Windows 7 / Networking

---

Set Up Terminal Services

In this section, we'll talk about setting up, configuring, and managing TS, Terminal Server, and the other TS role services except TS Licensing and Remote Desktop Connection, which will be discussed in later sections.

Install the Terminal Services Roles

TS is a role that is installed from the Server Manager, while Terminal Server, TS Web Access, TS Licensing, TS Gateway, and TS Session Broker are all role services that you can separately select while you are installing the TS role. TS Configuration and TS Manager are automatically installed with TS Services, while TS RemoteApp is automatically installed with Terminal Server.

NOTE: It is not recommended that you install TS on an Active Directory domain controller because it increases your security risks and, since TS uses a lot of computer resources, it degrades AD's performance. Running TS within an AD domain is needed for some of TS's functions, such as TS Session Broker, and provides added capabilities to others, such as TS Licensing.

NOTE: To install the TS role and the role services discussed here, if you have not already done so, you will be told to also install Network Policy And Access Services, Web Server (IIS), and Windows Process Activation Service. The Add Roles Wizard will automatically lead you through those additional installations.

1. If the Server Manager is not already open, click Start | Server Manager. In any case, click Roles in the left pane of the Server Manager window and click Add Roles in the right pane.
2. Click the role services that you want to install. For the sake of following the discussion here, click Terminal Server, TS Session Broker (you must be in a domain), TS Gateway (click Add Required Features), and TS Web Access (click Add Required Role Services), and click Next.
3. Read the note about the need to install any application you want to run with TS after installing TS and click Next.
4. Read about Network Level Authentication and decide if you want to use it. A major factor is that it is available only with Remote Desktop Protocol (RDP) 6.0, which is in Windows Vista and Windows Server 2008 and can be downloaded for Windows XP SP2 and Windows Server 2003 SP1 or SP2, but it significantly enhances security. Click your choice and click Next.
5. You are asked to determine the type of TS licensing you want to use. For the discussion here, leave that decision to a later section in this tutorial. You have 120 days to make the decision. Leave the default, Configure Later, selected and click Next.
6. Add the users or user groups that will use TS by clicking Add, clicking Advanced, clicking Find Now, double-clicking a user or group in the list, and clicking OK. Repeat this as you need. When you are ready, click Next.
7. You are told that TS Gateway requires a certificate to use the Secure Sockets Layer (SSL) protocol to encrypt transmissions and you have three options for a certificate, two of which are discussed here:
   • If you have a certificate on the server already, click the first option; if the certificate is in the Windows certificate store, it will be listed. Otherwise, click Import and follow the steps of the Certificate Import Wizard, clicking Next as needed.
   • If you don't have a certificate, click the second option, and a self-signed certificate will be created for you.
8. Click Next. A TS connection authorization policy (TS CAP), which allows users to pass through a TS Gateway and access a network, and a TS resource authorization policy (TS RAP), which allows users to pass through a TS Gateway and utilize particular computers running Terminal Server and other resources, are explained. Click Now to create the policies now and click Next.
9. Add the user groups that will use TS Gateway as described in Step 7 and click Next.
10. Enter the name for your TS CAP, accept the default of using a password, and click Next. Enter the name for your TS RAP, choose whether to use specific computer groups you select or all computers on the network, and click Next.
11. If it is not already installed, read the introduction to Network Policy And Access Services and click Next. Accept the default of installing the Network Policy Server role service and click Next.
12. Read the introduction to Web Server IIS and click Next. Accept the default role services that are checked and click Next.
13. Review the roles and role services that will be installed to implement TS and its services. If you want to change anything, click Previous and make the change. When you are ready, click Install. The installation process will take a few minutes.
14. Click Close, and click Yes to restart your computer. After restarting your roles, role services will be configured and you will be given a warning message that TS Licensing is not installed and that you have 119 days to do that (the day you install it counts as the first day). When it is done, you will be told it was successful. Click Close.
    NOTE: The warning message that TS Licensing is not installed and that you have so many days to do that will reappear every time you restart your computer. This is called "nagware" and it is unfortunate that Microsoft is using it.
15. Open Roles in the left column of the Server Manager and click Terminal Services. In the right pane, you should see three informational events that tell you that your TS RAP, TS CAP, and certificate have been created; the system services that are running; and the role services that are installed.

TIP: Since there's no obvious way to tell which of the three informational events is which, you can select each and click Properties to find out.

NOTE: Remote Desktop Connection, although not installed by default on Windows Server 2008, is automatically installed when you install TS. See "Use Applications Server Mode" later in this tutorial.