The Remote Control tab isn't useful for automatic logon, so skip to the Client
Settings tab. Unless you're a singleLAN company, you'll want to adjust the color
depth down from the default 16-bit to reduce the bandwidth your connection will
require. For security reasons, many shops will want to also disable drive mapping.
In fact, if you see something here that you don't think you'll need, just select
the appropriate check box. (That's right, prepare yourself for some Microsoft
backward-speak: You'll select items to disable them.)
If you're going to be using an
account for automatic logon, you'll
need to adjust the security access similar to the way you did before. Select the
Permissions tab. Remove everyone but
the Administrators group from the ACL,
and add the account that will log on
automatically. Click Apply, then Close.
There are just a few more details to
take care of. From the MMC Terminal
Services Configuration snap-in, select
the Server Settings folder and ensure
that Restrict each user to one session is set to No. If you forget this step, the
automatic logon account will be able
to log on only once. When the second
person tries to log on, he or she will get
a message stating that more than one
logon is forbidden. Before you turn
users loose, you should also take care
of printers. Open an MMC console, and
add the Group Policy Object Editor for
the Local Computer Policy. Expand
to Local Computer Policy, Computer
Configuration, Administrative Templates,
Windows Components, Terminal Services, Client/Server data redirection, and click Terminal Server Fallback Printer Driver Behavior.
Change the setting to Enabled, and configure
the drop-down option to Show both PCL and
PS if one is not found. Doing so will let your
users print even if they don't have a recognized
printer driver on their workstation.
Technically, everything is working and ready for end users to start logging
on. However, if you're providing logon credentials, you need to make one more
adjustment to ensure that sessions get closed in a timely manner. Open Secure
RDP, and select Session Restrictions in the left pane. Click Sessions per
User and select the check boxes to reset disconnected sessions. Next, choose
to save and then apply the configuration from the File menu.
Step 3: Deliver to Users
Now, you've got a server ready to distribute an application that you'd otherwise
have to spend much time and energy determining how to deploy across the entire
network—not to mention updating and upgrading. To save a connection for
your end users, open Remote Desktop Connection again from Start, Programs, Accessories,
Communication; this time, type in the IP address or DNS name of the NIC associated
with the connection you created earlier. Click the Options button to expand
the window. Take a look at each of the tabs. Because users across a WAN will
be using this application, I recommend that you change the colors on the Display
tab to 256 Colors and allow only Bitmap caching on the Experience tab. On the
General tab, use the Save As button to save a shortcut to a location where users
will be able to access it. Make sure users have Read Only permissions.
You can now build a Web page on your intranet with a link to the shortcut you
just created. As you deploy more applications this way, save shortcuts and add
links to them on your new intranet application directory Web page. Once you've
added the necessary links in your directory and verified that everything is
working correctly, send an email message to the appropriate department managers
with instructions for finding the link to the new terminal server connection.
Avoid Hassles
You now have a centrally deployed application directory. From this point on,
users will be able to access the software they need without requesting that
IT install it for them. Also, when the time comes to upgrade or update these
applications, you'll be able to do so by making the changes on your server—without
ever touching any of the desktops.
End of Article
Register
dhildebrand1977 October 19, 2007 (Article Rating: