Managing User Sessions
Windows Server 2003 provides flexible and powerful ways to manage, troubleshoot, and optimize user sessions on terminal servers.
Managing Sessions and Processes
The
Terminal Services Manager console provides the capability to monitor
and control sessions and processes on a terminal server. You can
disconnect, log off, or reset a user or session; send a message to a
user; or end a process launched by any user. Task Manager can also be
used to monitor and end processes—just be certain to select the Show
Processes From All Users check box. If a terminal server is acting
lethargic, use Terminal Server Manager or Task Manager to look at the
processes being run by all users to determine whether one process has
stopped responding and is consuming more than its fair share of
processor time.
A variety of settings
determines the behavior of a user session that has been active, idle,
or disconnected for a period of time. These settings can be configured
on the Sessions tab of the RDP-Tcp Properties dialog box in the
Terminal Services Configuration console, shown in Figure 14. The settings can also be configured with Group Policy.
Load-Balancing Terminal Servers
In
previous implementations of terminal services, it was difficult to
load-balance terminal servers. Windows Server 2003 Enterprise and
Datacenter Editions introduce the ability to create server clusters,
which are logical groupings of terminal servers. When a user connects
to the cluster, he or she is directed to one server. If the session is
disconnected and the user attempts to reconnect, the terminal server
receiving the connection will check with the Session Directory to
identify which terminal server is hosting the disconnected session, and
it will redirect the client to the appropriate server.
To configure a terminal server cluster, you need:
A
load-balancing technology, such as Network Load Balancing (NLB) or DNS
round-robin. The load-balancing solution will distribute client
connections to each of the terminal servers.
A
Terminal Services Session Directory. You must enable the Terminal
Services Session Directory, which is installed by default on Windows
Server 2003 Enterprise and Datacenter Editions, using the Services
console in Administrative Tools. It is best practice to enable the
session directory on a server that is not itself running Terminal
Server. The Terminal Services Session Directory maintains a database
that tracks each user session on servers in the cluster. The computer
running the session directory creates a Session Directory Computers
local group, to which you must add the computer accounts of all the
servers in the cluster.
Terminal server
connection configuration. Finally, you must direct the cluster’s
servers to the session directory, which involves specifying that the
server is part of a directory, the name of the session directory
server, and the name for the cluster (which can be any name you want,
as long as the same name is specified for each server in the cluster).
These settings can be specified in the Server Settings node of Terminal
Server Configuration, or they can be set using a GPO applied to an OU
that contains the computer objects for the cluster’s terminal servers.
When a user connects to the cluster, the following process occurs:
1. | When
the user logs on to the terminal server cluster, the terminal server
receiving the initial client logon request sends a query to the session
directory server.
|
2. | The session directory server checks the username against its database and sends the result to the requesting server.
If the user has no disconnected sessions, logon continues at the server hosting the initial connection. If the user has a disconnected session on another server, the client session is passed to that server and logon continues.
|
3. | When the user logs on to a new or disconnected session, the session directory is updated.
|
Tip
Be
sure to know the pieces that are required to establish a terminal
server cluster. Should you decide to implement a terminal server
cluster in your enterprise, you can refer to the Help And Support
Center for detailed instructions for doing so. |
Remote Control
Terminal
Server allows an administrator to view or take control of a user’s
session. This feature not only allows administrators to monitor user
actions on a terminal server, but it also acts like Remote Assistance,
allowing a help desk employee to control a user’s session and perform
actions that the user is able to see as well.
To
establish remote control, both the user and the administrator must be
connected to terminal server sessions. The administrator must open the
Terminal Server Manager console from the Administrative tools group,
right-click the user’s session, and choose Remote Control. By default,
the user will be notified that the administrator wants to connect to
the session, and then the user can accept or deny the request.
Important
Remote Control is available only by using Terminal Server Manager within a terminal server session. You cannot establish remote control by opening Terminal Server Manager on your PC. |
Remote
control settings include the ability to remotely view and control a
session, as well as control whether the user should be prompted to
accept or deny the administrator’s access. These settings can be
configured in the user account properties, on the Remote Control tab
shown in Figure 15,
and they can be configured by the properties of the RDP-Tcp connection,
which will override user account settings. Group policy can also be
used to specify remote control configuration.
In
addition to enabling remote control settings, an administrator must
have permissions to establish remote control over the terminal server
connection. Using the Permissions tab of the RDP-Tcp Properties dialog
box, you can assign the Full Control permission or, by clicking
Advanced, selecting a permission entry, clicking Edit, and assigning
the Remote Control permission to a group, as shown in Figure 16.
