microsoft Terminal Server
Hi Guys ,
I would like your suggestion:
I have some customer with 2 branches and 4 users in each branch, for now there is just 8 workstation and there is no server. The customer purchased new application and would like to centralize access for users from both branches....basically the customer doesn't have much many to invest.
My suggestion to the customer:
I offered the customer to install for him Microsoft terminal server but after I thought about that I found that I need more then one server to do it properly and to do it properly for me its installing DC and another terminal server etc....
I have another idea to install physical hyper-v server and on top 2 virtual servers ,one DC and one terminal server, but it seems that it will cost more than expected.
my question is:
can I install terminal server without Active directory dependency (like stand alone terminal server)?
is this a good idea?
Please , let me know if you have any other idea with minimum cost.
Thx ,
I would like your suggestion:
I have some customer with 2 branches and 4 users in each branch, for now there is just 8 workstation and there is no server. The customer purchased new application and would like to centralize access for users from both branches....basically the customer doesn't have much many to invest.
My suggestion to the customer:
I offered the customer to install for him Microsoft terminal server but after I thought about that I found that I need more then one server to do it properly and to do it properly for me its installing DC and another terminal server etc....
I have another idea to install physical hyper-v server and on top 2 virtual servers ,one DC and one terminal server, but it seems that it will cost more than expected.
my question is:
can I install terminal server without Active directory dependency (like stand alone terminal server)?
is this a good idea?
Please , let me know if you have any other idea with minimum cost.
Thx ,
You may also want to check with the application vendor that it will work correctly on a Terminal Server and is supported - some applications will not function correctly on remote desktop connections, plus there may be licensing concerns depending on how many users will be accessing it.
ASKER
Thank you very much for your quick respond.
I also would like your idea regarding GPO.
probably I have to go with the local GPO idea it could be any issue with that?
I also would like your idea regarding GPO.
probably I have to go with the local GPO idea it could be any issue with that?
Yes, with local GPO you can manage terminal sever aspects with local users
Probably you need to edit local security policy on server through gpedit.msc and allow users to logon through terminal services user right
Also you need to add local users to Remote desktop users group on server
In Administrative templates, under windows Components\Remote Desktop Services you will find terminal server more settings
Also you can put restrictions on users what they can do and can't do on terminal server through same local group policy.
Also same time I am totally agree with Morty, he has raised very valid point...
Mahesh
Probably you need to edit local security policy on server through gpedit.msc and allow users to logon through terminal services user right
Also you need to add local users to Remote desktop users group on server
In Administrative templates, under windows Components\Remote Desktop Services you will find terminal server more settings
Also you can put restrictions on users what they can do and can't do on terminal server through same local group policy.
Also same time I am totally agree with Morty, he has raised very valid point...
Mahesh
ASKER
Hi guys ,
i have checked with the application vendor and verify already that the application support terminal all of their customer use it with terminal.
regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?
it is my first time to deploy terminal server without DC.
btw,
maybe I should install Dc and terminal server on the same server and then solve all my problem:):) although I don't like to do it that way.
i have checked with the application vendor and verify already that the application support terminal all of their customer use it with terminal.
regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?
it is my first time to deploy terminal server without DC.
btw,
maybe I should install Dc and terminal server on the same server and then solve all my problem:):) although I don't like to do it that way.
In Windows Server 2008 and 2012, Terminal Services has been renamed to "Remote Desktop Services". I assume you are running on one of these two platforms.
For this setup, you do not need to configure any GPOs, by default members of the "Remote Desktop Users" group have the "Allow logon through remote desktop services" (new name for "Allow logon through terminal services").
You do not need to install active directory or a domain controller. You just need to create the 8 local users on your Remote Desktop Server corresponding to your remote users. Add the users to the "Remote Desktop Users" group.
Add the "Remote Desktop Server" role and its "Remote Session Host" and "Remote Desktop Licensing" role services.
Choose your licensing model per device or per user. This on what kind of licenses you have bought. If your users are going to access the RDP Server from more than one host i.e. not only their desktops in the branches, then choose per user, otherwise per device will surfice, i.e. 10 Device CALS. Install the purchased licenses.
Install your appications, make sure RDP traffic is allowed at your firewall/router and redirected to your server, give your users theirs login credentials and IP/URL, and you are good to go.
For this setup, you do not need to configure any GPOs, by default members of the "Remote Desktop Users" group have the "Allow logon through remote desktop services" (new name for "Allow logon through terminal services").
You do not need to install active directory or a domain controller. You just need to create the 8 local users on your Remote Desktop Server corresponding to your remote users. Add the users to the "Remote Desktop Users" group.
Add the "Remote Desktop Server" role and its "Remote Session Host" and "Remote Desktop Licensing" role services.
Choose your licensing model per device or per user. This on what kind of licenses you have bought. If your users are going to access the RDP Server from more than one host i.e. not only their desktops in the branches, then choose per user, otherwise per device will surfice, i.e. 10 Device CALS. Install the purchased licenses.
Install your appications, make sure RDP traffic is allowed at your firewall/router and redirected to your server, give your users theirs login credentials and IP/URL, and you are good to go.
You will also need to check that the application you are installing is 64bit compatible, otherwise you will need to install the 32 bit version of Windows Server 2008, or Windows Server 2003.
Microsoft permits downgrade rights for new purchases of Server 2012 licenses
Microsoft permits downgrade rights for new purchases of Server 2012 licenses
ASKER
Guys ,
please , respond my question I know how to install terminal server it wasn't my question.
My question was:
regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?
please , respond my question I know how to install terminal server it wasn't my question.
My question was:
regarding GPO I think it will be a little bit challenging because I can't exclude user from the GPO for example I don't want my user to be part of the GPO there is some way to do it?
ASKER
regarding my post below it is mean when I have stand alone server.
You referring to "terminal server". means you are intend on installing server 2003??? Please clarify...
If you wish to apply restrictive policies using GPOs and also exclude some users like the administrator from being affected by it, then only way I know you achieve that is by installing Active Directory, and doing this from group policy manager.
If you wish to apply restrictive policies using GPOs and also exclude some users like the administrator from being affected by it, then only way I know you achieve that is by installing Active Directory, and doing this from group policy manager.
ASKER
Thank you very much this is exactlly the answer I was looking for to my last question :)
Thank you all for all the advices.
Sorry, that I was a bit confusing I meant to say "remote desktop services".
My decision after your suggestions:
I decided to install AD and remote desktop services on the same physical server create users by AD level and add them to the Remote desktop group plus apply on these users GPO and exclude my self and the other administrator from this GPO
Thank you all for all the advices.
Sorry, that I was a bit confusing I meant to say "remote desktop services".
My decision after your suggestions:
I decided to install AD and remote desktop services on the same physical server create users by AD level and add them to the Remote desktop group plus apply on these users GPO and exclude my self and the other administrator from this GPO
ASKER
Thank you all for all your advices.
What's the difference, you can use same group polices through local group policy on workgroup server for local users ?
Mahesh
Mahesh
@mahesh. How would you filter out to whom local group polices apply to?
ASKER
Exactly how are you going to filter out users?
This is the reason why I decided to install AD.
This is the reason why I decided to install AD.
There are only 8 users.
Why you want to filter this amount of users..?
Local group polices will apply to all local users
According to me, Deployment of Active Directory only for managing 1 application server with 8 users is not appropriate.
Then he need to take Ad system state backup and so on.
Mahesh
Why you want to filter this amount of users..?
Local group polices will apply to all local users
According to me, Deployment of Active Directory only for managing 1 application server with 8 users is not appropriate.
Then he need to take Ad system state backup and so on.
Mahesh
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have to mention that the multiple answers give u an idea but the best solution it was mine
No points Motimash??
Fastest way to get experts to avoid your questions. Notice you do this quite a lot.
Fastest way to get experts to avoid your questions. Notice you do this quite a lot.
You can deploy application on workgroup server 1st and then install terminal server role and create local users on the same and grant them access to server.
Terminal Server Client access licensing (CAL) should be like below
If you are user count is more than client computers, then take per device (Computer licenses) CALs
If you have computer count more than users, then take per user CALs
This will save deployment of AD on dedicated servers and hardware for the same
Mahesh