Category Archives: Windows 2008R2

Create RDP Shortcuts for users to login to Windows Server

Users can create a shortcut on their desktop to the Remote Desktop Connection Client on their local PC to make it easier to login to their remote server. The shortcut can include customization like enabling printer redirection, enabling clipboard (to copy and paste between the server and local PC), hard drive redirection and more.  You can also choose to save your username so you don’t need to enter it each time.

If you are the local IT admin and want to make it easier for your users to login to their remote desktop session on the remote server, you can create the RDP shortcut for each of them on their local PC or create it on your PC and provide it to them to save on their desktop. This assumes that the users are on the same version of Windows/RDP.

Steps to create a shortcut on your desktop to your local Remote Desktop Connection Client:

  1. On your Windows PC, open your local remote desktop connection client by clicking the start button and typing mstsc, or browsing to the program in start, all programs, accessories, remote desktop connectionLocal_Remote_Desktop_Connection_Client
  2. Click on “Show Options” to view the settings that can be modified/customized.
  3. On the General Tab, you can enter the computer name field as the IP address of the remote server or dns name if setup. You can also enter the username if you want it to be saved. Do not click “save as” yet as you will want to make additional selections first and then come back to the general tab to “save as” the shortcut to the desktop.
  4. On the Display Tab, you probably want to keep it as Full Screen.
  5. On the Local Resources tab, you have several important options particularly in the “local devices and resources” section. Most users will want to make sure the boxes are checked by both Printers and Clipboard which will allow you to print to you local printer and copy and paste files between your local PC and the server. Under the “More” settings, you can select whether to redirect your local c: drive which will then show up in windows explorer on the server to make it easy to move files between your PC and server. We typically don’t recommend that you redirect your hard drives by default in the shortcut because it utilizes additional resources and bandwidth (and you can easily move files using clipboard – copy/paste instead), but rather you can redirect your hard drive only when necessary by changing the setting prior to connecting. If you intend to move files between your PC and server frequently, then you make want to redirect your c: drive by default.Local_Remote_Desktop_connection_client_Local_Resources
  6. After you have made your selections (usually you can leave the defaults on the remaining tabs), go back to the General Tab and click “Save As”, enter a shortcut name of your liking, and make sure to select your Desktop as the destination for the shortcut. (If you select “Save” instead of “Save As”, your choices will overwrite the default remote desktop connection profile on your local PC.) After saving it to your desktop, you should now see the shortcut on your desktop for easy access!
  7. We also have a video on creating RDP shortcuts that you can review:  https://www.youtube.com/watch?v=iLKSMcIrfqE

VDI, Desktop as a Service (DaaS), Hosted Desktop and Remote Desktop Hosting

Summary – Hosting desktops in the cloud goes by many names and can be setup in several methods depending on your needs.  As you can see below, some setups can be costly from a Microsoft licensing perspective and some setups are better if you wish to share applications among users or alternatively have a completely isolated virtual machine for each user.  As a hosting provider in the Microsoft SPLA program, Riptide Hosting can provide Windows Server and Remote Desktop Services (RDS) user licenses but not Windows Desktop (Windows 7,8,10) licensing.  In the discussion below, you will see that Windows Server with RDS for individual user desktop sessions can be a very cost effective solution to provide users with a customizable desktop session and ability to share applications between users.

Method 1: Remote Desktop Services on Windows Server – You can utilize a Windows Server OS (2008r2/2012r2) with Remote Desktop Services (RDS) to provide each user their own customizable desktop session.  Applications such as an access databases, accounting applications, business software, and MS Office can be installed on the server once and accessible by each user session simultaneously.  Users have access to both a private folder (i.e. my documents) and apublic folder to easily share documents between users.  The Desktop Experience feature can be installed to make Windows Server 2012R2 look like Windows 8.1 (or on Server 2008 R2 to look like Windows 7).  A Remote Desktop server is often the cheapest method for providing desktop sessions.  At Riptide, a VM with licensing for Windows 2012R2 starts at $90 plus RDS user licenses at $7.75 each.

Method 2: Windows VMs with Desktop OS 7, 8.1, 10 – Windows desktop licenses are not available in the SPLA program so hosting providers like Riptide cannot provide these licenses although you may be able to utilize your own licensing.  Windows 7, 8.1, and 10 cannot be used as a Remote Desktop Session Host like Windows Server can be.  If you are looking to provide individual (isolated) VMs to each user with a Windows Desktop OS, an option is to use one of our Dedicated Servers upon which to install your own Volume Licensed version of Windows 2012R2 Server OS along with the “virtual machine based desktop” deployment method of RDS where each hyper-V VM utilizes a desktop OS.  Licensing in this scenario requires that each user or device accessing the VM have either the Windows Desktop Enterprise License with Software Assurance or a Windows Virtual Desktop Access (VDA) license.  VDA device licenses are approximately $100/device/year.  Many users do not have the Windows Enterprise license because it is available in Volume Licensing and not OEM/Retail and requires Windows Professional or better.  Typically this is much more costly or cost prohibitive versus method 1 above.  The rights to utilize the Desktop OS VM cease when either the Software Assurance or VDA license expires. For a client to use their own Volume Licensing, it must be on a fully Dedicated Server and must have the proper type of licensing.  Here is a link to a good article on Microsoft licensing: https://community.spiceworks.com/how_to/124053-licensing-windows-10-with-virtualization-technologies-how-to

 

Method 3: individual VMs on Windows Server OS – if you want isolated VMs without the ability to share programs/documents between users, another option is to use Windows Server with individual hyper-V VMs with a Server OS instead of a desktop OS.  This would allow you to license the underlying host machine/server with Windows Server Datacenter licensing which provides unlimited VMs on a server OS.  In some cases this would be cheaper than method 2 above but almost certainly more expensive than Method 1 of Windows Server with RDS desktop sessions.

Things to think about:

  • Do you want a Desktop OS or Server OS / Server OS with Desktop Experience?
  • Who is providing the licensing? Do you have Desktop Enterprise with Software Assurance or VDA Licenses? Hosting providers via SPLA can provide Server OS and RDS licensing but not Desktop.

 

Hosted Remote Desktop Services RDS on Windows Server – Summary

RDS SUMMARY:

We get many questions about Remote Desktop Services on our hosted Windows Servers and below is a summary of many of our blog post, issues and links to helpful solutions and discussions.

Most clients that use Remote Desktop Services (RDS) use full “desktop sessions” where each user has their own desktop session to modify/customize the desktop, open their programs, save files, open MS Office documents (if Office is installed), etc.   User can share files with other users through the use of public folders.  Desktop sessions are the default method in RDS and are typically easy to use from any device with the Microsoft Remote Desktop Connection client which is built-in on Windows PCs and can be downloaded for MACs, iphone, android, etc. If you need to share and save files, interface with Office, install several applications, or have full desktop features, you will likely want to use regular/full desktop sessions without adding the advanced configurations and complexity of RemoteApp (see RemoteApp section below).  In 2012 R2, during the installation of RDS, “Session Virtualization” is akin to desktop session.

INSTALLING APPS and PRINTER/DRIVE REDIRECTION: install your application using the proper RD install mode via control panel instead of double-clicking on the exe file.

http://www.riptidehosting.com/blog/installing-programs-on-remote-desktop-terminal-server/

http://www.riptidehosting.com/blog/redirection-of-printers-and-local-drives-on-hosted-rdp-server/

RD CLIENT DOWNLOADS:  Links to download remote desktop clients for MAC/iphone/ipads and Android.  We recommend you look the for the most recent version if these links are out of date.

http://www.riptidehosting.com/blog/remote-desktop-connection-client-for-macs/

http://www.riptidehosting.com/blog/remote-desktop-connection-client-for-android/

LOGIN ISSUES:  Don’t check the box in user properties “change password upon login” and other items:

http://www.riptidehosting.com/blog/remote-desktop-connection-an-authentication-error-has-occurred-the-local-security-authority-cannot-be-contacted/

http://www.riptidehosting.com/blog/issue-in-windows-2012-r2-when-setting-rdp-users-to-change-password-upon-login/

LOGOFF DISCONNECTED SESSIONS: For Windows Server 2012R2 only.  Much easier to change these settings in 2008R2 via RDS GUI without following these steps.  We recommend you utilize these steps to logoff disconnected sessions.

http://www.riptidehosting.com/blog/how-to-set-time-limit-for-disconnected-sessions-windows-server-2012r2/

RDS LICENSING:  Is your hosting provider providing the RDS user licenses?  If you have your own licensing that you wish to use (Office, SQL Server, RDS, etc.), use our dedicated servers.

http://www.riptidehosting.com/blog/does-your-hosting-provider-offer-remote-desktop-services-licensing/

http://www.riptidehosting.com/blog/microsoft-licensing-volume-licensing-versus-spla-licensing-costs/

 

LAUNCH PROGRAM AUTOMATICALLY UPON LOGIN – to launch a single program without using RemoteApp

http://www.riptidehosting.com/blog/how-to-launch-a-program-automatically-when-logging-into-remote-desktop-server/

 

WINDOWS UPDATES TIMING: For Windows Server 2012R2 only, use link below to adjust timing of Windows Updates and reboots.

http://www.riptidehosting.com/blog/how-to-modify-timing-of-windows-updates-in-2012-2012-r2-to-control-timing-of-updates-and-restarts/

SHADOW SESSIONS: For Windows Server 2012R2 workgroup mode only, see link.  Shadowing sessions in 2008R2 is easy and doesn’t require steps below.

http://www.riptidehosting.com/blog/how-to-shadow-a-users-remote-desktop-session-on-windows-2012-r2-server-not-connected-to-a-domain/

REMOTEAPP:

Instead of a full desktop session for each user, RemoteApp is a feature in RDS where the user doesn’t get a desktop session but rather just an application as if it is running on the end-user’s desktop. While RemoteApp can be a great feature, there are some limitations as noted below (difficult use for MAC users, no desktop session to save/share Office and other files, etc.).  Setup and use of RemoteApp differs in Windows Server 2008R2 and 2012R2.  If you have MAC users, your only option if you want to use RemoteApp is Windows 2012R2 with the RDWeb role service installed as well as joining to a domain.   An alternative to RemoteApp in some situations is to configure user properities to have a program automatically start upon login or desktop sessions that have been configured via group policies to hide some desktop features or icons.

Regular/Full desktop sessions are typically much easier to use than RemoteApp especially if you wish to interface with MS Office, share documents with other users, customize shortcuts or your desktop, etc., but RemoteApp is beneficial in certain use cases where you don’t want the user to logon to the server desktop and wish to only provide access to a specific program.  In 2012R2, RemoteApp requires some advanced configurations such as requires joining to a domain and you’ll want to install certificates, etc.

RemoteApp in Windows Server 2008R2:

Works in workgroup mode (doesn’t require joined to domain controller like 2012R2). Managed through the RemoteApp Manager in administrative tools. Use the RemoteApp wizard to publish an application as a Remote App. There are several methods to distribute Remote Apps in 2008R2 of which two are:

  1. Distribute a RDP file to the user (no longer available in 2012R2). Create a .rdp file in the Remote App Manager (click on the Remote App and click on “create .rdp file) then manually distribute to user(s) as needed.
  2. RDWeb website where users access the specified program via a URL. You need to install the RDWeb access role service which installs IIS too. RDWeb Access website on 2008R2 requires client browser to have ActiveX enabled and therefore doesn’t work on Chrome, Firefox or any browser other than Internet Explorer (which may require adding URL to compatibility settings or trusted sites to avoid “browser not support” error message) and therefore basically excludes MAC users.  https://technet.microsoft.com/en-us/library/cc731508.aspx

RemoteApp in Windows Server 2012R2:

Remote App Manager doesn’t exist in 2012R2 and in order to view the RDS section in Server Manager, the server must be joined to a domain. Distribution methods: the ability to create a RDP file to distributed via the RemoteApp wizard is NO longer available. Use the RDWeb method or other methods such as Web Feed URL method via control panel on end-user’s local PC are still available.

  1. RDWeb URL – 2012R2 no longer requires ActiveX and therefore should be much more accessible from other browser types. When enabled, you can access the RD Web Access Web site at https://IPADDRESS/rdweb.
  2. However, in 2012R2, to distribute Remote App programs via the RD Web page, the RDWeb server role must be installed which requires the server be joined to a domain first, or the Active Directory Domain Controller role installed on the server first which is usually not recommended to do on the same server (and won’t even load on 2012 but will on 2012R2).

 

Links to some of our blog posts on RemoteApp:

http://www.riptidehosting.com/blog/remoteapp-and-options-for-mac-users/

http://www.riptidehosting.com/blog/how-to-set-up-remoteapp-on-server-2012-r2/

http://www.riptidehosting.com/blog/how-to-launch-a-program-automatically-when-logging-into-remote-desktop-server/

http://www.riptidehosting.com/blog/how-to-create-group-policies-in-server-2012r2-that-only-affect-specified-users/

http://www.riptidehosting.com/blog/remoteapp-rdweb-website-hosted-on-windows-server-2008r2-does-not-work-with-windows-10-edge-browser/

Remote Desktop Connection: An authentication error has occurred. The Local Security Authority cannot be contacted

Fixing login problems with Remote Desktop Services

If you have having issues logging into a Windows Server with Remote Desktop Services, below are some things to try.  For example, some users have seen an error like this when trying to login “Remote Desktop Connection: An authentication error has occurred.  The Local Security Authority cannot be contacted”.

  • First, check if your issue is affecting all users or just one account – can the administrator login?
  • Does user have correct permissions to access the server via RDP – are they are member of the Remote Desktop Users group in User Permissions?
  • Does the Firewall allow RDP connections?  What port is used? Is a VPN connection required?
  • Login as computername\username (i.e. SERVER1\jdoe) instead if just typing jdoe at the RDP login prompt.  (this seems to be required if using the MAC RDP client).  Computername is the name given to the server, which you can see under computer properties
  • If only affecting one user, try to reset the users’s password and uncheck the box by “change password at next logon”.   In 2008 R2, login as administrator, open server manager (which may open automatically), expand tree on left side to get to users and groups, select users, right click on user name and say “set password” to reset password, then go in properties of user and uncheck change at next logon.  In 2012 R2, click on start button, type “computer management” which will open and expand tree on left side to get to users and groups as noted above.
  • Do not use the “user much change password at next logon” button in user properties.  Various comments and posts online indicate that changes in the windows authentication process in recent OS versions don’t allow expired users to change their password via RDP once it expires when Network Level Authentication or Credential Security Support Provider (CredSSP) is enabled.  This is only an issue trying to force users to change their password on a RDP session – it works fine from a console session if you are local to the machine. We have a separate blog post on this but try to uncheck this box by “user must change password at next logon” if it is currently checked. Remember to always create complex, strong passwords! (Users can manually change their password upon logon by pressing control-alt-end and following the change password prompts).
  • Reboot the server
  • Turn off Network Level Authentication temporarily and see if that allows the user to login.  Some older Remote Desktop Clients don’t support NLA as well as MAC clients may not.

 

 

 

Microsoft Licensing – Volume Licensing versus SPLA Licensing costs

We can provide most Microsoft software licensing on a monthly basis through the SPLA program.  These licenses are provided on a monthly basis and are easily provisioned.  In some situations, you can use your own valid Microsoft volume licenses but there are numerous restrictions.  For example, Microsoft Office does not have license mobility rights and can therefore not be used in a shared platform cloud environment.  If you want to use your own Microsoft Licensing (Office, SQL Server, etc.), you should use our Dedicated Server Hosting offering. We get many questions about Microsoft per user licenses (i.e. Remote Desktop Services CALs/SALs) and whether they are for concurrently users or named users – Microsoft only licenses RDS user licenses on a per unique end-user basis so every user that is defined on the server needs a license.

On a Dedicated Server (where the hardware is fully dedicated to you and the outsourcing language within the Microsoft Product Terms applies), you could use our licenses provided on a monthly basis via the SPLA program or install your own licensing.  (The SPLA pricing below also applies to both our cloud virtual servers and our dedicated server environments).  Here is some comparison of pricing as of January 2016.  Windows Server 2016 (coming out later this year) will be licensed “per core” instead of “per processor” which is how Windows Server has been licensed historically (SQL Server licensing changed from proc to core a few years back).

SPLA licensing:

  • Monthly basis with no commitment.
  • Windows Server CALs and SA not needed
  • Our SPLA pricing:
    • Windows Server Standard – typically included in our server costs.
    • RDS user license – $7.75/user
    • SQL Server Standard – $275 per 4 cores (sold at $137.50 per 2 cores with 4 cores minimum)
    • UPDATE – SQL Server 2016 is now available – same pricing of $275/month for 4 cores using our SPLA monthly licensing or purchase your own (retail pricing SQL Standard 2016 is approx. $7,500 – see link here).  https://www.microsoft.com/en-us/server-cloud/products/sql-server/purchasing.aspx

Volume Licensing:

  • Higher upfront cost with benefit of owning the licenses (does not include upgrades without SA)
  • SA (Software Assurance) recommended (comes in 2 year increments)
  • Additional cost and requirements of Windows Server CALs required for each user
  • Windows Server licensing minimum 2 proc/16 cores per server
  • Some Volume Licensing programs require a minimum purchase or minimum points

 

FOR EXAMPLE, if you are looking for a server licensed with Windows Server and 5 Remote Desktop users:

  1. Using our SPLA licensing:
    • Windows Server Standard licensing included in our hosting pricing
    • 5 RDS SALs (remote desktop services user licenses) – $7.75 each user
  1. Purchase Volume Licensing:
    • Windows Server License for 2 Processors (minimum) $1,171.55 with SA
    • Windows Server User CAL (per user) $52.03 with SA
    • Remote Desktop Services CAL (per user) $181.72 with SA
    • Plus cost of server ?

 

SAMPLE VOLUME LICENSING FROM LARGE RESELLER:

Windows Server: 2012R2 (each covers 2 physical Processors) plus 2yr SA included.  Windows Server 2016 licenses will be more expensive and core based.  Need to purchase Proc/Core license + CALs.

P73-05758 / Windows Server Standard / $1,171.55

R18-00143 / *Windows Server User CAL / $52.03

 

 

SQL Server Standard – pricing below is per 2 cores but minimum purchase is 4 cores – so total approx $6,571 without SA or $9,895 with SA.

7NQ-00563/ SQLSvrStdCore 2014 SNGL OLP 2Lic NL CoreLic Qlfd / $3,285.66  — Total of $6,571 for 4 cores without Software Assurance meaning no free upgrade to next version.

7NQ-00215/ SQLSvrStdCore SNGL LicSAPk OLP 2Lic NL CoreLic Qlfd / $4,947.81 – Total of $9,895 for 4 cores with Software Assurance

UPDATE: SQL Server 2016 is now available – retail pricing from Microsoft (see link below) for 4 cores SQL Server Standard is $7,434 or you can use our licensing via SPLA on a monthly basis with no long term commitment at $275/month for 4 cores.   https://www.microsoft.com/en-us/server-cloud/products/sql-server/purchasing.aspx

Remote Desktop Services CALs – required per unique end-user.  Per CAL price below with 2 yr SA

6VC-01152/ WinRmtDsktpSrvcsCAL SNGL LicSAPk OLP NL UsrCAL / $181.72

 

After the initial 2 years, you can purchase Software Assurance for additional 2 year terms (a rough estimate is 20% per year).

RemoteApp RDWeb website hosted on Windows Server 2008R2 does not work with Windows 10 Edge Browser

If you are using the RemoteApp RDWeb Access website feature (RDweb) in Windows Server 2008 R2 and have client/user PCs that have upgraded to Windows 10, read below. This does not apply if you are using full RDP desktop sessions to login and see a desktop which is what many/most people do – i.e. using RDP client to connect to a desktop session.

If users are accessing applications using the RD Web access website (i.e. https://IP or Hostname/rdweb ) to access applications instead of logging into the server via the remote desktop connection client, you will notice that the website doesn’t work from Windows 10 PCs using the new Microsoft Edge browser.  RemoteApp RDWEB hosted on a Windows 2008 R2 Server requires the client browser to have ActiveX enabled which basically limits usage to Internet Explorer (doesn’t work on Chrome, Firefox nor for MAC users).  (Note: Windows Server 2012R2 RemoteApp RDWEB no longer requires ActiveX).

Solution

The good news in this situation is Windows 10 still includes Internet Explorer and if you open the website using IE, you should be able to access it – see steps below.  In Windows 10, open IE separately and not within Edge (i.e. in Edge, you can click tools, and then say “open in IE” but don’t do it this way).  Follow the steps below to open IE, add rdweb URL to trusted sites in IE, then close IE and reopen IE, then it should work.

 

  1. CLICK START BUTTON and start typing “Internet Explorer” which should pop-up in search results and select – see screenshot below.  Don’t click the browser shortcut in taskbar because that will just open Edge.

Windows10startmenuforIE

2.  After IE opens, go to the url you use for RDweb.  Click Allow on popup to allow MS RDS web access – see screenshot.

RDweballowRDSWA

 

3.  Do not login yet – first we need to add to trusted sites in Internet Explorer (only need to do first time), then will need to exit all IE windows and start again.

4.  Under the tools icon, click internet options like this, which will open the Option windows, then go to Security Tab, Trusted Sites (the green checkbox), then click on the “Sites” button and then add the url which may be pre-populated – see screenshots.

TrustedSites

5.  Next, close all Internet Explorer windows and start over except this time login to the RDS site.

 

Does your hosting provider offer remote desktop services licensing?

Although hosting providers are generally required to provide the Windows Server operating system license via the SPLA program on hosted servers, very few offer the Remote Desktop Services (previously Terminal Services) user licenses (aka CALs/SALs) to their customers. If you are using the Remote Desktop Services role, you are required to have RDS user licenses for each unique end user that uses RDS. The RDS CALs/SALs are not part of the Windows Server OS licensing and are applied separately. We provide the Remote Desktop Services licenses at $7.75 per user which can be increased in increments of one on a monthly basis. Contact us for additional information.

RemoteApp and options for MAC users

REMOTEAPP

 

For remote desktop (terminal server) application hosting where the user is logging into a full desktop session, MAC users should have a good experience and there are Remote Desktop Connection Clients that can be downloaded for MACs, iphone, and ipad. (The Remote Desktop Connection Client is preloaded on all Windows machines and doesn’t require a download to use it).  The Clients for MACs/Apple can be found here:  http://www.RiptideHosting.com/blog/remote-desktop-connection-client-for-macs/

 

RemoteApp is an optional feature of Remote Desktop Services where users are not provided a desktop session but rather can only open a specified application.  This feature doesn’t work well with MAC users in Windows 2008R2 due to the limitations below.  It should work better in Windows 2012R2 for MAC users but only if using the RDweb login option.   We have many MAC users using our Remote Desktop hosting although most are using full desktop sessions instead of RemoteApp.  There are other options instead of RemoteApp as described toward the end of this post.

 

With RemoteApp, you can distribute a RDP file to a user (Windows 2008R2 only – “RDP distributable file” – this option is not available in Windows 2012R2) or you can set it up for users to access the specified program  via a URL.  The user can open the specified application but does not get a full desktop session to save/share files, etc.

  1. RD Web URL – When enabled, you can access the RD Web Access Web site at https://IPaddress/rdweb .  In 2008R2, the website requires that the client browser has ActiveX enabled which basically limits usage to Internet Explorer and therefore excludes MAC users.  (as noted here — https://technet.microsoft.com/en-us/library/cc731508.aspx).  In 2012R2, the RD Web Access website no longer requires ActiveX  and is supposed to work with many more browser options.  However, Server 2012R2 does require that the Active Directory Domain Controller role be installed to use RemoteApp whereas it is not required in Windows 2008R2.
  2. Create RDP file via the RemoteApp Wizard to distribute to users.  This works easily to create the file and other PC users should be able to open it easily.  MAC users generally have issues when they try to open the file where the system doesn’t recognize it.  Note: Windows Server 2012R2 no longer has this option to create the RemoteApp distributable file.

If you are going to use RemoteApp in 2008R2, contact us for additional instructions and tips that we can provide.

 

 

OTHER OPTIONS

 

  • User full desktop sessions but configure group policies to limit access to certain things, remove icons, prevent access to drives, etc.

How to set time limit for disconnected sessions Windows Server 2012R2

By default, Remote Desktop Services allows users to disconnect from a remote session without logging off the server and ending the session. When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. A disconnected session continues to consume server resources and we recommend that you set policies to end disconnected session after a period of time. Sessions are ended/closed out if the user Logs Off from the server (start -> logoff) but are not ended if the user simply clicks the X in the upper corner to close the RDP window.

You can limit the amount of time that active, disconnected, and idle sessions remain on the server. Two methods are described below:

#1 — User Properties to set session time limits per user:

In each user’s properties window, under sessions tab, you can change the default of “end a disconnected session” from NEVER to X hours/days as well as change the other settings.

User_Properties_Picture

#2 — Group Policy to set session time limits for all users:

  1. Cmd prompt, gpedit.msc
  2. Computer Configuration, Admin Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Session Time Limits
    1. Enable appropriate group policies and modify as needed
    2. We recommend setting this one because it will prevent disconnected sessions from consuming server resources — “Set time limit for disconnect sessions”
  3. After modifying group policies, you can force an update without rebooting by typing “gpupdate /force” at cmd prompt

 

#3 — If Windows Server 2008R2, you can modify these settings in RD Session Host Configuration too

To configure session settings on a windows 2008R2 server with Remote Desktop Services role installed, go to start -> administrative tools -> remote desktop services -> RD Session Host Configuration. Then right click RDP-Tcp properties, Sessions tab, and enter value to end a disconnect session after a specific period of time, end an idle session, etc. (tsconfig.msc also opens the RD Session Host Configuration window). More details can be found here: http://technet.microsoft.com/en-us/library/cc754272.aspx

 

 

 

How to launch a program automatically when logging into Remote Desktop Server

Automatically launching a program or application upon login to a Remote Desktop Session.  See below for methods to use the “start program at login” policy which can be configured per user.  Another method to limit specific programs to a user is via RemoteApp.  We have several other posts regarding RemoteApp and how to set it up and its limitations (i.e. RemoteApp setup is easier in 2008R2 (works in Workgroup mode) than 2012R2 but RDweb requires ActiveX (so IE only) and it doesn’t work for MAC users, while use of RemoteApp in 2012R2 requires joining to a Domain).

1) USING ENVIRONMENT TAB OF EACH USER’S PROPERTIES ON SERVER:  If you want a program to automatically start when a user logs on to the RDP server instead of showing a full desktop session, you can configure this in the Environment tab of the Properties window for each particular user. 

 User_Properties_Environments

After you have made the changes, you should test that it works properly for your users by logging into the server using the accounts you changed/created including testing it with simultaneous sessions and to verify the sessions close properly when the application is closed.

We highly recommend enabling policy to log off disconnected sessions:

  • Enable policy to log off disconnected sessions immediately or within a few minutes so you don’t have a blank screen if users don’t properly exist a program.  Existing the program (instead of clicking X in upper right corner of program) will properly log off the session but enabling this policy will ensure that an improper disconnected session is automatically logged off.  See block post here for instructions on how to enable this policy on both 2012R2 and 2008R2 http://www.riptidehosting.com/blog/how-to-set-time-limit-for-disconnected-sessions-windows-server-2012r2/

2) USING PROGRAMS TAB ON REMOTE DESKTOP CLIENT – Another method is to use the programs tab on your local remote desktop client prior to logging in to the server.  On the programs tab, you can enter the path for program to start upon login.  You can also create a RDP shortcut with this information saved on to your desktop.  We have a video on our website on creating RDP shortcuts – https://youtu.be/iLKSMcIrfqE .  A disadvantage to this method versus the first method above is that each user can edit the shortcut and change the settings.  Your IT person can create these shortcuts and provide them to each user.  

If you use this method on Windows 2008R2, you may have to change settings in RemoteApp under RDP Settings Change and allow access to unlisted programs.

3) USING GROUP POLICY – Another method to configure this is to configure programs to automatically start in the RD Session Host Configuration settings and in Group Policy, although then the logon settings could be applied universally to all users, including the Administrator (which means Administrator may not be able to access the desktop, start button, etc.) whereas the method above allows configuration by User.  You could also create a separate group policy that would be applicable for a specific group, such as non-administrators, so the group policy change wouldn’t affect all users. 

4)  REMOTEAPP – Another method is to configure the RemoteApp feature in Remote Desktop Services (RDS).  In 2008R2, this feature works great (either the RemoteApp distributable file or RD Web) for PC users but not for MAC usersIn 2012R2, the RemoteApp features requires the Active Directory / Domain Controller service to be install on the server before RemoteApp can be used

 

 

How to create a Bootable USB to install Windows Server iso image to fix the error BOOTMGR missing

The most recent Windows Server 2016 Technical Preview iso is so large that only some DVDs readers can read it.  Example try loading it on a Dell PowerEdge server.  The iso was greater than 4.7GB and therefore was not burnable on the single layer DVDs we had.  Simply copying the iso to a USB thumb drive will error when trying to boot because it is not a bootable device it is missing the boot loader so you will get the error message that boot file or bootmgr is missing.  Note: to boot from USB on a Dell PowerEdge Server you much change settings in Dell bios to boot from USB.  To work around this issue and properly boot a Windows Server Iso Image from a USB drive, we followed these steps for a windows machine:

  1. Have the .iso image on your local desktop/laptop or on a readable DVD.
  2. Download this Microsoft tool, “Windows USB/DVD Download Tool” (http://www.microsoft.com/en-us/download/windows-usb-dvd-download-tool), to your local desktop/laptop.  We used this tool on a Windows 7 machine.  We have seen posts where users says it works on a Windows 8 PC but have not verified it.
  3. Open the tool and follow prompts to copy the iso image from local machine to USB thumb driveInsert thumb drive in server and change bios boot options to boot from USB.

Using Task Scheduler to schedule recurring automatic reboot of Windows Server 2008R2

Use the steps below to schedule a task which can automatically reboot your Windows 2008 R2 server on a recurring basis.  Please beware that users that are logged on will be kicked off when the server reboots.

  1. Go to administrative tools, task scheduler.  
  2. Then right click on Task Scheduler and select Create Task
  3. Name the task, possibly something like “Reboot Weekly Saturday midnight”
  4. Change settings to run whether user is logged in or not.  Change User/Group and type in SYSTEM.
  5. On the Triggers tab, select New and fill in your schedule and make sure to check Enabled at bottom of screen
  6. On the Actions tab, select New, Start a program, and browse to “c:windowssystem32shutdown.exe” and add “/r” in the arguments box
     

If users are logged on when the server is about to reboot, it will show a message “you are about to be logged off, windows will shut down in less than a minute”.  It reboots in about 30 seconds from our experience.  If you do this, you’ll want to schedule this when users are not in the server so unsaved data is not lost. 
 

Reducing size of WinSxS directory on Windows Server 2008 R2

UPDATE FOR 2012 R2: The Desktop Experience feature is still required to be installed for Disk Cleanup to be available.  The Desktop Experience feature is listed under “User Interfaces and Infrastructure” when installing the feature – see Microsoft TechNet link here:      http://blogs.technet.com/b/rmilne/archive/2013/07/11/install-desktop-experience-on-windows-server-2012.aspx    Disk Cleanup can then be found on the Tools menu in Server Manager.

————————————————————————————————————-

 

As noted on the Microsoft technet link below, a Disk Cleanup option on Windows Server 2008 R2 is available to clean up the WinSxS directory which will reduce its size by cleaning up previous versions of Windows Update files.

 http://blogs.technet.com/b/askpfeplat/archive/2014/05/13/how-to-clean-up-the-winsxs-directory-and-free-up-disk-space-on-windows-server-2008-r2-with-new-update.aspx

Disk Cleanup is a component of the Desktop Experience feature which is not installed by default on Windows Server 2008 R2 so if you haven’t installed it already, you are generally required to do so (see alternative below although MS recommends installing Desktop Experience).

Here is a link to an overview of Desktop Experience on Windows Server 2008 R2 https://technet.microsoft.com/en-us/library/dd759187.aspx

(Note:  You can run cleanmgr.exe by following the steps in this article without installing Desktop Experience. https://technet.microsoft.com/en-us/library/ff630161%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
SEE LINK – Cleanmgr.exe should go in c:WindowsSystem32.
SEE LINK – Cleanmgr.exe.mui should go in c:WindowsSystem32en-US.
After copying files, you can run cleanmgr.exe by typing it into the start box. This may be a good option to get Disk Cleanup without all the other components of Desktop Experience.)

To Cleanup WinSxS directory:
Run Disk Cleanup
Select c: and click on Clean Up System Files
You should see a row labeled “Windows Update Cleanup” with potential space savings of X GB.
Run – takes several minutes to clean up files.
Then on reboot (which was not forced immediately), it reboots to a Windows screen message “cleaning up” for several minutes

From our experience,

  • We have seen it reboot twice on occasion during the process.
  • This often reduces the WinSxS folder by 3 GB to 5GB.
  • For us, the reboot process at “cleaning up” screen has taken anywhere from 5-15+ minutes
  • One time while performing this, we noticed that the DNS fields on the network connection were changed back to default and internet access didn’t work properly until it was updated.

FTP service on remote desktop server or 2008 r2 windows server

Generally we don’t recommend installing FTP on a server unless it is necessary.  In some cases, it can be easier to transfer files through RDP.  If installing FTP on a remote desktop terminal server and after installation it seems like it is still blocked even though the ports were open on the Windows firewall, try restarting the FTP service.    Restarting the FTP service solved this issue.  If you are having a similar situation, checks to see that the FTP service is started/running and try restarting it.    Also, you should check that the required ports are open on any firewalls used which may be internal and external to the server.

If you are using a remote desktop terminal server, you can transfer files through RDP, by redirecting your local hard drive or via clipboard (cut & paste from local machine to server) without having to install FTP, etc.

Riptide Hosting partners with IT consultants

We work with many IT consultants/firms that use our hosting services for their clients.  Our premium hosting services are a good fit for IT consultants with clients looking to migrate servers to a datacenter/cloud, upgrade from older operating systems such as Windows 2003 or move to a hosting provider with superior bandwidth, infrastructure and redundancy.  The IT firm/company has root access to load and configure as needed.  The IT consultants can be our direct customer and bundle Riptide’s services with their own and mark it up as they wish, or we can directly invoice the referred end-user and pay the IT firm/consultant a recurring commission. 

 We provide many types of hosting services including remote desktop hosting (which can be utilized on a virtual server or a dedicated server).  Remote desktop hosting is often used when a client wants to have applications hosted on a central server accessible by multiple user sessions.  We also provide virtual server hosting, dedicated server hosting, colocation services, and monthly pricing on most Microsoft software (SQL, Office, RD user licenses, etc.) via the Microsoft SPLA program.   Our agreement is month to month and our pricing includes the Windows standard operating system license in the base price.  Windows VMs start at $90 for a virtual server (with root access) or $39/user, and full Dell dedicated servers start at only $225.  Our premium, blended bandwidth (8 telecom carriers) is vastly superior to a single carrier bandwidth and designed to provide 100% network uptime.   

 We are always happy to discuss options, pricing, licensing, etc. for each specific situation since they all vary somewhat.  We look forward to working with you!