have a restricted GPO apply to those
  RDSH servers. user cannot do anything on RDSH servers apart from running the application and use excel.  On the remote desktop session host configuration we have enable settings like end a disconnected session , Active session limit  ,
  remote control users session , LPT port redirection.
  We push out RD license server detail via GPO to the terminal servers
  Can I use our existing GPO apply the licensing server settings , desktop restriction setting to the 2012R2 RDHS servers or we should be using Remote desktop Service deployment to do the job ? If that is the case how would you transfer the
  current 2008r2 environment to 2012 using Remote desktop Service deployment. is that mean I have to manually configure 1 by 1.
  Please help
  Many thanks

  Hi,
  Please see my response to you in the other thread.  Please contact me via email and I will go over the basic planning and deployment steps with you which will help clear things up and get you started off on the right foot.
  You should only run through the wizard and create a RDS deployment once.  Then you add the various servers (RDSH, RD Licensing, RD Gateway, etc), set Deployment properties, etc.
  Thanks.
  -TP

• Windows 2008 Remote Desktop Services - Word Spell Check

  We are running Windows 2008 servers on our network with remote desktop services (terminal services). We currently experiencing a challenge with Word 2010. The spell check feature is not working, when you try and run it gives an error "Microsoft Word
  can't check the spelling or grammar in this document. An error occurred and this feature is no longer functioning properly." After about 5 clicks it comes up with Cannot find the proofing tools for English (Australia). It eventually it works, need to
  get it to work the first time. I have searched all around but can't seem to find the answer.

  I'd try them over here.
  Word
  2010 forum on Microsoft Answers
  Word IT Pro forum on TechNet
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Prevent Remote Desktop 2008R2 session from locking after 10 mins of inactivity

  Do you have a screensaver setup?
  GPEDIT -> User configuration -> Administrative templates -> control panel -> display
  Change screen saver to disabled, and screen saver timeout to a high value just in case.
  Sometimes there are issues with screensaver settings stuck there is a reg fix for it as well:[HKEY_CURRENT_USER\Control Panel\Desktop] "ScreenSaverIsSecure"="0"

  Can someone direct me where to prevent the session from locking after 10 mins.  I have read that this is a default behavior of 2008R2.
  Thanks
  This topic first appeared in the Spiceworks Community

• How to install the Remote Desktop Services role on a Windows 2012 R2 Server

  Hello,
  I am a bit confused on how to install the RDP role on a 2012 R2 server. I have a two server domain and would like to make the second member server an RDP server to host applications (Word, Excel, a medical software, etc.) where users from their windows
  7 desktop will use the Remote Desktop Connection to connect to the server, create a session and do their work. When installing the role, I am prompted with two options:
  1- Role-based or feature based installation
  2- Remote Desktop services installation
  I see the RDP install option in both cases.
  1- Which one do I use?
  2- What role services do I install? (Connection broker, Gateway, Licensing, Session Host, Virtualization host and Web access). I think I need the first four only.
  3- When installing software after RDP, I use the Change user /install and Change user /execute commands. What happens to the software that is already installed? Can remote
  users use those?
  Any help will be very much appreciated.
  Thank You,
  Victor.

  TP,
  Thank you for your response. I added the RD Licensing thru the Role-based option.
  Also opened the local group policy thru gpedit.msc and added the server name and the licensing mode type to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session
  Host -> Licensing
  Use the specified RD license servers = NameOfMyServer
  Set the Remote Desktop licensing mode = TypeOfMyLicense (Per User in my case)
  Thank you again,
  Victor

• Onscreen Keyboard appears when shadowing session on 2012R2 Remote Desktop Session Host

  As the title suggests, whenever I shadow a session on our 2012R2 RDSH server, the onscreen keyboard appears.  The taskbar also unlocks.
  Both of these behaviours mean that the user can tell when their session is being shadowed, which I don't always want to be the case - sometimes I want to be able to monitor the session without their knowledge.
  Anyone know how I can stop this from happening?

  Hi,
  Thank you for posting in Windows Server Forum.
  Yeah, we can use the following command where we can take user shadow session without giving him any notification, and no need to approve by the user.
  mstsc.exe /shadow:ID /v:ServerName /control /noConsentPrompt
  But for this, we need to set the following group policy:
  [Computer Configuration | User Configuration]
  \Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
  Set rules for remote control of Remote Desktop Services user sessions:  Enable
  Select the option: Full Control without User’s permission
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• To install Remote Desktop Services User CAL on Windows Server 2008 R2 Enterprise Edition with SP1

  Dear Sir,
  Presently we have installed Windows Server 2008 R2 Enterprise Edition with SP 1. And now i would like to install Remote Desktop Services User CAL on this server. I have 25 digit product key of Windows Server
  2008 R2 Remote Desktop Services User CAL (20). Downloaded this product key from our MSDN Subscriptions.
  Kindly suggest me how to install (CAL server with product key that i have) and configure remote desktop services on my above existing server also how to point other server with my CAL server.
  Thanks

  Hi,
  1. Install Remote Desktop Session Host and Remote Desktop Licensing Role Services using Server Manager.
  2. Open RD Licensing Manager (licmgr.exe), Activate your server, then install your license
  3. In RD Session Host Configuration (tsconfig.msc), set the Licensing mode to Per User and Specify your RD Licensing server name (itself).  If you want you may configure these two settings via group policy setting instead.  The path of the
  group policy settings is Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Licensing
  4. You may point other RDSH servers to your RD Licensing server using RD Session Host Configuration or via group policy as mentioned above.
  5. Optionally you may consider installing other Remote Desktop Role Services such as RD Gateway, RD Web Access, RD Connection Broker, etc.
  -TP

• Audio service hangs on Windows Server 2008R2 with Remote Desktop Services

  Hello! 
  I have some terminal servers on Windows Server 2008R2. Users have the ability to use web browsers (IE, Firefox) with the included Flash Player, IM clients / Internet
  telephony (Skype, ICQ), Windows Media Player, Office, and a specific internal software (works with MS SQL). I have the following problem: the Windows audio service hangs up that leads to hangup of all programs which use it, such as: any sites in Internet with
  a flash content (in all browsers), ICQ, Skype.Even logging out the session hung when tried to lose a sound. It's impossible to stop or restart service from the services.msc the service just hang with status "restarting". To stop service I terminate svchost
  process. As soon as the audio service is stopped - all programs start to work correctly (certainly without a sound). This problem appeared not suddenly - periodic hangups of programs on servers were marked long ago (more than half a year), but not directly
  were connected to audio service, especially there were they rather rare (on the average once a week - two) and were corrected by server reset. The error message: 
  Error container , type 0 
  Event name: AppHangXProcB1 
  Reply: No data 
  Ident CAB: 0 
  Problem signature: 
  P1: iexplore.exe 
  P2: 9.0.8112.16446 
  P3: 4fb57c8f 
  P4: 77c1 
  P5: 131200 
  P6: svchost.exe:AudioClientRpc 
  P7: 0.0.0.0 
  P8: 
  P9: 
  P10: 
  shall suggest an idea about a sound service, but in Event Viewer has no Windows Audio events. 
  Recently I updated Skype to the last version 6.0.66.120. Before was 4.2.35.155 because versions 5хх on Windows2008R2 with the Remote Desctop Services actually don't
  work, if users at the server more than one or two. We checked the sixth version by the test machine with the terminal environment and very were delighted to its normal working capacity. However after installation of this client on production servers it appeared
  that hangups of programs on servers began to occur on the average time at an o'clock in case of an average daily load (about 20 users on one server). If you have worked one or two users, problems weren't watched. Internet search led me to the support page
  Skype, where the Windows 7 x64 user faced a similar problem in the fifth version of the program. But the solutions proposed by the support team does not help me. In addition, I found the advice to disable enhancements in the properties of the playback device,
  but it is impossible for the "Remote Audio" device. 
  At the moment, on servers where I updated the Skype, I disabled the audio service. If within a reasonable time, I do not find a solution, I will have to revert
  to an older version of Skype, but I would like to solve the problem completely. 

  Enable the Allow audio and video playback redirection Group Policy setting
  To allow audio and video playback when connecting to a computer running Windows Server 2008 R2, you must enable the Allow audio and video playback redirection Group Policy setting. The Allow audio and video playback redirection Group Policy setting is located
  in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection and can be configured by using either Local Group Policy Editor or the Group Policy Management
  Console (GPMC).
  For more information about Group Policy settings for Remote Desktop Services, see the Remote Desktop Services Technical Reference (http://go.microsoft.com/fwlink/?LinkId=138134).
  Is this policy applied? Refer:
  http://technet.microsoft.com/en-us/library/dd759165.aspx
  Also, have you tried update the audio device driver for this terminal server?

• Windows 2012 Remote desktop session host server not detecting RD licensing server

  Hi,
  We have a customer server which is Windows 2012. We installed RDS session host server role and configured it to use RD licensing server as per the
  https://support.microsoft.com/kb/2833839?wa=wsignin1.0
  After configuring, when I open RD license diagonser tool, it says, RD license server is not available. Also shows, credential not available. When I enter the credential by clicking, provide credentials, it does not get applied. I see no event logs related
  to RD service. However, I see the below event log which points to RD licensing server.
  DCOM was unable to communicate with the computer <RD license server> using any of the configured protocols; requested by PID     273c (C:\Windows\system32\mmc.exe).
  Please help in fixing the issue.
  Thanks,
  Umesh

  Hi Umesh,
  Thanks for your comment.
  During your configuration, have you specified RD License server for RDSH to use?
  You can also specify a license server for the RD Session Host server to use by applying the Group Policy under below path.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing 
  Use the specified Remote Desktop license servers – Provide the FQDN of the license servers to use
  Also this setting can be specified by below method.
  To configure the license server on RDSH/RDVH:
  $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
  $obj.SetSpecifiedLicenseServerList("License.contoso.com")
  Note “License” is the name of the License Server in the environment
  To verify the license server configuration on RDSH/RDVH:
  $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
  $obj.GetSpecifiedLicenseServerList()
  More information.
  RD Licensing Configuration on Windows Server 2012
  http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
  In addition you can refer this article for reference.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Setting Up Remote Desktop Services Windows 2012 DMZ

  Hi
  I'm new to the Windows 2012 RDS. I am trying to figure out some things.
  I have an application that I would like to publish to the outside world to our customers.
  Im thinking of using Windows 2012 remote desktop services and publish the app via web browser. So users go to the URL and see the application.
  Do I need a client brooker and gateway server for this setup? or can i simply deploy a web access server on the dmz which then connects to my remote session host server inside?

  Hi,
  To allow outside access into your RDS environment you would need to use the RD Gateway role. This can be configured on the same box as your RD Web Access role if resources are limited.
  The RD Gateway role uses ether TCP 443 or UDP 3391 depending on what you have chosen to configure. You need to create a port forwarding rule from and to the gateway box using 443.
  Have a look at the following articles:
  http://ryanmangansitblog.com/2013/03/27/deploying-remote-desktop-gateway-rds-2012/
  http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
  This should assit with the configuration.
  Best regards,
  Ryan Mangan | Ryanmangansitblog.com | Help keep the forums tidy, if this has helped please mark it as an answer

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Prevent Load Balancing in a Remote Desktop Services Deployment

  We need to prevent two Remote Desktop Session Hosts from load balancing between each other. Currently they are load balanced and users dont have a means of ensuring they end up on a particular server. Is there anyway that we can accomplish this?
  Cheers

  Hi,
  You can try below group policy might useful in your case.
  Computer configuration>Administrative Templates>Windows Components>Remote Desktop Services>Remote Desktop Session Host>RD Connection Broker
  Use RD Connection Broker Load Balancing: Disable
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]