Disable Internet Explorer Enhanced Security Configuration

Windows Server comes with Internet Explorer (you are also free to download another browser of your choice such as Chrome or Firefox). Internet Explorer Enhanced Security Configuration (IE ESC) is a security feature that can be enabled or disabled.  If enabled, when you open IE you will see something like this “Internet Explorer Enhanced Security Configuration is enabled” and when you type in a website, you may see a popup with “Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration”. According to Microsoft, IE ESC  “reduces the exposure of your server to potential attacks from Web-based content”.   IE ESC will typically block your ability to download programs or applications to the server.

If you need to temporarily disable this feature, you can do so using the following steps:

  1. Open “Server Manager” – click on the icon that looks like a ‘tower computer with toolbox next to it’ in taskbar next to the start button
  2. In Server Manager, go to the “local server” section in left side menu.
  3. Next, look for “IE Enhanced Security Configuration” in the right column, click on the OFF hyperlink.
  4. Here you can disable Internet Explorer Enhanced Security Configuration for “Administrators” or “Users” or Both. This is where you can enable IE ESC too.  Usually the new settings will take place when you close out the existing IE sessions and reopen the browser; otherwise reboot the server for the changes to take effect.

To protect your hosted remote desktop server (terminal server), we recommend security measures such as anti-virus, backing up your data, requiring strong / complex passwords, etc. We also offer Veeam full server image backup that goes beyond just file/folder backup. Our licensing is monthly with no long-term commitment.

RDP connections exceeded in Windows Server 2008R2

If you are prevented from logging on to your server via RDP and receive a message that the maximum number of connections have been exceeded, see steps below to login to the special session to then disconnect the other user sessions:

1. Open Command Prompt on your local windows computer
2. Type: mstsc /admin
3. Hit ‘Enter’ key and login
4. This will open a new session enabling you to log off other sessions.
5. Open task manager, go to the users tab and log off idle or disconnected users

The special session you are using to login has restrictions. Once you have logged off the other users, you should log back into the sever in the normal way.

Remember that remote desktop sessions are closed out from the server if the user Logs Off from the server and not when they simply close the session from clicking the X in the upper corner.

To configure session settings on a windows 2008R2 server with Remote Desktop Services role installed, go to RD Session Host Configuration, RDP-Tcp properties, Sessions tab, and enter value to end a disconnect session after a specific period of time, end an idle session, etc. (tsconfig.msc also opens the RD Session Host Configuration window). More details can be found here: http://technet.microsoft.com/en-us/library/cc754272.aspx

Access Runtime (free download) on our Remote Desktop (Terminal) Servers

Do you need full MS Access to create/modify Access databases or do you only need Access runtime to allow users to only run existing Access databases.  If you only need Access Runtime, you can save on Office licensing fees.

Riptide Hosting can provide Microsoft licensing for the full version of Access 2019, Access 2016, Access 2013) / Office Professional which is best if you need the full features of Access including creating and editing the database tables and forms– see our pricing calculators for current pricing.

Microsoft also offers MS Access Runtime as a FREE download which may be an option depending on your situation, for example if you have already created a database application which has forms to input and manipulate the data. Runtime is limited to running an already existing/created Access application. An access developer who develops an access application can install the application on computers and servers using the free Microsoft Access runtime rather than licensing Access for each computer.

Links to download Microsoft Access Runtime (Redistributable) are below:

Microsoft Access 2016 Runtime download from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=50040

Microsoft Access 2013 Runtime download from Microsoft: http://www.microsoft.com/en-us/download/details.aspx?id=39358

Office 365 Runtime for Access 2019 download from Microsoft (note: cannot co-exist with regular Office 2016/2019 so only use if no other Office project is installed)  https://support.office.com/en-us/article/Download-and-install-Office-365-Access-Runtime-185c5a32-8ba9-491e-ac76-91cbe3ea09c9

The description of Runtime from the Microsoft Download Center for 2016 Runtime is copied in here:

“The Microsoft Access 2016 Runtime enables you to distribute Access 2016 applications to users who do not have the full version of Access 2016 installed on their computers.”

“Microsoft Access 2016 provides a rich platform for developing database management solutions with easy-to-use customization tools. If no end-user customization is required (including report modifications), you can choose to distribute those Access 2016 solutions so that they run without requiring a full installation of Access 2016. To do so, you must package and distribute your application with the Access 2016 Runtime.

The Access 2016 Runtime is similar to previous runtimes in that all design-related UI is either removed or disabled.

You do not need to buy any special product in order to redistribute the Access 2016 Runtime. You can freely redistribute it or point users to this download. “

Below is a link for “Access for developers” from Microsoft’s MSDN site as additional reference: http://msdn.microsoft.com/en-us/office/aa905400

Remote Desktop Connection Client for Macs

If you are using a Windows OS (Vista, Windows 7, Windows 8), the remote desktop connection client is already included in Windows and doesn’t need to be installed.  It may be located in start -> programs -> accessories folder if you don’t see it on your desktop or list of programs.

If you have a Mac using Mac OS X (OS X 10.7 or later, 64-bit processor), you can download Microsoft’s Remote Desktop Connection client from the itunes mac store here https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417

If you have a Mac with version of Mac OS X prior to v10.7, you can see the link below for the Remote Desktop Connection Client for Mac 2.1.1 to see if its compatible. http://www.microsoft.com/en-us/download/details.aspx?id=18140

For iphone/ipad, see itunes app store here: https://itunes.apple.com/us/app/microsoft-remote-desktop/id714464092?mt=8

See “Getting Started with Remote Desktop Client on iOS” link here for additional information such as touch gestures, etc.  https://technet.microsoft.com/en-us/library/dn473013.aspx

Below is a FAQ on the Microsoft technet website: “Remote Desktop Client on Mac: FAQ” that may be useful to review. http://technet.microsoft.com/en-us/library/dn473006.aspx

Redirect sound audio from remote desktop server to local machine

Follow the steps below to allow redirection of sound from a remote desktop server (terminal server) to local/client machine. This applies in Windows Server 2008R2. – see notes further below if you are using Windows Server 2012R2.

1) Install the “desktop experience” feature in server manager and then start the windows audio service. We have noticed that the server should be rebooted twice after installation of the desktop experience role. We do not install this feature by default as it consumes additional resources. After the reboots, make sure the windows audio service has started – if needed, click on the sound icon in the lower right corner, right click to sounds, follow prompts.

2) Confirm that sound redirection isn’t restricted on the server. Go to RD Session Host Configuration, right click on RDP-tcp and go to properties, go to client settings tab and verify that audio playback is not disabled. – UNCHECK THE BOXES TO ENABLE

RD_tcp-ip_properties

3) On the Remote Desktop Connection client on your local machine, under local resources, verify that it says “play on this computer” for remote audio playback.   Check these settings on your client prior to logging into the server.

audio_redirection

To price hosted remote desktop servers click the ‘remote desktop link’ above for pricing.

 

WINDOWS SERVER 2012R2

Easier than in 2008R2 as you don’t need to install the Desktop Experience role.

  • Enable the windows audio service by right clicking audio service sound icon in lower right corner of taskbar and go to sounds.  You should see a message that audio service is not running and asking if you wish to enable it – select YES.

audio_service_is_not_running

 

  • Close the Sounds windows and log off the server.  During our testing we didn’t have to reboot the server but if it doesn’t work below, try rebooting. 
  • When you login, you have to allow audio redirection in the remote desktop connection client on your local PC before connecting.
  • audio_redirection
  • You can test if this worked by watching the video on our www.riptidehosting.com home page and can hear the sound!

 

 

 

Remote Desktop sessions varying speed opening database reports

Windows Server 2008R2 with remote desktop services role (terminal services) and Access database

We recently had a user notice that database reports would open up at different speeds in different remote desktop sessions. After trying many different things, it was determined that printer redirection was causing some sessions to open database reports more slowly than others and the reports would open much faster if printer redirection was unchecked under local resources when making the remote desktop connection.

Printing issues on Terminal Server with Domain Controller role

Applies to Windows Server 2008R2
Microsoft does not recommend installing the Remote Desktop Services role (Terminal Services role) on a domain controller in Windows Server 2008R2. If you have installed both roles, you may notice printing issues whereby documents won’t print to your redirected printer even thought it shows as available. First review the event viewer and look for entries regarding printing and Access is Denied. You may need to change permissions/security on the windowssystem32spoolprinters folder to full access for printing to occur.

See link from support.microsoft.com for additional information:
http://support.microsoft.com/kb/968605/en-us?lc=1033