Terminal Services in remote administration mode -- 2003

It is no longer necessary to install Terminal Services in Remote Administration mode (now called Remote Desktop for Administration). When you install one of the Windows Server 2003 family operating systems, Remote Desktop for Administration is installed automatically. To use Remote Desktop for Administration, you must first enable remote connections. For more information


To enable or disable Remote Desktop
Using Group Policies (best practice)
1.
Open Group Policy.

2.
In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, double-click the Allows users to connect remotely using Terminal Services setting.

3.
Do one of the following:

• To enable Remote Desktop, click Enabled.

• To disable Remote Desktop, click Disabled.

If you disable Remote Desktop while users are connected to the target computers, the computers maintain their current connections, but will not accept any new incoming connections.



Important

When you enable Remote Desktop on a computer, you enable the capability for other users and groups to log on remotely to the computer. However, you must also decide which users and groups should be able to log on remotely, and then manually add them to the Remote Desktop Users group. For more information, see Enabling users to connect remotely to the server and Add users to the Remote Desktop Users group.

You should thoroughly test any changes you make to group Policy settings before applying them to users or computers. Fore more information about testing policy settings, see Resultant Set of Policy

Note

• To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

• Use the above procedure to configure the local Group Policy object. To change a policy for a domain or an organizational unit, you must log on to the primary domain controller as an administrator. Then, you must start Group Policy by using the Active Directory Users and Computers snap-in.

• If the Allows users to connect remotely using Terminal Services Group Policy setting is set to Not Configured, the Enable Remote Desktop on this computer setting (on the Remote tab of the System Properties dialog box) on the target computers takes precedence. Otherwise, the Allows users to connect remotely using Terminal Services Group Policy setting takes precedence.

• Be aware of the security implications of remote logons. Users who log on remotely can perform tasks as though they were sitting at the console. For this reason, you should ensure that the server is behind a firewall. For more information, see VPN servers and firewall configuration and Security information for IPSec.

• You should require all users who make remote connections to use a strong password. For more information, see Strong passwords.

• Remote Desktop is disabled by default in Windows Server 2003 operating systems.


Using System Properties
1.
Open System in Control Panel.

2.
On the Remote tab, select or clear the Enable Remote Desktop on this computer check box, and then click OK.


Important

When you enable Remote Desktop on a computer, you enable the capability for other users and groups to log on remotely to the computer. However, you must also decide which users and groups should be able to log on remotely, and then manually add them to the Remote Desktop Users group. For more information, see Enabling users to connect remotely to the server and Add users to the Remote Desktop Users group.

Note

• You must be logged on as a member of the Administrators group to enable or disable Remote Desktop.

• To open a Control Panel item, click Start, click Control Panel, and then double-click the appropriate icon.

• Any configuration set with Group Policy overrides the configuration set by using System properties, as described in this procedure.

• Be aware of the security implications of remote logons. Users who log on remotely can perform tasks as though they were sitting at the console. For this reason, you should ensure that the server is behind a firewall. For more information, see VPN servers and firewall configuration and Security information for IPSec.

• You should require all users who make remote connections to use a strong password. For more information, see Strong passwords.

• Remote Desktop is disabled by default in Windows Server 2003 operating systems.