?
Solved

microsoft Terminal Server

Posted on 2013-12-04
19
Medium Priority
?
207 Views
Last Modified: 2013-12-16
Hi Guys ,

I would like your suggestion:

I have some customer with 2 branches and 4 users in each branch, for now there is just 8 workstation and there is no server. The customer purchased new application and would like to centralize access for users from both branches....basically the customer doesn't have much many to invest.

My suggestion to the customer:

I offered the customer to install for him Microsoft terminal server but after I thought about that I found that I need more then one server to do it properly and to do it properly for me its installing DC and another terminal server etc....

I have another idea to install physical hyper-v server and on top 2 virtual servers ,one DC and one terminal server, but it seems that it will cost more than expected.

my question is:

can I install terminal server without Active directory dependency (like stand alone  terminal server)?

is this a good idea?

Please , let me know if you have any other idea with minimum cost.


Thx  ,
0
Comment
Question by:Moti Mashiah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 4
  • +1
19 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39695227
I have not done this before in workgroup but it should work.

You can deploy application on workgroup server 1st and then install terminal server role and create local users on the same and grant them access to server.

Terminal Server Client access licensing (CAL) should be like below
If you are user count is more than client computers, then take per device (Computer licenses) CALs
If you have computer count more than users, then take per user CALs

This will save deployment of AD on dedicated servers and hardware for the same

Mahesh
0
 
LVL 14

Expert Comment

by:Andy M
ID: 39695242
You may also want to check with the application vendor that it will work correctly on a Terminal Server and is supported - some applications will not function correctly on remote desktop connections, plus there may be licensing concerns depending on how many users will be accessing it.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 39695246
Thank you very much for your quick respond.

I also would like your idea regarding GPO.

probably I have to go with the local GPO idea it could be any issue with that?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 37

Expert Comment

by:Mahesh
ID: 39695269
Yes, with local GPO you can manage terminal sever aspects with local users
Probably you need to edit local security policy on server through gpedit.msc and allow users to logon through terminal services user right
Also you need to add local users to Remote desktop users group on server
In Administrative templates, under windows Components\Remote Desktop Services you will find terminal server more settings
Also you can put restrictions on users what they can do and can't do on terminal server through same local group policy.

Also same time I am totally agree with Morty, he has raised very valid point...

Mahesh
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 39695290
Hi guys ,

i have checked with the application vendor and verify already that the application support terminal all of their customer use it with terminal.

regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?

it is my first time to deploy terminal server without DC.

btw,

maybe I should install Dc and terminal server on the same server and then solve all my problem:):) although I don't like to do it that way.
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 39695428
In Windows Server 2008 and 2012, Terminal Services has been renamed to "Remote Desktop Services". I assume you are running on one of these two platforms.

For this setup, you do not need to configure any GPOs, by default members of the "Remote Desktop Users" group have the "Allow logon through remote desktop services"  (new name for "Allow logon through terminal services").

You do not need to install active directory or a domain controller.  You just need to create the 8 local users on your Remote Desktop Server corresponding to your remote users.  Add the users to the "Remote Desktop Users" group.

Add the "Remote Desktop Server" role and its "Remote Session Host" and "Remote Desktop Licensing" role services.
Choose your licensing model per device or per user. This on what kind of licenses you have bought.  If your users are going to access the RDP Server from more than one host i.e. not only their desktops in the branches, then choose per user, otherwise per device will surfice, i.e. 10 Device CALS.  Install the purchased licenses.

Install your appications, make sure RDP traffic is allowed at your firewall/router and redirected to your server, give your users theirs login credentials and IP/URL, and you are good to go.
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 39695444
You will also need to check that the application you are installing is 64bit compatible, otherwise you will need to install the 32 bit version of Windows Server 2008, or Windows Server 2003.
Microsoft permits downgrade rights for new purchases of Server 2012 licenses
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 39695474
Guys ,

please , respond my question I know how to install terminal server it wasn't my question.

My question was:

regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 39695478
regarding my post below it is mean when I have stand alone server.
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 39695533
You referring to "terminal server". means you are intend on installing server 2003???  Please clarify...

If you wish to apply restrictive policies using GPOs and also exclude some users like the administrator from being affected by it, then only way I know you achieve that is by installing Active Directory, and doing this from group policy manager.
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 39695731
Thank you very much this is exactlly the answer I was looking for to my last question :)

Thank you all for all the advices.

Sorry, that I was a bit confusing I meant to say "remote desktop services".

My decision after your suggestions:

I decided to install AD and remote desktop services on the same physical server create users by AD level and add them to the Remote desktop group plus apply on these users GPO and exclude my self and the other administrator from this GPO
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 39695734
Thank you all for all your advices.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39695770
What's the difference, you can use same group polices through local group policy on workgroup server for local users ?

Mahesh
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 39695818
@mahesh.   How would you filter out to whom local group polices apply to?
0
 
LVL 1

Author Comment

by:Moti Mashiah
ID: 39695839
Exactly how are you going to filter out users?

This is the reason why I decided to install AD.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39695866
There are only 8 users.
Why you want to filter this amount of users..?
Local group polices will apply to all local users
According to me, Deployment of Active Directory only for managing 1 application server with 8 users is not appropriate.
Then he need to take Ad system state backup and so on.

Mahesh
0
 
LVL 1

Accepted Solution

by:
Moti Mashiah earned 0 total points
ID: 39703546
Please , read the posts above and you will get the idea why I'm going to install AD
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
ID: 39713609
I have to mention that the multiple answers give u an idea but the best solution it was mine
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 39722203
No points Motimash??

Fastest way to get experts to avoid your questions.  Notice you do this quite a lot.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question