2. Configuring Remote Desktop Access
Unlike Remote Assistance, which provides only a view of the current
user’s desktop, Remote Desktop provides several levels of access:
-
If a user is logged on to the desktop locally and then tries to log
on remotely, the local desktop locks, and the user can access all of
the running applications just as though he were sitting at the
keyboard. This feature is useful for users who want to work from home
or other locations outside the office, enabling them to continue to
work with applications and documents that they were using prior to
leaving the office. -
If a user is listed on the workstation’s Remote
Access list and is not otherwise logged on, she can initiate a new
Windows session. The Windows session behaves as though the user were
sitting at the keyboard. It can even be used when other users are also
logged on to the computer. In this way, multiple users can share a
single workstation and use its resources.
Remote Desktop is not enabled by default. You must specifically enable it to allow remote
access to the workstation. When it is enabled, any member of the
Administrators group can connect to the workstation. Other users must
be placed on a remote access list to gain access to the workstation. To
configure remote access, follow these steps:
-
In Control Panel, tap or click System And Security, and then tap or click System. -
On the System page, tap or click Remote Settings in the left pane.
This opens the System Properties dialog box to the Remote tab. -
To disable Remote Desktop, select Don’t Allow Remote Connections To
This Computer, and then tap or click OK. Skip the remaining steps. -
To enable Remote Desktop, you can:
-
Select Allow Connections From Computers Running Any Version Of Remote Desktop to allow connections from any version of Windows. -
Also select Allow Connections Only From Computers Running Remote
Desktop With Network Level Authentication to restrict the permitted
connections to those from computers running Windows Vista or later (and
computers with secure network authentication).
-
Tap or click Select Users. This displays the Remote Desktop Users dialog box, as shown in Figure 3. -
To grant Remote Desktop access to a user, tap or click Add. This
opens the Select Users Or Groups dialog box. In the Select Users Or
Groups dialog box, tap or click Locations to select the computer or
domain in which the users you want to work with are located. Type the
name of a user you want to work with in the Enter The Object Names To
Select text box, and then tap or click Check Names. If matches are
found, select the account you want to use and then tap or click OK. If
no matches are found, update the name you entered and try searching
again. Repeat this step as necessary, and then tap or click OK. -
To revoke remote access permissions for a user account, select the account and then tap or click Remove.
-
Tap or click OK twice when you have finished.
Windows Firewall must be configured to allow inbound Remote
Desktop exceptions. You can configure this on a per-computer basis in
Windows Firewall for the domain profile and the standard profile. In
Group Policy, you can configure this exception and manage Remote
Desktop by using the policy settings shown in Table 2. These settings are found in the Administrative Templates policies for Computer Configuration under the path shown.
Table 2. Policy Settings for Managing Remote Desktop
|
SETTING |
COMPUTER CONFIGURATION PATH |
|---|
| |
PATHS UNDER WINDOWS COMPONENTS\REMOTE DESKTOP SERVICES
| |
Allow .Rdp Files From Unknown Publishers |
\Remote Desktop Connection Client | |
Allow .Rdp Files From Valid Publishers And User’s Default .Rdp Settings |
\Remote Desktop Connection Client | |
Always Prompt For Password Upon Connection |
\Remote Desktop Session Host\Security | |
Automatic Reconnection |
\Remote Desktop Session Host\Connections | |
Configure Server Authentication For Client |
\Remote Desktop Connection Client | |
Deny Logoff Of An Administrator Logged In To The Console Session |
\Remote Desktop Session Host\Connections | |
Do Not Allow Local Administrators To Customize Permissions |
\Remote Desktop Session Host\Security | |
Do Not Allow Passwords To Be Saved |
\Remote Desktop Connection Client | |
Limit Maximum Color Depth |
\Remote Desktop Session Host\Remote Session Environment | |
Limit Maximum Display Resolution |
\Remote Desktop Session Host\Remote Session Environment | |
Limit Number Of Monitors |
\Remote Desktop Session Host\Remote Session Environment | |
Limit The Size Of The Entire Roaming User Profile Cache |
\Remote Desktop Session Host\Profiles | |
Require Use Of Specific Security Layer For Remote (RDP) Connections |
\Remote Desktop Session Host\Security | |
Set Client Connection Encryption Level |
\Remote Desktop Session Host\Security | |
Select RDP Transport Protocols |
\Remote Desktop Session Host\Connections | |
Select Network Detection On The Server |
\Remote Desktop Session Host\Connections | |
Specify SHA1 Thumbprints Of Certificates Representing Trusted .Rdp Publishers |
\Remote Desktop Connection Client | |
Turn Off Fair Share CPU Scheduling |
\Remote Desktop Session Host\Connections | | |
OTHER PATHS
| |
Disable Remote Desktop Sharing |
\Windows Components\NetMeeting | |
Windows Firewall: Allow Inbound Remote Desktop Exceptions |
\Network\Network Connections\Windows Firewall\Domain Profile | |
Windows Firewall: Allow Inbound Remote Desktop Exceptions |
\Network\Network Connections\Windows Firewall\Standard Profile |
3. Making Remote Desktop Connections
As an administrator, you can make Remote Desktop connections to
servers and workstations running Windows. With Windows 2000 Server,
Remote Desktop connections are enabled by installing Remote Desktop
Services and then configuring this service in remote
access mode. With Windows XP Professional and later, Remote Desktop is
installed automatically, but it is normally not enabled until you do . Once remote
access is enabled on a computer, all administrators have remote access
to that computer. Other users can be granted remote access as well.
To make a Remote Desktop connection to a server or workstation, follow these steps:
-
At a command prompt, type mstsc, or press the Windows key, type mstsc, and then press Enter. -
Tap or click Show Options. This displays the Remote Desktop Connection dialog box, shown in Figure 4.
-
In the Computer text box, type the name of the computer to which you
want to connect. If you don’t know the name of the computer, use the
drop-down list to choose an available computer, or select Browse For
More in the drop-down list to display a list of domains and computers
in those domains. -
Specify additional options as necessary. If you’ve configured stored
credentials for the computer, your saved credentials will be used
automatically. You can edit or delete the credentials as necessary. -
Tap or click Connect. If you haven’t previously stored credentials
for the computer, type your credentials when prompted, and then tap or
click OK. If the connection is successful, you’ll see the Remote
Desktop window on the selected computer, and you’ll be able to work
with resources on the computer. In the case of a failed connection,
check the information you provided and then try to connect again.
Note
Tapping or clicking Show Options in the Remote Desktop
Connection dialog box displays a series of tabs that provide additional
options for creating and saving connections. These options enable you
to change the display size for the Remote Desktop, manage connections
to local resources (such as printers, serial ports, and disk drives),
run programs automatically on connection, and enable or disable local
caching and data compression.
|
