You can administer a Terminal Services machine from three points:
The Terminal Services Manager console
You can run this console from any station to display and control Terminal Services connections on a network.
The Terminal Services Configuration console
This console runs on each Terminal Services machine to adjust the individual Terminal Services configurations on each machine.
The Terminal Services Licensing console
This console manages licensing across all Terminal Services machines in a domain.
I covered the Terminal
Services Licensing applet in the previous section. In this section, I'll
cover the basic administrative functions that the Terminal Services
Manager applet can perform, and then I will focus on some common tasks
using the Terminal Services Configuration applet.
1. Terminal Services Manager
Terminal Services Manager (TSM
) is the focal point where all connections between client computers and
Terminal Services machines come into view. Think of it as "mission
control."
TSM's
full functionality only works when you run the console from a machine
connected to Terminal Services through a TS session. Running TSM locally
on the machine running Terminal Services will limit the functionality
available to you. |
|
Figure 1 shows the basic TSM layout.
By default, TSM shows all
Terminal Services servers in your domain. You can connect to all of them
at once if you so choose, but TSM looks at only one server at a time by
default. To find servers, use the following procedures:
To find all
Terminal Services servers in your domain, in the left pane right-click
the name of your domain, and select Refresh Servers in Domain.
To
find all Terminal Services servers on your network, in the left pane
right-click All Listed Servers, and choose Refresh Servers in All
Domains.
To connect to any particular server, right-click its name in any list and select Connect.
Using TSM, you can
perform a variety of network- and domain-wide session management
functions. You can monitor a session, disconnect it, log it off, send
messages to users, and take control of a session, among many other
things.
1.1. Connecting to a session
Connecting to another session
on a server is a useful tool for an administrator working remotely, for
example, to fix a problem with a user's configuration in Microsoft
Office while the user is at lunch. You always can connect to any active
session or to a session that is disconnected. You can also connect to a
session that is logged on inside your current security context (meaning
basically your username), or if you have the appropriate permissions
(Full Control or User Access permissions over Terminal Services
sessions), you can connect to any session.
To connect to a session, follow these steps:
Right-click
the appropriate session in the right pane of TSM. Alternatively, to
connect to a session that is run by a user, right-click the appropriate
user's name. Choose Connect in either case.
You
are prompted for a password if needed. Otherwise, control is switched
to the new session, and the active session is disconnected.
1.2. Disconnecting a session
A session that is
disconnected is unique, in that it continues to run on the server, but
the actual network link between the client and the Terminal Services
machine is severed. Using a disconnected session, a user can return to a
previous session at any time by simply reestablishing the connection,
alleviating the need for either logging off or logging on. The catch to
this is that, of course, server resources are finite, and if all users
leave their sessions disconnected, everybody's copy of Outlook is still
receiving mail, and everyone's PowerPoint presentations are still open
to be edited. But disconnecting a session is still a handy way to clear
your screen to take off to lunch, knowing that when you come back your
desktop will be as you left it. It's sometimes useful to disconnect a
session when Remote Desktop fails to pick up your old connection.
A user can disconnect
any session of his own, and an administrator can disconnect any session
over which he has Full Control rights.
To disconnect a session, follow these steps:
Right-click the appropriate session in the right pane of TSM, and choose Disconnect.
You are prompted to confirm your choice. Click OK, and the session will be disconnected.
You can select
multiple sessions at a time in the right pane by pressing and holding
the Ctrl key and clicking each session that you want to disconnect.
1.3. Logging off a session
Logging off a session
ends that particular user's session on a host, thereby making available
to other users any RAM and CPU resources that the particular session
was using. Users must then log on the next time they connect to the
Terminal Services server. A user can log off any session of his own, and
an administrator can log off any session over which he has Full Control
rights.
To log off a session, follow these steps:
Right-click the appropriate session in the right pane of TSM, and choose Log Off.
You are prompted to confirm your choice. Click OK, and the session will be disconnected.
Keep in mind that
forcibly logging off users will result in data loss for those users, so
always make them aware of any automatic logoffs before they happen.
You also can log off a session by issuing the LOGOFF
command, followed by the session ID or name (which you can find inside
TSM), at the terminal server's command prompt. To log off session number
8, for example, use the following command:
logoff 8
1.4. Resetting a session
When you reset a
session, it forcibly terminates that session: programs are closed, open
data is lost, and memory that those programs were occupying is
immediately returned to the Terminal Services host. A user can reset any
session of his or her own, and an administrator can reset any session
over which he has Full Control rights.
To reset a session, follow these steps:
Right-click the appropriate session in the right pane of TSM, and choose Reset.
You are prompted to confirm your choice. Click OK, and the session will be reset.
You can select
multiple sessions at a time in the right pane by pressing and holding
the Ctrl key and clicking each session that you want to reset.
You also can reset a session by issuing the RESET
command, followed by the session ID or name, at the terminal server's
command prompt. To reset session number 8, for example, use the
following command:
reset session 8
1.5. Viewing session information
Using TSM, you can get a
wealth of detail about any particular session on a Terminal Services
host machine, including the following:
To view this
information, find the session in the left pane of TSM, and select it.
Then, to view currently running programs and services, click the
Processes tab. You'll see a listing much like that found in the Windows
Task Manager. On the Information tab in the same pane, you find a
listing of the username, client name, data encryption level, originating
computer, and more.
But let's say you
want information on all sessions, including their processes and
logged-on users, for a particular Terminal Services machine, domain, or
even an entire network. This is possible with TSM: simply select the
machine, domain, or network in the left pane of TSM and use the Users,
Sessions, or Processes tabs in the right pane to control the display of
information.
Figure 2 shows this in action.
You also can view this information from the command line with the query process, query session, query termserver, and query user
commands. These simple commands display a table or list of the desired
information. Here is example output from the four commands:
C:\>query process
USERNAME SESSIONNAME ID PID IMAGE
>administrator rdp-tcp#10 1 4900 rdpclip.exe
>administrator rdp-tcp#10 1 4980 explorer.exe
>administrator rdp-tcp#10 1 3488 ducontrol.exe
>administrator rdp-tcp#10 1 5780 ctfmon.exe
>administrator rdp-tcp#10 1 3308 sqlmangr.exe
>administrator rdp-tcp#10 1 5056 cmd.exe
>administrator rdp-tcp#10 1 3088 query.exe
>administrator rdp-tcp#10 1 5844 qprocess.exe
C:\>query session
SESSIONNAME USERNAME ID STATE TYPE DEVICE
console 0 Conn wdcon
rdp-tcp 65536 Listen rdpwd
>rdp-tcp#10 administrator 1 Active rdpwd
C:\>query user
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON
>administrator rdp-tcp#10 1 Active .
7/15/2004 5:49 PM
C:\>query termserver
NETWORK NETWORK
mercury hasselltech.local
1.6. Sending a message to a user
Sometimes it's necessary
to send a message to all users logged on to a specific host, whether to
mention that there might be downtime that evening, or that a virus or
worm (God forbid) has invaded the Terminal Services machine and it needs
to be shut down immediately. To send a message to a user, follow these
steps:
In the right pane of TSM, right-click either the sessions or users to whom you want to send a message, and select Send Message.
In
the Send Message dialog box, enter the text for your message. If you
want to use separate lines, press Ctrl-Enter to begin a new line.
Click OK when you've finished entering the message.
A notification will be sent to the appropriate people. A sample is shown in Figure 3.
You also can send a
message via the command line, which might be helpful if you are planning
on scripting a message transmission that is triggered by a certain
event. The MSG command is used to send these messages; some examples are presented here:
To send a message to user lmjohnson on server WTS1:
msg lmjohnson /server:WTS1 message
To send a message to a particular session name:
msg RDP-tcp#4 message
To send a message that will display on a user's screen for 30 seconds:
msg lmjohnson /server:WTS1 /time:30 message
For more information on the switches and arguments available with the MSG command, type MSG /? at any command prompt.
1.7. Taking control of a session
Have you ever been on a
troubleshooting call that was an intensely frustrating exercise in
walking a user through a procedure in Excel or Access? What if the user
could watch you perform the actions on his screen, and what if you could
show the user the steps without leaving your desk? If the user has a
session on a Terminal Services machine, you as the administrator can
take control of his session, giving you full access to whatever the
user's screen displays. The user can watch whatever you do in his
session, making the tool wonderful for quick problem solving. The user
also can control his session while you have control so that both sides
can interact.
This
is exactly like the Remote Assistance feature, which is available in
Windows XP and Windows Server 2003 but recommended for use only with
client computers running Windows XP. You shouldn't use Remote Assistance
on servers for security reasons and should rely on the Terminal
Services remote control feature instead. |
|
To take control of a particular session, follow these steps:
In
the right pane of TSM, right-click either the sessions or users to whom
you want to send a message, and select Remote Control.
The
Remote Control dialog appears. Here, select the appropriate key to be
pressed along with the Ctrl key to end a remote control session.
By
default, when you select OK, the user is prompted inside his session
with a box asking him to confirm your request to take over his session.
The user must acknowledge this prompt before remote control can begin.
It's possible to turn off
the aforementioned user confirmation requirement through the user's
properties inside Active Directory Users and Computers. On the Remote
Control tab, uncheck the Require User's Permission checkbox, as shown in
Figure 4.
You also can remotely control a user's session from the command line using the SHADOW
command. You must know the session's name or identification number. For
example, to connect to session 3 on the current server, issue the
following command:
shadow 3
To connect to session 2 on server WTS2, and to have the SHADOW utility tell you exactly what it does, issue the following command:
shadow 2 /server:WTS2 /v
