Microsoft Remote Desktop Services [RDS] allows users to access centralized applications and workstations in the data center remotely. Microsoft RDS is the new expanded and renamed Microsoft Terminal Services. In this post I will document the implementation of RDS in my home lab using an ‘all-in-one’ configuration.
vBoring Blog Series:
- Setup Remote Desktop Services in Windows Server 2012 R2
- Setup RD Licensing Role on Windows Server 2012 R2
- Setup RD Gateway Role on Windows Server 2012 R2
Server Roles in RDS:
There are three core roles to setup a RDS environment and are as follows:
- Remote Desktop Session Host [RDSH]: Applications are installed and published from the Session Host servers.
- Remote Desktop Connection Broker [RDCB]: This role handles user sessions by load balancing among the RD Session Host servers. Also allows disconnected users to reconnect to their existing sessions without starting a new one.
- Remote Desktop Web Access [RDWA]: This role provides a web portal to access the RDS environment. Also allows Windows 7 & 8 desktops to connect using the RemoteApp and Desktop Connection.
The follows roles are not required but add additional abilities to RDS:
- Remote Desktop Gateway [RDG]: This role enables remote users to use the Remote Desktop Protocol (RDP) over HTTPS. It is placed on the edge of your network and acts as the entry point to your RDS environment externally.
- Remote Desktop Virtualization Host [RDVH]: This allows RDS integration with a Hyper-V hypervisor to manage virtual desktops
- Licensing: RDS comes with a 120 day trial period. When the trial period ends RDS will no longer accept connections. The RDS License role handles the licensing for RDS.
For additional reading about the roles for RDS check out the Microsoft RDS Overview
Installing RDS Roles:
When setting up RDS you have the option of running the three core roles run on a single server or separate each role onto its own server. If you are setting RDS up for a lab or a small environment then a all-in-one setup would save you hardware resources. If your environment is large you will want to separate these roles to spread the resources across multiple servers. No matter which setup you pick they both can scale outward depending on user growth.
For my documentation I went with a single server called a Quick Start setup. To start open Server Manager then click Manager -> Add Roles and Features
Change the selection to Remote Desktop Services Installation then click Next
In my environment I will have the three core RDS roles running on a single VM (all-in-one con. If you have a large number of users you will run through the Standard deployment where the three core services run on separate servers.
If you pick a Quick Start setup you can add additional servers to each role to allow expansion. Either option will allow you to grow with your environment!
We are setting up application publishing. Change selection to Session-based desktop deployment and click Next
Since we did the Quick Start selection the Connection Broker, Web Access and Session Host roles will be installed on the single server. Click Next
Check the box labeled Restart the destination server automatically if required then click Deploy
Here is what the progress window looks like. In my install it rebooted after the Remote Desktop Services role but did not for Session Collection and RemoteApp.
Once finished click Close. Remote Desktop Services is now installed!
A collection is a logical grouping of RDSH servers that application can be published from. Note: Each RDSH server can only participate in a single collection
If you went through the Quick Setup of RDS it will create a collection called “QuickCollection” that contains the applications Wordpad, MS Paint, and Calculator.
To add applications to the collection, click Tasks -> Publish RemoteApp Programs
It will scan your RDSH for installed applications and display them in a list. I have the vSphere Client installed, select your application then click Next
Confirm your application selection(s) and click Publish
Click Close to complete the publish process
RemoteApp Global Permissions:
By default the QuickSessionCollection gives all Domain Users access to Remote App programs. To change this click Tasks -> Edit Properties
Click User Groups. If you wanted to add or remove users Click Add and search.
If you want to remove Domain Users you must first add a user or group first before you can remove it. (There has to be at least 1 in User Groups)
Once you have a second user or group you can now remove Domain Users.
Remember this is at the Collections level. By default all RemoteApp programs inherit these permissions.
RemoteApp Program Permissions:
If you want to change the inherent permissions of a RemoteApp, select the application -> right click and click Edit Properties
Click User Assignment -> then change the option to Only specified users and groups. You can now Add and Remove the permissions inherit from the collection. In my example I wanted only my VMware Admins AD group to have permission to the vSphere Client. Click Apply and Ok to save you changes.
Accessing RemoteApp Programs via the Web Access:
To access your newly deployed RDS environment enter the following address of your RDWeb Access into your browser. Allow the add-on to run if prompted.
Once logged in you will see applications that you have access to. If you went through the Quick Setup of RDS it will have created a “Collection” that contains Calculator, MS Paint and Wordpad. Click on a application to launch it. If you get a certificate error click Continue.
The application should launch! If you go to Help -> About you will see Server 2012 instead of the local OS. The application is being ran on the RDSH server and are only viewing it via RDS.
Continue reading – Part 2: Setup RD Licensing Role on Windows Server 2012 R2