dmci
asked on
Which Remote Desktop Client Access is used on a W2K3 terminal server when Admin logs in?
When a member of the Administrators Group logs into a W2K3 terminal server using Remote Desktop (RD) Client, which access is used on the server: RD for Administration or a standard Terminal Server CAL? If someone insists on logging in as Administrator to run Applications -- not perform server administration -- what is the impact on the application performance if the User's session is disconnected or a Screen saver kicks in on the terminal server?
I found a reference that explains the remote access environment when a member of the Administrator's group remotely logs into a Windows 2008 server without vs with Terminal Services installed, but I cannot find a similar comparison for Windows 2003 in plain English.
A link to any formal documentation that details this would be greatly appreciated, even if it only says there is no difference.
I found a reference that explains the remote access environment when a member of the Administrator's group remotely logs into a Windows 2008 server without vs with Terminal Services installed, but I cannot find a similar comparison for Windows 2003 in plain English.
A link to any formal documentation that details this would be greatly appreciated, even if it only says there is no difference.
it depends upon the mode of the server it has been configured,whether its a remote administration server or application mode server.
Any user logging in with Admin privileges will gain admin access in Remote Terminal administration server. Normal users will not be able to do any admin tasks. If it is application mode, then it will be used just to connect to a application through Remote desktop client.
Normally, when you disconnect from the terminal session, the session will be still running on the server. You can again login and start from the point you got disconnect. But remember, you can define the Terminal policies on how you want your terminal sessions.
Below is the link that may be helpful to you:
http://www.comptechdoc.org/os/windows/win2k/win2kterminal.html
Any user logging in with Admin privileges will gain admin access in Remote Terminal administration server. Normal users will not be able to do any admin tasks. If it is application mode, then it will be used just to connect to a application through Remote desktop client.
Normally, when you disconnect from the terminal session, the session will be still running on the server. You can again login and start from the point you got disconnect. But remember, you can define the Terminal policies on how you want your terminal sessions.
Below is the link that may be helpful to you:
http://www.comptechdoc.org/os/windows/win2k/win2kterminal.html
ASKER
Just lost my detailed response, the buttons aren't showing up properly on my home screen. I believe the system is set up in application mode, but I'm not totally sure how to verify that. I will respond to the comments and questions tomorrow with a bit more background. Checked the link provided by GHouseAdmin and it still isn't really clear when a member of the Administrators Group logs in to a W2K3 TS-- with no special switches, ie. /console or /admin -- whether they are using the RD for Administration by virtue of the group membership, or whether the system just uses a standard TS CAL.
ASKER
After reading your responses, also did a bit more research this a.m. I am rewording the basic question is actually a two parter:
When the W2K3 Administrator remotely logs into a W2K3 Terminal Server, does that admin user use one of the two bulit-in Remote Desktop for Admnistration CALs, or does that login use a TS CAL?
When a member of the Administrator Group, who is also listed in the Remote Desktop Group, remotely logs into a W2K3 Terminal Server, does that User use of the two built-in Remote Desktop for Administration (RDforA) CALs, or does that login use a TS CAL? Additionally, if one or both of the RD for A CALs are in use, and another member of the Administrator group remotely logs into the same TS, will that user then be applied against an available TS CAL, or will that user be denied access?
Reference the comment by TheHiTechCoach, we inherited these TS servers and had little to no input into their build or configuration. I am working to reduce the large number of Users with full Admin rights, some of whom are essentially Application Managers who believe they must have full admin access to perform their functions. My research indicates that if I move these persons into the Power User group, they should be able to do most if not all necessary functions, i.e. add users, install programs, create directories, etc. Unfortunately, politics rather than security and technology is a factor that I have to overcome to implement this.
Mind you this all started because the primary Application manager, who insists on logging in as Administrator, complained that when he is running reports on the TS (which can take several hours to complete) the screen saver kicks in on the terminal server and ends the session. Thus forcing him to start all over again. Note that at this time, there are no limits on sessions, disconnects, etc.
I know best practice says screen savers should be turned off for TS users, but I feel that when the Administrator is logged in, locally or remotely, there should be a screen saver in effect.
Anyway, have to go to a meeting. Would really appreciate it if someone could answer the questions above. Thanks ahead of time.
When the W2K3 Administrator remotely logs into a W2K3 Terminal Server, does that admin user use one of the two bulit-in Remote Desktop for Admnistration CALs, or does that login use a TS CAL?
When a member of the Administrator Group, who is also listed in the Remote Desktop Group, remotely logs into a W2K3 Terminal Server, does that User use of the two built-in Remote Desktop for Administration (RDforA) CALs, or does that login use a TS CAL? Additionally, if one or both of the RD for A CALs are in use, and another member of the Administrator group remotely logs into the same TS, will that user then be applied against an available TS CAL, or will that user be denied access?
Reference the comment by TheHiTechCoach, we inherited these TS servers and had little to no input into their build or configuration. I am working to reduce the large number of Users with full Admin rights, some of whom are essentially Application Managers who believe they must have full admin access to perform their functions. My research indicates that if I move these persons into the Power User group, they should be able to do most if not all necessary functions, i.e. add users, install programs, create directories, etc. Unfortunately, politics rather than security and technology is a factor that I have to overcome to implement this.
Mind you this all started because the primary Application manager, who insists on logging in as Administrator, complained that when he is running reports on the TS (which can take several hours to complete) the screen saver kicks in on the terminal server and ends the session. Thus forcing him to start all over again. Note that at this time, there are no limits on sessions, disconnects, etc.
I know best practice says screen savers should be turned off for TS users, but I feel that when the Administrator is logged in, locally or remotely, there should be a screen saver in effect.
Anyway, have to go to a meeting. Would really appreciate it if someone could answer the questions above. Thanks ahead of time.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
While the input from the two responders was appreciated,neither really answered the question(s) or really provided any new information beyond what I have already learned up to that point. So no award points to go out.
Why would a normally used account have admin permissions. I find it best to have only a a few accounts with Admin permissions. My normally log on is does not even have admin permission on any server.