Win 2003 Terminal Server in LAN

Windows Server 2003 Terminal Server can be used to manage each customer's remote login resources. It provides a Remote Desktop Protocol (RDP)-based service that makes Windows Server 2003 a true multi-session environment operating system and allows users to use the server. Various legal resources.

First, the installation of the terminal server

1. Use the "Configure your server wizard" to quickly install

"Configure your server wizard" contains the server The key services (such as Dns server, file server, mail server, terminal server, etc.) that need to be configured in this way, we can use this wizard to quickly install Windows Server 2003 terminal server.

Step 1: Click “Start → Settings → Control Panel” to enter “Administrative Tools” and run “Configure Your Server Wizard”. Click "Next" in the "Welcome to configure your server wizard" window that pops up, the installation wizard will list the "preparatory steps", to ensure that these steps have been completed, click "Next."

Step 2: The wizard will check the server's network settings. After completing the check, the "Server Role" selection window will pop up (Figure 1), select "Terminal Server" and click "Next", in the next " Click "Next" in the "Select Summary" window to confirm the options you have selected.
Figure 1

Step 3: After completing the installation and configuration of the terminal server, restart the system, thus completing the quick installation of the terminal server.

2.Installing the terminal server using "Add or Remove Programs"

Step 1: Click "Start → Settings → Control Panel" to run "Add or Remove Programs" Go to the "Add/Remove Windows Components" tab and check "Terminal Server" in the "Windows Components Wizard" (Figure 2). A prompt box will pop up, click "Yes". Then display the introduction window of the terminal service, click "Next".
Figure 2

Step 2: There are two terminal server installation modes, which are full security mode and loose security mode. In general, choose the full security mode (Figure 3).
Figure 3

Step 3: After the file is copied and configured, restart the system to complete the terminal server installation.

Tip: Using Add or Remove Programs to install Terminal Server is a bit cumbersome and requires LAN administrators to manually configure certain parameters of the Terminal Server. It is recommended that ordinary users use the Configure Your Server Wizard. After

Second, the client configuration

1. Client software installed

Windows Server 2003 Terminal Server installed The LAN user must install the client software to use the terminal server resources.

Assume that the Windows Server 2003 system is installed on the server's D drive. The path of the client software on the server is "D:\\Windows\\system32\\client\\tsclient\\win32". This directory is shared on the LAN. You only need to run the installer to complete the client installation.

2. Remote login terminal server

After completing the installation of the client software, run the "Remote Desktop Connection" program (Figure 4), and fill in the IP of the terminal server in the "Computer" field. Address, such as "192.168.0.1", fill in the user name and password in the "User Name" and "Password" fields (Note: This is the account set up by the LAN administrator on the Windows Server 2003 server, not a local customer. The user name and password of the machine), and then click the "Connect" button, you can remotely log in to the terminal server.
Figure 4

Third, reasonable configuration of the terminal server

Although the Windows Server 2003 terminal server has been successfully installed, its default settings may not be satisfied The needs of LAN users, therefore, you must also properly configure the Windows Server 2003 terminal server according to the needs of users.

1. User Permission Settings

Under the default settings of Windows Server 2003 Terminal Server, only a few users can log in to the terminal server, such as administrator group users, system group users, etc. LAN users cannot use the terminal server, so add the appropriate permissions for these users on the terminal server.

First, we create a new user group "ts" and add all LAN users who want to access the terminal server to the "ts" group. On the server side, click Start → Programs → Administrative Tools → Terminal Services Configuration. In the left pane of the Terminal Services Configuration window, click Terminal Services Configuration→Connections. The RDP-Tcp Properties box is displayed, and the Permissions box is displayed. (Figure 5), click the "Add" button, enter the "Select User Group or User" form, click "Advanced" below, then click "Find Now", find the "ts" user group, click "OK".
Figure 5

Finally, in the "Permissions" box below the "Permissions" box, check the "Access" and "Guest Access" permission permissions, so you can assign "ts" "User group access to the terminal server.

2. Open the terminal server's log auditing

The log records every activity of the server, so opening the terminal server's log audit can help the LAN administrator to maintain the terminal server more effectively.

Click the "Advanced" button in the "Permissions" box on the terminal server, enter the "Audit" box, click "Add", select "ts" in the "Select Users and Groups" list box, and Click “OK” to pop up the “RDP-Tcp Audit Project” dialog box (Figure 6). After checking the items you want to review in the box, click “OK”.
Figure 6

Fourth, improve the terminal server log

When the LAN administrator opens the "Event Viewer", the terminal service log will be found to be very imperfect. If the user does not log in to the terminal server inside the LAN, there is no way to find the detailed information of the user login, which brings trouble to the maintenance of the LAN administrator. Let's take a look at the terminal server logs.

In the D directory, create two files "ts2003.BAT" (the script file that is run when the user logs in) and "ts2003.LOG" (log file).

Write the "ts2003.BAT" script file:

time /t >>ts2003.log
netstat -n -p tcp