Windows Server 2016: Remote Desktop Services (Terminal Server)
Windows Server 2016: Remote Desktop Services (Terminal Server)
// -------------------------------
// Install Remote Desktop Services (i.e. Terminal Server) - used to control
// remote desktops (over LAN or WAN)
1) [Server Manager - Dashboard] > click on Manage > Click on Add roles and features > under installation type, select (x) Remote Desktop Services Installation > under Deployment, select (x) Standard Deployment > under Deployment Scenario, select (x) Sessions-based desktop deployment > under RD Connection Broker, choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under RD Web Access role service, select (x) Install the RD Web Access role service on the RD Connection Broker server , choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under RD Session Host, choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under Confirmation, select (x) Restart the destination server automatically if required > Click Deploy.
2) Control Panel > System > Remote Settings > under Remote, select (x) allow remote connections to this computer (if you're connecting to a computer that's a member of the domain, select (x) Allow connections only from computers running Remote Desktop with Network Level Authentication (Recommended) ) - (this should be unchecked if connecting to a computer that's not part of the domain) > under Select Users, choose/search for the names of users
// -------------------------------
// Add the user names that you want to the Remote Desktop Group
3) [Server Manager - Dashboard] > under Tools > under Active Directory Users and Computers > under Widget.internal, click search icon > under Find Users, Contacts and Groups , input " remote " > click on Remote Desktop Group > under Members, click ADD > input any name that you want to add to the group
// -------------------------------
// From within LAN, no need for RD Gateway - this is meant for connections
// coming from the internet - you'll need a public certificate for security purpose.
// In this example, it's within LAN
4) [Server Manager - Dashboard - Remote Desktop Services] > Overview > Tasks > RD Licensing > choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected (i.e. by default there's a limit of around 120 days for free use, for unlimited users )
5) [Server Manager - Dashboard - Remote Desktop Services] > Overview > Tasks > Edit Deployment Properties > under RD Getway, select (x) Do not use an RD Gateway server > under RD Licensing, select (x) per user > under Specify a license serve, and then click Add: input " Win2016.Widget.internal " > under RD Web Access, you should see Win2016.Widget.internal > under Certificates, under RD Connection Broker- Enable, select existing certificates (see below A) B) & C) ) > Desktop > RDP cert > input password > select (x) Allow the certificate to be added to the Trusted Root Certificate Authorities certificate store on the destination computers > click Apply > repeat for RD Connection Broker-Publishing & RD Web Access > click Apply > click OK .
// -------------------------------
// Setup forward lookup zones so that RDP web services can be found/work
6) [Server Manager - Dashboard - DNS] > DNS Manager > WIN2016 > Forward Lookup Zones > right-click Widget.internal > New Host > Name: RDP - IP Address: 192.168.15.251
// -------------------------------
// On client workstation - note: this only works if IIS or other web server
// is already installed - check to see if the RDP browser login works
> client workstation > browser > https://rdp.widget.internal > Add exception
> client workstation > browser > https://rdp.widget.internal/rdweb
// -------------------------------
// Add Collections (remote apps - that can be launched from RDP website (thru
// browser)
7) [Server Manager - Dashboard - Remote Desktop Services] > Collections (- allows adding of applications) > Tasks > create session collection > Collection name: Test > choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under User Groups, add WIDGET\Domain Users > click Create
8) [Server Manager - Dashboard - Remote Desktop Services] > Collections > Test > Publish RemoteApp programs > add Remote Desktop Connection etc ... > Publish.
// -------------------------------
// Misc:- Create self-signed certificate
// Note: Powershell command in bold is on a single line
A) run command > powershell
New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "RDP"
$pwd = ConvertTo-SecureString -String “YourPassword” -Force –AsPlainText
// Add self-signed certificate to mmc (i.e. Microsoft Management Console)
B) run command > mmc > File > Add/Remove Snap-in > Certificates > Add > choose (x) Computer account > choose (x) local computer
C) RDP self-signed certificate can now be found at: Console Root > Certificates (Local computer) > Personal > Certificates > right-click RDP > All tasks > Export > select (x) yes, export the private key > under Certificate Export Wizard - security > select (x) password - input password > under File to export, input " RDP cert " - (put it on desktop)
// -------------------------------
// Install Remote Desktop Services (i.e. Terminal Server) - used to control
// remote desktops (over LAN or WAN)
1) [Server Manager - Dashboard] > click on Manage > Click on Add roles and features > under installation type, select (x) Remote Desktop Services Installation > under Deployment, select (x) Standard Deployment > under Deployment Scenario, select (x) Sessions-based desktop deployment > under RD Connection Broker, choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under RD Web Access role service, select (x) Install the RD Web Access role service on the RD Connection Broker server , choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under RD Session Host, choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under Confirmation, select (x) Restart the destination server automatically if required > Click Deploy.
2) Control Panel > System > Remote Settings > under Remote, select (x) allow remote connections to this computer (if you're connecting to a computer that's a member of the domain, select (x) Allow connections only from computers running Remote Desktop with Network Level Authentication (Recommended) ) - (this should be unchecked if connecting to a computer that's not part of the domain) > under Select Users, choose/search for the names of users
// -------------------------------
// Add the user names that you want to the Remote Desktop Group
3) [Server Manager - Dashboard] > under Tools > under Active Directory Users and Computers > under Widget.internal, click search icon > under Find Users, Contacts and Groups , input " remote " > click on Remote Desktop Group > under Members, click ADD > input any name that you want to add to the group
// -------------------------------
// From within LAN, no need for RD Gateway - this is meant for connections
// coming from the internet - you'll need a public certificate for security purpose.
// In this example, it's within LAN
4) [Server Manager - Dashboard - Remote Desktop Services] > Overview > Tasks > RD Licensing > choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected (i.e. by default there's a limit of around 120 days for free use, for unlimited users )
5) [Server Manager - Dashboard - Remote Desktop Services] > Overview > Tasks > Edit Deployment Properties > under RD Getway, select (x) Do not use an RD Gateway server > under RD Licensing, select (x) per user > under Specify a license serve, and then click Add: input " Win2016.Widget.internal " > under RD Web Access, you should see Win2016.Widget.internal > under Certificates, under RD Connection Broker- Enable, select existing certificates (see below A) B) & C) ) > Desktop > RDP cert > input password > select (x) Allow the certificate to be added to the Trusted Root Certificate Authorities certificate store on the destination computers > click Apply > repeat for RD Connection Broker-Publishing & RD Web Access > click Apply > click OK .
// -------------------------------
// Setup forward lookup zones so that RDP web services can be found/work
6) [Server Manager - Dashboard - DNS] > DNS Manager > WIN2016 > Forward Lookup Zones > right-click Widget.internal > New Host > Name: RDP - IP Address: 192.168.15.251
// -------------------------------
// On client workstation - note: this only works if IIS or other web server
// is already installed - check to see if the RDP browser login works
> client workstation > browser > https://rdp.widget.internal > Add exception
> client workstation > browser > https://rdp.widget.internal/rdweb
// -------------------------------
// Add Collections (remote apps - that can be launched from RDP website (thru
// browser)
7) [Server Manager - Dashboard - Remote Desktop Services] > Collections (- allows adding of applications) > Tasks > create session collection > Collection name: Test > choose from server pool (e.g: Win2016.Widget.internal IP: 192.168.15.251), add to Selected > under User Groups, add WIDGET\Domain Users > click Create
8) [Server Manager - Dashboard - Remote Desktop Services] > Collections > Test > Publish RemoteApp programs > add Remote Desktop Connection etc ... > Publish.
// -------------------------------
// Misc:- Create self-signed certificate
// Note: Powershell command in bold is on a single line
A) run command > powershell
New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName "RDP"
$pwd = ConvertTo-SecureString -String “YourPassword” -Force –AsPlainText
// Add self-signed certificate to mmc (i.e. Microsoft Management Console)
B) run command > mmc > File > Add/Remove Snap-in > Certificates > Add > choose (x) Computer account > choose (x) local computer
C) RDP self-signed certificate can now be found at: Console Root > Certificates (Local computer) > Personal > Certificates > right-click RDP > All tasks > Export > select (x) yes, export the private key > under Certificate Export Wizard - security > select (x) password - input password > under File to export, input " RDP cert " - (put it on desktop)
Comments
Post a Comment