With the impending release of Windows Server 2003 on April 24, Microsoft is making a slew of changes to the various editions of the server operation system, as well as changes to Windows Terminal Services in terms of offerings and licensing. Marcin Policht details the changes and how they'll affect you.
With Windows Server 2003 released to manufacturers on March 28, we can expect that Microsoft will make the product commercially
available as promised on April 24. With the economy in slump, the initial impact of this release won't likely be
overwhelming; nevertheless, new features introduced in Windows Server 2003 are worth exploring. In this article,
we'll focus on enhancements in the area of Windows Terminal Services, as well as cover changes in the Terminal Services Licensing.
Windows Server 2003 is strictly a server platform, but it offers a range of solutions geared towards different functionality and scalability requirements. On the lower end, Windows Server 2003 Standard Edition is intended for small business and
departmental environments. Enterprise Edition, with its improved clustering and performance enhancements, is
aimed for enterprises expecting powerful, yet economically sound solutions. Datacenter Edition meets the scalability and availability demands of mission-critical applications. These three editions are equivalent to Windows 2000 server products (Standard, Advanced, and DataCenter). New in Windows
Server 2003 is the Web Edition, offering functionality scaled down for Web serving and hosting environments.
Terminal Services functionality -- the ability to run multiple, simultaneous interactive sessions on the
server -- has been an inherent part of the operating system since the release of Windows 2000 server (due to the
multiuser kernel), and is available as well in all four versions of Windows
Server 2003 server. While all editions are capable of running Remote Desktop for Administration (known in Windows 2000 as Terminal Services in Administration mode), full Terminal Server (known previously as Application Server mode) requires Standard, Enterprise, or Datacenter Edition.
Windows Server 2003 includes new version 5.2 of the Remote Desktop Protocol,
which determines capabilities of Terminal Server session. Among the most significant
- automatic redirection of client local and network mapped drives (previously, this functionality required creating manual
- automatic redirection of audio
- automatic redirection of client time zones, which ensures that time within the session reflects location of the client device, not the
- automatic redirection of client printers, both local and network, including default printer selection (Windows 2000 supported only local printer
- automatic redirection of parallel and serial ports
- automatic reconnection of broken sessions (especially useful with wireless
- support for 24-bit color mode
- support for standard Windows shortcuts in the full screen mode
- support for dynamic bandwidth allocation (part of QoS technology)
- support for high (128 bit, two-directional) and low (40 bit, one-directional
-- from client to server only) encryption levels
- support for smard card authentication
- direct console session (last, but certainly not least)
This last feature requires some extra attention. In the previous versions of Windows servers
(Windows 2000 and Windows NT 4.0 Terminal Server Edition), it was possible to run remote sessions, but they were always separate from the console session (which, as the name indicates, required presence at the server console). While remote sessions were sufficient for majority of user and administrative tasks, there were some important exceptions, such as installation of programs outlined in the Microsoft Knowledge Base article Q247930, as well as Service Pack installations prior to Windows 2000 SP3 (as indicated in the article Q215465.)
The ability to run console RDP session eliminates these types of problems. Note that the console connection works
similiarly to XP Remote Desktop Connection. If another console session is in progress, it will be terminated, since there can be only single console session running. For the same reason, RDP console session can not be monitored from the physical console, since the console screen at the physical device will be locked as soon as the RDP session is established.
Keep in mind that the features listed above require RDP version 5.1 (introduced in Windows XP) or higher on the client
side and 5.2 (included in Windows Server 2003 servers) on the server side.
Another change in the way the Terminal Services operate is the way permissions to run Remote Desktop sessions are set. In previous versions of Windows, ability to connect to Terminal Server (in Application Server mode) was granted to anyone who had the right to
login locally to the server (in Administration mode, the right to use Terminal Services session was limited by default only to members of the local Administrators group). Windows
Server 2003 servers include a built-in group called Remote Desktop Users. In order to allow a user or members of a global/universal group to access full
Terminal Server, you simply need to add the user or group account to this group.
Microsoft greatly improved manageability of Terminal Services. This include the following features:
- new Group Policy settings specific to Terminal Services
- WMI Provider for Terminal Services, which allows configuring and querying Terminal Services via
- ADSI provider for Terminal Service specific properties of user accounts (such as Remote Assistance permissions, home and profile directory, resource redirection settings,
- the ability to specify an individual server in the Terminal Services
Manager; in previous version of Windows, you had to wait until all Windows Terminal Servers for the domain were
- printer driver mapping between server and client has been improved to provide more accurate matches. In addition, when
a match can not be found, an administrator can specify the Trusted Driver Path to be used when searching for other printer drivers allowed on the Terminal
- single session policy allows limiting user access to one or more Terminal Servers to a single session.
In the area of scalability, Microsoft is introducing support for Session Directory. This improves manageability of Terminal Server Network Load Balancing clusters. Session Directory, which operates as a service on a Windows
Server 2003 Enterprise or Datacenter server (typically a member of the cluster) keeps track of existing sessions and if one of them gets disconnected, it ensures that the reconnection attempt is redirected to the server where original session is still running. In the previous version of Windows, this was not the case, so there was a chance that reconnection attempt would result in creation of a new session on a different server.
Finally, there are also significant differences in Terminal Services licensing mechanism:
- it is possible to limit the Terminal Servers that are able to obtain Client Access Licenses for clients connecting to them. This is done by adding computer accounts of these servers to the local group called Terminal Services Licensing which exists on the Terminal Services Licensing server (server which has Terminal Services Licensing component
- in addition to previously available per-device Client Access Licenses, per-user Client Access Licenses are also
- External Connector Licensing replaces Internet Connector Licensing available in Windows
- The Operating System Equivalency Provision is removed.
The last item requires some additional explanation. In the previous versions of Windows Terminal Services, Client Access Licenses were not required for client devices running the same (or newer) version of the operating system as the server. This meant that if your clients had installed Windows 2000 or Windows XP Professional and were connecting to Windows 2000 or Windows NT 4.0 Terminal Servers, you did not have to purchase any Terminal Server Client Access Licenses. Starting with the release date of Windows 2003 server platform (i.e. April 24, 2003), all newly purchased Windows client devices (regardless of the operating system) will require a separate TS Client Access License in order to connect to Windows 2003 Terminal Server.
Note that this means that the new licensing requirement does not apply to all purchases of Windows XP prior to April 24. In addition, companies
that have signed with Microsoft Software Assurance program are also not subjected to this new rule.