Solved

microsoft Terminal Server

Posted on 2013-12-04
19
199 Views
Last Modified: 2013-12-16
Hi Guys ,

I would like your suggestion:

I have some customer with 2 branches and 4 users in each branch, for now there is just 8 workstation and there is no server. The customer purchased new application and would like to centralize access for users from both branches....basically the customer doesn't have much many to invest.

My suggestion to the customer:

I offered the customer to install for him Microsoft terminal server but after I thought about that I found that I need more then one server to do it properly and to do it properly for me its installing DC and another terminal server etc....

I have another idea to install physical hyper-v server and on top 2 virtual servers ,one DC and one terminal server, but it seems that it will cost more than expected.

my question is:

can I install terminal server without Active directory dependency (like stand alone  terminal server)?

is this a good idea?

Please , let me know if you have any other idea with minimum cost.


Thx  ,
0
Comment
Question by:Moti Mashiah
  • 9
  • 5
  • 4
  • +1
19 Comments
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
I have not done this before in workgroup but it should work.

You can deploy application on workgroup server 1st and then install terminal server role and create local users on the same and grant them access to server.

Terminal Server Client access licensing (CAL) should be like below
If you are user count is more than client computers, then take per device (Computer licenses) CALs
If you have computer count more than users, then take per user CALs

This will save deployment of AD on dedicated servers and hardware for the same

Mahesh
0
 
LVL 13

Expert Comment

by:Andy M
Comment Utility
You may also want to check with the application vendor that it will work correctly on a Terminal Server and is supported - some applications will not function correctly on remote desktop connections, plus there may be licensing concerns depending on how many users will be accessing it.
0
 
LVL 1

Author Comment

by:Moti Mashiah
Comment Utility
Thank you very much for your quick respond.

I also would like your idea regarding GPO.

probably I have to go with the local GPO idea it could be any issue with that?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Yes, with local GPO you can manage terminal sever aspects with local users
Probably you need to edit local security policy on server through gpedit.msc and allow users to logon through terminal services user right
Also you need to add local users to Remote desktop users group on server
In Administrative templates, under windows Components\Remote Desktop Services you will find terminal server more settings
Also you can put restrictions on users what they can do and can't do on terminal server through same local group policy.

Also same time I am totally agree with Morty, he has raised very valid point...

Mahesh
0
 
LVL 1

Author Comment

by:Moti Mashiah
Comment Utility
Hi guys ,

i have checked with the application vendor and verify already that the application support terminal all of their customer use it with terminal.

regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?

it is my first time to deploy terminal server without DC.

btw,

maybe I should install Dc and terminal server on the same server and then solve all my problem:):) although I don't like to do it that way.
0
 
LVL 16

Expert Comment

by:Nyaema
Comment Utility
In Windows Server 2008 and 2012, Terminal Services has been renamed to "Remote Desktop Services". I assume you are running on one of these two platforms.

For this setup, you do not need to configure any GPOs, by default members of the "Remote Desktop Users" group have the "Allow logon through remote desktop services"  (new name for "Allow logon through terminal services").

You do not need to install active directory or a domain controller.  You just need to create the 8 local users on your Remote Desktop Server corresponding to your remote users.  Add the users to the "Remote Desktop Users" group.

Add the "Remote Desktop Server" role and its "Remote Session Host" and "Remote Desktop Licensing" role services.
Choose your licensing model per device or per user. This on what kind of licenses you have bought.  If your users are going to access the RDP Server from more than one host i.e. not only their desktops in the branches, then choose per user, otherwise per device will surfice, i.e. 10 Device CALS.  Install the purchased licenses.

Install your appications, make sure RDP traffic is allowed at your firewall/router and redirected to your server, give your users theirs login credentials and IP/URL, and you are good to go.
0
 
LVL 16

Expert Comment

by:Nyaema
Comment Utility
You will also need to check that the application you are installing is 64bit compatible, otherwise you will need to install the 32 bit version of Windows Server 2008, or Windows Server 2003.
Microsoft permits downgrade rights for new purchases of Server 2012 licenses
0
 
LVL 1

Author Comment

by:Moti Mashiah
Comment Utility
Guys ,

please , respond my question I know how to install terminal server it wasn't my question.

My question was:

regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?
0
 
LVL 1

Author Comment

by:Moti Mashiah
Comment Utility
regarding my post below it is mean when I have stand alone server.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 16

Expert Comment

by:Nyaema
Comment Utility
You referring to "terminal server". means you are intend on installing server 2003???  Please clarify...

If you wish to apply restrictive policies using GPOs and also exclude some users like the administrator from being affected by it, then only way I know you achieve that is by installing Active Directory, and doing this from group policy manager.
0
 
LVL 1

Author Comment

by:Moti Mashiah
Comment Utility
Thank you very much this is exactlly the answer I was looking for to my last question :)

Thank you all for all the advices.

Sorry, that I was a bit confusing I meant to say "remote desktop services".

My decision after your suggestions:

I decided to install AD and remote desktop services on the same physical server create users by AD level and add them to the Remote desktop group plus apply on these users GPO and exclude my self and the other administrator from this GPO
0
 
LVL 1

Author Comment

by:Moti Mashiah
Comment Utility
Thank you all for all your advices.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
What's the difference, you can use same group polices through local group policy on workgroup server for local users ?

Mahesh
0
 
LVL 16

Expert Comment

by:Nyaema
Comment Utility
@mahesh.   How would you filter out to whom local group polices apply to?
0
 
LVL 1

Author Comment

by:Moti Mashiah
Comment Utility
Exactly how are you going to filter out users?

This is the reason why I decided to install AD.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
There are only 8 users.
Why you want to filter this amount of users..?
Local group polices will apply to all local users
According to me, Deployment of Active Directory only for managing 1 application server with 8 users is not appropriate.
Then he need to take Ad system state backup and so on.

Mahesh
0
 
LVL 1

Accepted Solution

by:
Moti Mashiah earned 0 total points
Comment Utility
Please , read the posts above and you will get the idea why I'm going to install AD
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
Comment Utility
I have to mention that the multiple answers give u an idea but the best solution it was mine
0
 
LVL 16

Expert Comment

by:Nyaema
Comment Utility
No points Motimash??

Fastest way to get experts to avoid your questions.  Notice you do this quite a lot.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now