Windows 7 / Networking

---

Use Remote Administration Mode

Remote Administration Mode uses the TS environment much as Applications Server Mode does, but it is limited to a maximum of two users, who must be members of the administrator group, so it does not demand much from the server, does not require licensing, and can be easily used to manage a server without a significant impact on the other processes going on in the server. To do that, it does not include the multiuser and process scheduling components that are present in full TS, but it does use RDC.

Enable Remote Desktop Connection

Remote Desktop Connection uses the same RDC 6.0 that was discussed earlier in the tutorial. As you saw earlier, Windows Server 2008 has RDC 6.0 installed by default so that nothing further needs to be done to have the programs available to use. But, Windows Server 2008 by default has RDC disabled, and to use it, you must enable it. You can do that very simply with these steps:

1. Click Start | Control Panel | System, and click Remote Settings to open the System Properties dialog box tab dealing with Remote Assistance and Remote Desktop shown earlier in this tutorial under "Prepare for Terminal Services."
2. In the Remote Desktop section in the lower part of the tab, click Allow Connections From Computers Running Any Version Of Remote Desktop.
3. Click OK when you are told that the Remote Desktop Firewall exception will be enabled, and then click OK to close the dialog box.

Managing Through Remote Desktop Connection

Using RDC, you can perform virtually any administrative function you can do sitting in front of the computer, and you can do it over a LAN, over a remote access (RAS) connection or over the Internet using VPN. You can use the full Control Panel and Administrative Tools including Active Directory, Computer Management, DHCP, DNS, Server Manager, Remote Desktops, and Task Scheduler.

Since the person sitting remotely has all but complete control of the server, it is mandatory that security for this person be kept very tight. Some of the security elements to consider include:

• Implementing a firewall in front of the server
• Using VPN or TS Gateway for access across the Internet
• Using strong passwords for all administrators
• Carefully limiting the individuals or groups that have remote administrative access
• Carefully reviewing the policies that affect remote administration

Use Remote Desktop Connection

RDC does not require a server for one end of the connection. For example, you can have Windows Vista Business on one computer running at your office and Windows XP Professional SP2 with RDC 6.0 downloaded and installed at home, and from the home computer with the appropriate permissions, you can access the office computer using RDC through either RAS or VPN and do almost anything on the office computer you could do if you were sitting in front of it. Since the office computer is not truly a server, it is called a "host." The home computer is the client. The host must be Windows Vista Business or Ultimate, or Windows Server 2008, but the client can be any computer that can run Remote Desktop Connection 6.0 (see "Using Remote Desktop Connection with RemoteApp Programs" earlier in the tutorial). In Windows Vista, the client is installed and enabled by default, but Windows Server 2008 must be enabled as described in "Enable Remote Desktop Connection."

The user of RDC must be at least a member of the Remote Desktop Users group on the host computer and needs to be an administrator if he or she wants to perform functions limited to administrators. With RDC, only one user can be using the host at any one time, although several user sessions can be active. When the remote client logs onto the host, the host is "locked" so that another user cannot access it, although programs that are running can continue to run, and you can apply user switching to move to another user session. User switching can also be used on the client to switch from the person who is using RDC on the host, to another user, and then to switch back.