Discover how to provide Windows 7 desktops to local users, and remote users without a VPN, by using Remote Desktop Services and the Virtual Desktop Infrastructure.
2. Overview
• Overview of RDS
• Publishing RemoteApp Programs by Using RDS
• Accessing RemoteApp Programs from Clients
3. Overview of RDS
• What Is RDS?
• RDS Role Services
• Client Experience Features with RDS
• Overview of RDC Client
4. What Is RDS?
RDS is presentation virtualization technology that provides access
to session-based desktops, virtual machine–based desktops, and
applications
RDS provides the following benefits:
• Run an application or an entire desktop on centralized servers
• Manage session-based desktops, applications, or virtual machine–based
desktops on centralized servers
• Provide an entire desktop, or just application window
• Provide integration of local and RemoteApp programs
• Enable secure remote access without establishing a VPN connection
• Centrally control which RD Session hosts can be accessed, who can
access them, and device redirection
5. RDS Role Services
RD Licensing
RD Session Host
RD Connection Broker
RD Virtualization Host
RD Gateway
Active Directory Domain
Internet Services
RD Web Access
RD Client
6. Client Experience Features with RDS
The following enhancements are available to Remote Desktop users
in Windows Server 2008 R2:
Windows media True multimonitor Audio input and
redirection support recording
Improved audio and
Enhanced bitmap video synchronization
Aero Glass support redirection
Language bar
redirection Task scheduler
8. Publishing RemoteApp Programs by Using RDS
• What Are RemoteApp Programs?
• Process for Publishing RemoteApp Programs
• Distribution Options for RemoteApp Program Links
• Functions of the RD Connection Broker
• What Is Remote Desktop Web Access?
• What Is RemoteApp User Assignment?
9. What Are RemoteApp Programs?
RemoteApp programs run remotely on RD Session Host server and
can integrate with locally running programs
A RemoteApp program:
• Can be accessed remotely through Remote Desktop Connection
• Displays on the client as if it is running on the local computer
• Has its own resizable window and entry on the taskbar
• Can run along with local programs on the client computer
• Can share a RD session with another RemoteApp program
on the same terminal server
10. Process for Publishing RemoteApp Programs
• Configure the server that will host RemoteApp programs
Add the RD Session Host role service
Install programs on the RD Session Host server
Verify remote connection settings
• Add RemoteApp programs, and configure global
deployment settings
Add programs to the RemoteApp Programs list
Configure global deployment settings
12. Functions of the RD Connection Broker
The RD Connection Broker role service:
• Allows users to reconnect to their existing sessions in a
RD Session Host server farm
• Evenly distributes the session load among RD Session
Host servers
• Redirects users to full desktops, personal or virtual
desktops pools, or RemoteApp programs
13. What Is Remote Desktop Web Access?
RD Web Access enables you to:
• List available RemoteApp programs, remote desktops, and
virtual desktops from multiple servers on the same Web page
• Launch RemoteApps or virtual desktops from the RD Web
Access Web site
• Modify the list of available resources
• Launch the Remote Desktop Connection
RD Web Access only enables users to launch applications, remote
desktop, or virtual desktop sessions. It does not proxy RDP sessions
15. Accessing RemoteApp Programs from Clients
• Accessing RemoteApp Programs on RD Web Access
• What Is RemoteApp and Desktop Connections?
• What Is SSO?
• What Is Device Redirection?
• What Is RD Easy Print?
• Accessing RemoteApp Programs from an External Network
• Configuring RD Gateway
• Using Group Policy to Configure an RD Client
17. What Is RemoteApp and Desktop Connections?
Provides a personalized view of RemoteApp programs, session-based
desktops, and virtual desktops
The benefits of RemoteApp and Desktop Connections are:
• RemoteApp programs run from the Start menu on the client
• Includes published Remote Desktops and Virtual Desktops
• Changes are automatically reflected on the user’s Start menu
• Programs are easily accessed through Windows search
• Does not require domain membership
• Built on standard technologies
• You can create a RemoteApp and Desktop Connections
configuration file (.wcx) and distribute it to users
18. What Is SSO?
• Log on once and gain access to remote servers without
being asked for credentials again
Single log on for RemoteApp and Desktop connections
• Controlled through Group Policy
• Prerequisites
Windows XP SP3 or newer client
Domain membership
Right to connect to RD Session Host
19. What Is Device Redirection?
• Extensible PnP Device Redirection Framework
• PnP device automatically installed at remote RDS server
Can redirect devices that have not been plugged in yet
• PnP redirection is not supported over cascading RD sessions
RDP
RD Session Host
20. What Is RD Easy Print?
RDS Session Host
User wants Print utilizesdocument to onlocally
The Easy to print renderedclient side print
RD document is the Office Word a the
User opens Microsoft the to XPS RD
attached and isthe full print UI client, by using
server printerprinted on the appears
drivers, and server
Session Host
print driver on the client
21. Accessing RemoteApp Programs from an External Network
Remote users can connect to RemoteApp programs on an internal
network from an external network through RD Gateway
Corporate LAN
Internet
Passes
RDP
traffic to
Strips off RDS RDS
Home HTTPS / 443 HTTPS
RD
Hotel
RD
Gateway Other RDP hosts
Server
NPS
DC
Partner or client
22. Using Group Policy to Configure an RD Client
You can configure the following RD client settings by using Group
Policy:
• Security: Client connection encryption level, prompt for password
• Remote Session Environment: Display resolution, color depth
• Session Time Limits
• Remote Desktop Connection Client
• Device and Resource Redirection, Printer Redirection
• Credentials Delegation (Allow Delegating Default Credentials)
Notas do Editor
Presentation: 85 minutes Lab: 70 minutes After completing this module, students will be able to: Describe the features of Remote Desktop Services (RDS). Publish RemoteApp programs. Access published RemoteApp programs from clients. Required materials To teach this module, you need the Microsoft ®Office PowerPoint® file 10324A_10.ppt. Important: We recommend that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be display correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Detailed steps for the demonstrations are provided in the course companion CD. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. Make sure that students are aware that there are additional information and resources for the module on the Course Companion CD. Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
This module is about RDS, and it has three lessons. Although the course is about client-side virtualization, you cannot talk about presentation virtualization, which RDS provides, without mentioning what you must configure on the server before you can connect to it from the client. Introduce briefly what will be covered in this lesson, and remind students that many of them are probably familiar with Terminal Services. RDS was known as Terminal Services, was renamed in Windows Server® 2008 R2, and is now called RDS. Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Provide an overview of the lesson. Mention that the RDS role services have been renamed from the previous release, but that they provide similar functionality. Mention that there is also a new role service, Remote Desktop (RD) Virtualization Host that works with Hyper-V™, and that you need it in Virtual Desktop Infrastructure (VDI) scenarios. Module 12 covers the VDI scenarios. Mention that the client experience is similar to what it was before, but RDS introduces some new features, such as media redirection and true multimonitor support. Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
RDS is the new name for the Terminal Services. Terminal Services should be familiar with most of the content in this lesson, so try to include them in the discussion. RDS concepts and how it works is the same as it was in Terminal Services Provide an overview of RDS. Introduce the new terminologies in Windows Server 2008 R2. Describe basic RDS functionality, if required. Mention that the first few topics cover the server side of RDS functionality. Start a discussion and ask students for their experience with RDS and previous releases, Terminal Services. Question: How is RDS different from Remote Desktop? Answer: You can enable Remote Desktop on a Windows® client and server operating system, while RDS is a server role, and you can add it only to Windows Server 2008 R2 operating system. Remote Desktop allows up to three remote sessions, which includes two remote desktop sessions and a console redirection, while RDS supports as many connections as you have licenses. RDS provides many additional features, such as RemoteApp programs, RD Web Access, RD Gateway or VDI. These features are not available when you enable only Remote Desktop. Reference Windows Server 2008 R2: Remote Desktop Services http://go.microsoft.com/fwlink/?LinkId=200259 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Introduce the RDS role services. Briefly introduce each of the role services, and explain the situation in which you use each one. For example, you can explain that the RD Session Host is the server that provides a remote desktop to the clients. You also can mention what the role services were called in versions before Windows Server 2008 R2. For example, RD Session Host was called Terminal Server before. In this way, you can bring the students up to speed, and familiarize them with the new terminology. Mention that you require RD Licensing, and that after the 120-day grace period, clients no longer can connect to the RD Session Host if RD Licensing is not available. Mention that RD Connection Broker is important especially in environments that have multiple RD Session Host servers in a farm, when you publish remote applications from multiple servers, or in VDI scenarios. RD Gateway plays an important role when you need to provide RD access to clients over the public network such as Internet. Even though students might be familiar with RD Web Access, mention that it can provide a list of available remote applications, as well as remote desktops and virtual desktops. This list is available on the Web page, but for Windows® 7 clients, you also can integrate it with the Start menu. And lastly, introduce the RD Virtualization Host role service. This is new role service in Windows Server 2008 R2, it works with Microsoft Hyper-V™, and it is important in VDI scenarios. Question: What is the new RDS role service that is included in RDS? Answer: RDS includes the same role services as Terminal Services. These RDS role services provide additional features and have been renamed. However, the RD Virtualization Host role service is available only with RDS and it was no similar role service in Terminal Server role. RD Virtualization Host role service is used in VDI scenarios. Reference Remote Desktop Services http://go.microsoft.com/fwlink/?LinkId=200260 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Provide an overview of the new and improved client experience features in Remote Desktop Services. Explain the features with scenarios. For example, when users use the VDI solution, Aero® Glass support provides users the same experience as using local computer. Multimonitor support is helpful when users have multiple monitors as in the banking sector, financial institutions, or if users are working as technical support. Windows media redirection uses local resources on the client to render multimedia, so the RDS server just redirects the calls and does not transmit graphics representation. You also can start a discussion by asking which of the listed improvements would be the most important for the students. Don’t forget to emphasize that those are just the new features, provided by Windows Server 2008 R2. If students are not familiar, you can mention also features that were available before such as device redirection or RD Easy Print (both will be covered in third lesson). Question: Are enhanced features, provided by Remote Desktop Protocol (RDP) 7.0 available just on Windows 7 and Windows Server 2008 R2 clients? Answer: To benefit from new and enhanced RDP 7.0 features, you must use Remote Desktop Connection (RDC) 7.0 client or newer. This client is part of Windows 7 and Windows Server 2008 R2, but you can download it for Windows XP Service Pack 3 (SP3), Windows Vista® SP1, or newer operating system. When you use RDC 7.0 client, most of the new and enhanced features are available on the client, but some of them, such as Aero Glass support, work only on Windows 7 and Windows Server 2008 R2 clients. References Description of the Remote Desktop Connection 7.0 client update for Remote Desktop Services (RDS) http://go.microsoft.com/fwlink/?LinkId=200261 Remote Desktop Protocol Performance Improvements in Windows Server 2008 R2 and Windows 7 http://go.microsoft.com/fwlink/?LinkId=200262 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
This topic focuses on the configuration of the RDC options. Explain how to remotely access a RD Session Host. Explain the key settings in the Remote Desktop Connection dialog box. This is a build slide. Step through each frame to show the students the options they can select in Remote Desktop. These screenshots are as follows: General: Enter the logon credentials to connect to the remote computer. Display: Allows you to choose the Remote desktop display size. You have the option of running the remote desktop in full screen mode. Local Resources: The user can configure local resources for use by the remote computer, such as clipboard and printer access. Programs: Lets you specify which programs you want to start when you connect to the remote computer. Experiences: Allows you to choose connection speeds and other visual options. Advanced: Provides security credentialed options. References Remote Desktop Connection 7 for Windows 7, Windows XP & Windows Vista http://go.microsoft.com/fwlink/?LinkId=200263 Description of the Remote Desktop Connection 7.0 client update for Remote Desktop Services (RDS) http://go.microsoft.com/fwlink/?LinkId=200264 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Provide a short overview of what is covered in this lesson. Introduce and explain RemoteApp programs, how to publish RemoteApp programs, the functions that are provided by RD Connection Broker, and the functionality of RD Web Access. Conclude this lesson with the explanation of RemoteApp user assignment, new features in Windows Server 2008 R2 RDS, and a demonstration of how to publish RemoteApp Programs. Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Explain the purpose of RemoteApp programs and their benefits. Explain that a RemoteApp program runs on the remote RD Session Host server and that you can view only the RemoteApp display on the client. If client is disconnected, it cannot use RemoteApp programs. Compare RemoteApp programs with programs that are running locally on the client and remind students that user experience is very similar. RemoteApp programs were introduced with Windows Server 2008 and they enable a client to view just the application window, not the entire remote desktop. Remind the students that in the background, a full remote desktop session is established and if user runs multiple RemoteApp programs on the same RD Session Host at the same time, they all share the same session. Explain to students that the same technology is used also for Windows XP Mode and Microsoft Enterprise Desktop Virtualization (MED-V) published applications. Reference Overview of RemoteApp http://go.microsoft.com/fwlink/?LinkId=200265 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Explain the process of publishing RemoteApp programs. Explain how to add programs on the RD Session Host server to the RemoteApp Programs list. Remind students that they would perform his task on the server. Because RemoteApp applications run on the RD Session Host server, you must first install the RDS role on the server. You also need to install applications that users will use as RemoteApp programs on the RD Session Host Server. After that, you use RemoteApp Manager to add programs to the RemoteApp Programs list. Mention that this tool was introduced in Windows Server 2008, and it was called TS RemoteApp Manager. Point out that you can configure many additional options for RemoteApp programs, such as the RD Gateway that should be used, additional RDP settings, and digital signature settings. You also can specify if RemoteApp programs should be listed on the RD Web Access page. Question: Which RDS role service do you require to publish a RemoteApp program? Answer: You must add the RD Session Host role to the server, where you want to publish RemoteApp programs. But you can also use other RDS role services such as RD Connection Broker and RD Web Access when working with RemoteApp programs: RD Connection Broker can consolidate a list of available remote applications from multiple sources and list of available RemoteApp programs can be published on RD Web Access Web site. Reference TS RemoteApp Step-by-Step Guide http://go.microsoft.com/fwlink/?LinkId=200266 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
This topic covers additional methods of accessing RemoteApp programs from the client. Point out that besides using RemoteApp User Assignment, which shows remote application just for selected users, you can also show or hide published RemoteApp programs for all users, by selecting the appropriate option in the user interface (UI). Introduce additional options to distribute links to RemoteApp programs. You can create an .rdp file, and copy it to the client, or you can create a Windows Installer package, and install it on the clients. Mention that you can specify additional options when you create the .rdp or Windows Installer Package, such as which RD Session Host or RD farm should be used, RD Gateway settings and Certificate settings. Mention that when you create Windows Installer Package, you can also specify where the shortcut should be created on the client, and associate file extensions on the client with this RemoteApp program. Mention different ways to distribute .rdp or .msi files to the clients, such as copying them, using Group Policy or Group Policy Preferences, or using software distribution system, such as System Center Configuration Manager. Question: Why would you distribute links to published RemoteApp programs to your users? Answer: Users need a way to start RemoteApp programs. They can access the RD Web Access site and start remote applications from there, but this assumes that you have set up RD Web Access and it requires an additional step from users. You can distribute links to published RemoteApp programs, by using a .rdp file or a .msi Windows Installer package, to any client and users can run RemoteApp programs in the same way as they do locally installed applications, without visiting the Web site first. Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Provide an overview of the RD Connection Broker role service. Mention that the Terminal Services Session Broker role service in earlier versions is now known as the RD Connection Broker in Windows Server 2008 R2. This service provides two functionalities: reconnecting to existing sessions and distributing session load among RD Session Host servers, which are very similar to the functionalities provided by the earlier version. The third functionality, which is providing users with access to RemoteApp programs, has been extended to include support for consolidating multiple RD Session Host servers and virtual desktops hosted on RD Virtualization Host servers. Question: Is it necessary to use RD Connection Broker if you want to list RemoteApp programs from multiple sources on the RD Web Access Web page? Answer: You can configure RD Web Access to consolidate the list of available RemoteApp programs from multiple sources without using RD Connection Broker. But RD Connection Broker redirects the client to the RD Session Host server where the user’s previous session exists, supports load balancing in an RDS farm, and aggregates the list of available RemoteApp programs and virtual desktops from multiple servers. Reference Remote Desktop Connection Broker http://go.microsoft.com/fwlink/?LinkId=200267 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
RD Web Access role service was available in previous releases, so students could be familiar with it. Explain that this is a Web portal that not only lists available remote applications (RemoteApp programs), but also remote desktop hosts and virtual desktops. This service can consolidate a list of available resources from multiple servers and can provide a personalized view. You see just the resources to which you can establish connection. RD Web Access does not proxy RDP sessions, it just provides a list from where you can start the RDP session. Mention that besides the Web page, you can also integrate the list of available resources with the Start menu. However, you can do this only on Windows 7 and Windows Server 2008 R2 clients. This will be covered further in later topics. Question: Why would you use RD Web Access? Answer: Answers will vary, but may include following reasons: List available RemoteApp programs, remote desktops and virtual desktops at one place, Start RemoteApp programs easily, without distributing shortcuts to client computers Integrate a list of available RemoteApp programs with the Start menu on Windows 7 clients. Reference Overview of Remote Desktop Web Access (RD Web Access) http://go.microsoft.com/fwlink/?LinkId=200268 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
RemoteApp User Assignment is a new feature in Windows Server 2008 R2, so many students may not be familiar with it. Explain to the students that this feature allows just the authorized users, who have access to RemoteApp program, to actually see this program on the RD Web Access page or on the Start menu (Windows 7 clients). Use the slide to explain the effects of RemoteApp User Assignment. In this example, you assign a RemoteApp program to user CONTOSO\\john and when this user accesses the RD Web Access page, the RemoteApp program is listed on the page. But when the user CONTOSO\\Tom accesses the same RD Web Access page, the RemoteApp program is not listed because the application was not assigned to that user. Mention that in a real-world scenario, you would use security groups and you would not assign RemoteApp programs to individual users. Also, mention that by default all authenticated domain users have access to RemoteApp programs. Question: Why would you use RemoteApp User Assignment? Answer: The main reason for configuring RemoteApp User Assignment is to limit who can see published RemoteApp programs and to reduce the number of unnecessary applications that are displayed to users. If you do not configure RemoteApp User Assignment, all authenticated users can see published RemoteApp programs. Reference Introducing RemoteApp User Assignment, http://go.microsoft.com/fwlink/?LinkId=200269 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Introduce the lesson and explain that this lesson covers how to connect to RemoteApp programs from the client, either from the RD Web Access Web page, by packaging and using links, or by using RemoteApp and Desktop Connections to integrate the list of available RemoteApp programs with the Start menu of Windows 7 and Windows Server 2008 R2 clients. Mention that you can use the same method to connect to a full remote desktop or to virtual desktops. Module 12 covers how to connect to virtual desktops. The second half of the lesson covers features that can improve user experience when working with RemoteApp programs and can provide an experience similar to working with local applications. The lesson covers single sign-on (SSO), device redirection, RD Easy Print, and how to access RemoteApp programs from external network including a quick introduction to RD Gateway. End this lesson by reminding students that there are many Group Policy settings, which they can use to configure RD experience. Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Use the slide animation to explain how you can access RemoteApp programs on RD Web Access Web page. When you log on to RD Web Access, you get a list of available RemoteApp programs. Reiterate that users only see RemoteApp programs that are available to them. After they click the program, an RDC connection to the RD Session Host is initiated. Emphasize that the RD Web Access Web page provides links only to the published RemoteApp programs and the connection is started on the client. Many students will probably be familiar with accessing RemoteApp programs on the RD Web Access Web page, so be ready to discuss additional configuration options, such as Digital Signature Settings, a secure sockets layer [SSL] certificate, and SSO, which a later topic covers in this module. Also mention that after some time the RemoteApp application opens and you can see on the taskbar and in the Task Manager that the program is executing on the remote computer. Question: How is running a RemoteApp program in default configuration different from running a locally installed application? Answer: In default configuration, you get an additional prompt and you need to provide user credentials when running RemoteApp program. You can avoid that by configuring digital signing of .rdp files and single sign-on. Reference “ Unknown Publisher”??? Part Two, http://go.microsoft.com/fwlink/?LinkId=200270 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Provide an overview of how RemoteApp and Desktop Connections integrates with Windows 7 clients. Explain how the published RemoteApp applications, to which you subscribe through feed, are available on the Start menu. Explain that RemoteApp and Remote Desktops are available only on Window 7 and Windows Server 2008 R2. Clients using older versions can access the same applications through RD Web Access or shortcuts, but they will not be integrated on the Start menu. Explain the benefits of RemoteApp and Remote Desktops, and how you can configure them. Mention that links to RemoteApp programs, remote desktops and virtual desktops are integrated with the Start menu and you can use Windows Search to find and run them. Question: How is accessing RemoteApp programs through RD Web Access different from accessing RemoteApp programs by using RemoteApp and Desktop Connections? Answer: Both methods require you to set up the RD Web Access role service. But RD Web Access requires users to visit the Web site and start RemoteApp program from there, while RemoteApp and Desktop Connections integrates with the Start menu and users can start RemoteApp programs in the same way as they start locally installed applications. All authenticated users can go to the RD Web Access Web site, irrespective of the operating system on their computers, while RemoteApp and Desktop Connections is available only to Windows 7 and Windows Server 2008 R2 clients. References Introducing RemoteApp and Desktop Connections, http://go.microsoft.com/fwlink/?LinkId=200271 Deploying RemoteApp Programs to the Start Menu by Using RemoteApp and Desktop Connection Step-by-Step Guide, http://go.microsoft.com/fwlink/?LinkId=200272 Windows 7 / Windows Server 2008 R2: RemoteApp and Desktop Connection, http://go.microsoft.com/fwlink/?LinkId=200273 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Introduce the problem that users face when they establish an RD connection, either to a full remote desktop or to RemoteApp programs. They need to provide their credentials again. Introduce single sign-on as a solution. Mention that you must use an appropriate client, Windows XP SP3 or newer, and that you must configure single sign-on in the Group Policy. Emphasize that for Windows XP SP3 clients, you need to perform additional configuration, as described in KB 951608 (for newer clients this is not needed). Describe that when you configure single sign-on, users do not need to provide credentials again, but if you do not configure digital signature settings, users still get an additional prompt when connecting to RemoteApp programs. Question: What is the advantage of using SSO be when you start a RemoteApp program? Answer: By default, when you run a RemoteApp program on the RD Session Host server, you must provide credentials, even if you are already logged on to client computer with the same credentials. By using single sign-on, you avoid this step and you can start the RemoteApp program without typing user credentials again. Single sign-on is configured by using Group Policy and you can configure it to make user experience of starting a RemoteApp program very similar to starting a locally installed application. References Single Sign-On for Terminal Services, http://go.microsoft.com/fwlink/?LinkId=200274 How to enable Single Sign-On for my Terminal Server connections, http://go.microsoft.com/fwlink/?LinkId=200275 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Introduce device redirection. Device redirection is not a new feature of RDS, but it is important for providing a seamless user experience. Users can access the same devices when working locally or through an RD session. Point out that you can also redirect devices that are not currently available and that you can plug the devices in later. Remind students that device redirection does not work over cascading RD sessions and that you can use Group Policy to control device redirection. If users are interested, you can mention that this is controlled in Computer Configuration\\Administrative Templates\\Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Device and Resource Redirection part of Group Policy. Question: Can you redirect only the devices that are connected locally when you establish a remote connection? Answer: You can redirect devices that are connected locally when you establish a remote connection, as well as devices which you connect later after establishing a remote connection. You can achieve this by enabling the Devices that I plug in later option in Remote Desktop Connection client. References Plug and Play Device Redirection for Media Players and Digital Cameras, http://go.microsoft.com/fwlink/?LinkId=200276 Terminal Server Plug and Play Device Redirection Framework, http://go.microsoft.com/fwlink/?LinkId=200277 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
RD Easy Print simply redirects all printing-related work to the user's local machine without the need to install any print drivers on the RDS server. Explain to the students that in Terminal Server before Windows 2008, the print driver was required on the server, as well as on the client. But with RD Easy Print, the print driver must be available just on the client, where the printer is connected, and it is no longer required on the RD Session Host server. Emphasize that this feature improves user experience and makes it seamless to print from RemoteApp programs. Use the animated slide to explain how RD Easy Print works: Click 1: The user connects to RDS Session Host and opens a Microsoft Office Word document. Click 2: The user wants to print the document to the locally attached printer. Now RD Easy Print starts working. The local print user interface appears, as user would print from local application. RD Easy Print driver acts as a proxy and redirects all calls for the printer UI to the actual client-side driver. Click 3: The document renders to XML on the RDS server, than it is transferred to the client, when it prints to the local printer. Tell the students what are the requirements for RD Easy print: Remote Desktop Connection (RDC) 6.1 or newer and at least Microsoft .NET. Framework 3.0 Service Pack 1 installed on the client. References Using Remote Desktop Easy Print in Windows 7 and Windows Server 2008 R2, http://go.microsoft.com/fwlink/?LinkId=200278 Introducing Terminal Services Easy Print, http://go.microsoft.com/fwlink/?LinkId=200279 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Start a discussion on how remote users can connect to their remote desktop or RemoteApp programs when they are outside the corporate network. Mention that you need to establish a virtual private network (VPN) connection first. Introduce RD Gateway and explain how it provides security by encapsulating RDP traffic into HTTPS. Use the slide to explain where HTTPS is used (from client to RD Gateway) and where RDP (from RD Gateway to RDS/RDP host). Mention the domain controller (DC) and Network Policy Server (NPS) roles, and how you can control clients before they establish a connection. Do not forget to mention that clients must have RDC 6.0 or newer to be able to use RD Gateway and that it is included in newer Microsoft operating systems. Question: In which situations would you use RD Gateway? Answer: You would use RD Gateway if you need to provide access to RDS hosts to remote users over Internet. Local users can access RDS hosts directly, but remote users first need to establish a connection to local network. Previously, users had to establish a VPN connection, but with RD Gateway, users can access internal RDS hosts without establishing a VPN connection first. Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A
Point out that there are many Group Policy settings, which you can use for controlling RDS servers, as well as RD clients. Explain that these configuration options are in Computer, as well as User part of Group Policy and point out their exact location, Administrative Templates\\Windows Components\\Remote Desktop Services. If there is time, demonstrate it in your environment. Do not show each and every RDS Group Policy setting, but pick some important ones and ones that were covered in the previous topics. Cover at least the settings that are mentioned on the slide: Security Remote Session Environment Session Time Limits Remote Desktop Connection Client Device and Resource Redirection, Printer Redirection Credentials Delegation Point out that not all RDS related Group Policy settings are under the Remote Desktop Services part of Group Policy. Use Credentials Delegation as an example and remind students that this setting is used for configuring single sign-on. Question: What is the result if you configure the same RDC Group Policy setting in the Computer Configuration node, as well as in the User Configuration node? Answer: If you configure the same RDC Group Policy setting for the computer, all users on the computer will be affected and the RDC Group Policy setting in the Computer Configuration node will be effective for all users. Reference Using Group Policy Settings, http://go.microsoft.com/fwlink/?LinkId=200281 Module 10: Configuring Remote Desktop Services and RemoteApp Course 10324A