Microsoft TechNet Documentation

While researching my previous post, I noticed that many pages or sections in the TechNet Library are now available for download.

A good example of this is the step by step guide to installing Windows 2008 Remote Desktop Services. The main TechNet link is here, while the document can be downloaded in Word 2003 format here.

And that’s not all, if you save the document in PDF format, it looks great on your Kindle or other eReader for later reference.

This particular document leads the reader through a real world scenario (a rather simple one) on how to deploy the basics of Remote Desktop Services. You will need a domain controller for basic Active Directory functionality, one server for the Remote Desktop Services Session Host (your terminal server) and a client to test it from. The guide explicitly ignores the issues of licensing, as you get the 120 grace period to play with.

Windows 2008 R2 Terminal Server Pinned Programs

My company uses Windows 2003 terminal servers to give home users access to basic business applications such as Outlook and Word. But with the years flying by, its time to upgrade.

Implementing Windows Remote Desktop Services, as it is now called, is pretty straight forward. Build your basic Windows 2008 R2 server then add the Remote Desktop Services role. To do this, from Server Manager, choose the Add Roles option from the top right of the main pane. Having selected the Remote Desktop Services role from the list of available roles, follow the wizard to add the additional Role Services. The one you’ll be interested in is the Remote Desktop Session Host. If you are setting up a local test environment you may want to install Remote Desktop Licencing as well, so you can have a local licence server. You don’t really need one as you have 120 days of licensing available before your new terminal server, I mean Remote Desktop Services host, will stop working.

Once installed you’ll need to configure licensing, that is, the licence server and the licence type (per user or per device), assuming you intend to keep this server for the long haul. And that’s it. You can find out more about the installation process for Remote Desktop Services at this Microsoft link.

But there are a few little “features” which need addressing. For example, in their infinite wisdom, Microsoft decided they should give everyone access to Powershell and Server Manager via the “Pinned Programs” area of the toolbar. You probably won’t want standard users having access to these programs. If you rummage around Google you’ll find a lot of articles on this subject.

These particular pinned programs are shortcuts to programs already installed on the server and this gives us a clue on how to solve the issue. To be specific, these pinned programs are created from links already in the All Users profile. So the simplest way to prevent these icons from appearing is to remove the average Joe’s access to the source link. You could use a GPO to do this, instructions for which can be found here. However, if you only have one such terminal server it may be simpler to just manually remove the undesirable user privileges from the following links:

• %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk
• %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

While this will prevent new users from getting these pinned programs on their task bar, existing users will already have them. Of course, if they don’t have the rights to run the underlying programs they will just get an annoying error message saying so. But this little clean up should avoid unnecessary calls to your Service Desk.