Saturday, April 23, 2011

PostHeaderIcon Remote Desktop Administration and Management

Remote Desktop Administration and Management:

    The RemoteApp and Desktop Connection Web application gives IT administrators a single
place to manage and assign resources for their users. Changes made here are directly
reflected in the RemoteApp and Desktop Connection Control Panel for Windows 7 users,
and in the applications and virtual desktops that users connecting from earlier versions of
see when they log in to the RD Web Access server, as shown in Figure 4-2
50 CHAPTER 4 Remote Desktop Services
and VDI: Centralizing Desktop
and Application Management
Figure 4-2 The RemoteApp and Desktop Connection page from a Windows XP SP3 computer.
The Windows 7 computer of the same user directly integrates these same links into the
user’s Start menu, as shown in Figure 4-3.

Figure 4-3 RemoteApp and Desktop Connections are directly integrated into the Windows 7 Start menu.
Whenever an administrator makes changes to the available programs or virtual desktops,
both the RD Web Access page and the user’s Start menu are dynamically updated without
further intervention.
(Re)introducing Remote Desktop Services and VDI CHAPTER 4 51

 Windows PowerShell Module:

     Windows Server 2008 R2 includes a new Windows PowerShell module, the RemoteDesktopServices
module, that includes both cmdlets and a full RDS Provider, as shown in Figure 4-4.

Figure 4-4 The RemoteDesktopServices module for Windows PowerShell includes both cmdlets and a
For those new to Windows PowerShell, a brief explanation of providers is in order. In
Windows PowerShell, providers are a way to view and navigate information in a hierarchical
way as if the providers were drives on the computer. In fact, the FileSystem is implemented as
a provider. This means that when you type dir c:\ at the Windows PowerShell prompt, what
you’re actually doing is asking Windows PowerShell to give you the children of the C drive
of the FileSystem provider. (The dir command is an alias for Get-ChildItem.) Windows PowerShell
implements the Windows Registry as a provider as well, so you issue the command
dir HKLM:\System\CurrentControlSet to see what the HKeyLocalMachine registry
hive has in the System\CurrentControlSet container.
With the RemoteDesktopServices provider, the “drive” is RDS:. Beneath that top level we
have RDSConfiguration, GatewayServer, LicenseServer, RDSFarms, ConnectionBroker, and
RemoteApp containers. With the RDS Windows PowerShell module, you can configure and
manage all RDS role services and components using Windows PowerShell. For example, you
can do the following:
52 CHAPTER 4 Remote Desktop Services
and VDI: Centralizing Desktop
and Application Management
  1. View and edit configuration settings of Remote Desktop Server
  2. Publish RemoteApp applications
  3. Configure License Server
  4. Create and configure a Remote Desktop server farm
  5. Configure and assign virtual Internet Protocol (IP) addresses to either sessions or applications
  6. Create and manage RDV (VDI) pools
  7. Create and manage Gateway Resource Access and Client Access policies
For example, with Windows PowerShell, you can quickly get a list of the personal virtual
desktop assigned to a particular user:
PSH> import-module RemoteDesktopServices
PSH> $cred = Get-Credential
PSH> Get-VirtualDesktop –user example\charlie –credential $cred
Name AssignedTo Host
---- ---------- ----
xmpl-vdi-92.example.local EXAMPLE\Charlie HOST-9.example.local
Because the RDS team implemented their Windows PowerShell support primarily as a provider,
it’s easy to navigate and investigate the functionality available, and also easy to get help
on how to do tasks. So, for example, if you want to know what the parameters are for creating
a new RemoteApp using Windows PowerShell, you just ask Windows PowerShell to tell you,
as shown in Figure 4-5.
You can also use Windows PowerShell to quickly get or set the value of various RDS settings,
as shown in Figure 4-6.
(Re)introducing Remote Desktop Services and VDI CHAPTER 4 53

Figure 4-5 Using the Get-Help command with the –path parameter to get specific help on creating

Figure 4-6 Getting the ConnectionBrokerSettings.
To change the session settings to disable new connections, the command would be as
RDS:\RDSConfiguration> Set-Item –path .\SessionSettings\AllowConnections 0
54 CHAPTER 4 Remote Desktop Services
and VDI: Centralizing Desktop
and Application Management

Windows 7 and RDS (Better Together)

   Users running Windows 7 will have an enhanced user experience when using Remote Desktop.
Not only will they have more direct access to applications and desktops through the
RemoteApp and Desktop Connection (RAD) link in the Control Panel, but the overall experience
is more natural and integrated. RemoteApps are directly integrated into the Start menu,
Taskbar, and system tray, so that many users will be unable to tell whether a program is running
locally or remotely.

Improved User Experience

     The improved user experience with Remote Desktop Services and Windows 7 clients includes
the following features:
   1. Multimedia redirection This feature provides high-quality multimedia by redirecting
multimedia files and streams so that audio and video content is sent in its original
format from the server to the client and rendered using the client’s local media playback
   2. True multimonitor support Remote Desktop Services enables support for up
to 10 monitors in almost any size, resolution, or layout with RemoteApp and remote
desktops. Applications will behave just like they do when running locally in multimonitor
    3. Audio input and recording VDI supports any microphone connected to a user’s
local machine and enables audio recording support for RemoteApp and Remote Desktop.
This is useful for Voice over Internet Protocol (VoIP) scenarios and also enables
speech recognition.
    4. Windows Aero support VDI provides users with the ability to use the Windows
Aero user interface for client desktops, ensuring that remote desktop sessions look and
feel like local desktop sessions.
     5. DirectX redirection Improvements in DirectX 9, 10, and 11 application rendering,
and support for the new DirectX 10.1 application programming interfaces (APIs)
that allow DirectX (2D& 3D) graphics to be redirected to the local client to harness the
power of the graphical processing unit (GPU) on the user’s local device, remove the
need for a GPU on the server.
    6. Improved audio/video synchronization Remote Desktop Protocol (RDP)
improvements in Windows Server 2008 R2 are designed to provide closer synchronization
of audio and video in most scenarios.
    7. Language bar redirection Users can control the language setting of RemoteApp
programs using the local language bar.
    8. Task Scheduler Improvements keep scheduled applications from interacting with
users running RemoteApps, avoiding confusion.
Enabling VDI CHAPTER 4 55

 RA D Control Panel

     The RAD Control Panel applet, part of Windows 7, provides a simple way to configure
RemoteApp and VDI directly into the user’s Start menu. Plus, once the initial connection is
made, applications and desktops are automatically updated as the administrator configures
the available applications and desktops, simplifying management and deployment.

Configuring RemoteApp and Desktop Connection

      To change the settings for RAD, use the Remote Desktop Connection Manager console, as
shown in Figure 4-7.

Figure 4-7 The Remote Desktop Connection Manager console.
The Remote Desktop Connection Manager connects to an RD Connection Broker, and
allows you to configure the RD Virtualization Host servers and the personal and pooled
virtual desktops they provide, along with designating the RemoteApp sources that will be
available to the RD Connection Broker.

Enabling VDI

   Windows Server 2008 R2 adds support for both personal and pooled virtual desktops.
Enabling that VDI support requires setting up and configuring an RD Virtualization Host, an
RD Session Host, an RD Connection Broker, and an RD Web Access server, although these
and VDI: Centralizing Desktop
and Application Management
different roles can be combined as appropriate for your environment. The basic steps to
enabling VDI are as follows:
   1. Enable the RD Virtualization Host role service of the Remote Desktop Services role.
This will also enable the Hyper-V role.
Note E nabling the Hyper-V role requires hardware that supports hardware virtualization.
This might require an updated BIOS. The BIOS must be configured to support both
hardware virtualization and hardware Data Execution Protection.
  2. Enable an RD Session Host. This is required both for VDI and to provide RemoteApp
  3. Enable an RD Connection Broker and an RD Web Access server.
  4. Export the Secure Sockets Layer (SSL) certificate for the RD Web Access computer. This
will be imported onto the virtual machines (VMs).
  5. Create the VMs that will be used, configuring them as appropriate. These will be used
either as part of a VDI pool or as personal VMs.
     • Add the SSL machine certificate from the RD Web Access computer to them.
     • Enable Remote Access.
     • Allow Remote RPC for RDS in the registry.
     • Enable Remote Service Management in Windows Firewall.
     • Add RDP protocol permissions to the VMs.
     • Configure the VMs for rollback if they’re part of a VDI pool.
  6. Add the RD Web Access computer to the TS Web Access Computers local group on the
RD Connection Broker.
  7. Add the RD Connection Broker computer as a source for the RD Web Access computer,
as shown in Figure 4-8.

Figure 4-8 Configure RD Web Access to use an RD Connection Broker as a source.
  8. Configure the VDI Pool and assign any Personal Virtual Desktops on the RD Connection
Broker as shown in Figure 4-9.

Figure 4-9 Adding virtual machines to a Virtual Desktop Pool.
58 CHAPTER 4 Remote Desktop Services
and VDI: Centralizing Desktop
and Application Management
   9. Add applications to the RemoteApp server and make them available as RemoteApps.
  10. Log on to the client computer as an administrator and import the machine SSL certificate
from the RD Web Access server.
   11. Log on to the client computer and set up the RemoteApp and Desktop Connection.
Yes, this is fairly complicated, but most of these steps are performed one time only, or can
be easily automated.
Integrating Remote and Local Applications with


   RemoteApp for Windows Server 2008 R2 gives you the ability to provide your users with an
integrated and transparent mixture of local and remote applications. For applications that
behave best when run locally, or that are used when not connected to the network, you can
install the applications locally, while providing access to other applications using RemoteApp
where appropriate. Applications running remotely can even control the file extensions on the
client computer, providing a transparent experience for the user.
To configure remote applications to take over the local file extensions, you need to create
a Windows Installer (.msi) package for them and install the package locally (or use Group
Policy to deploy the resulting .msi package), following these steps:
1. Open RemoteApp Manager and connect to the RD Session Host that hosts the application
you want to deploy.
2. Click Add RemoteApp Program to open the RemoteApp Wizard. Click Next and select
the program or programs you want to add, as shown in Figure 4-10.

Figure 4-10 Adding a program with the RemoteApp Wizard.
Working Over the Web: Web Access CHAPTER 4 59
3. Click Next and then click Finish to return to the RemoteApp Manager.
4. Select the program in the list of RemoteApp programs and click Create Windows
Installer Package in the Actions pane.
5. Click Next to open the Specify Package Settings page. Make any changes here that are
appropriate for your environment.
6. Click Next to open the Configure Distribution Package page shown in Figure 4-11.

Figure 4-11 The Configure Distribution Package page of the RemoteApp Wizard.
7. Select the Associate Client Extensions For This Program With The RemoteApp Program
check box. Also select the Desktop check box if you want the user to have a shortcut to
this application on his or her desktop.
8. Click Next and then click Finish to create the .msi package, which can be installed on
users’ computers.

Working Over the Web: Web Access

       Windows Server 2008 R2 provides access to RemoteApp programs and desktops using the RD
Web Access role for all versions of Windows that support at least RDP version 6.0 or later. This
includes Windows Vista SP1 and Windows XP SP3.
Users can connect to the resources of your RDS environment, including virtual desktops,
from supported clients using direct RemoteApp and Desktop Connection, or over the Web
using the Remote Desktop Gateway. This enables users to have consistent access to corporate
resources without having to use a virtual private network (VPN) connection. Figure 4-12
shows the typical RD Web Access connection through an RD Gateway.
and VDI: Centralizing Desktop
and Application Management