Lets presume you have an application that should be accessed by multiple users. You do not want to have the application be installed on multiple clients but rather be on a central host which will be accessed by all users. The benefit of such set up is that you have one application to be deployed and managed rather then multiple separate installations.
In our case study we are having two separate servers.
One is our Terminal Server where we want all the clients to connect to via Remote desktop. The other one is our Active Directory Server where all users are managed and authenticated.
Following steps are required in order to achieve our task:
- Adding Windows Roles and Features to Terminal Server
- Adding Group Policies (GPO) to Terminal Server
- Installing License for Remote Desktop on our Terminal Server
- Linking Licensing Server to Active Directory Server
Adding Windows Roles and Features to Terminal Server
Firstly, you must add the following roles:
- Remote Desktop Licensing
- Remote Desktop Session Host
see the screenshot below. Although in German you should be able to get the idea.
After having installed the two roles let us move to the next point.
Adding GPO to terminal server
Now let us start the GPO editor. Just type in the search bar
gpedit.msc
Navigate to:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections
Here again a screenshot in German but you should be able to find it 🙂
Now edit the highlighted 3 options.
- Automatic Reconnection
- Limit number of connections
- Restrict Remote Services Users to a single Remote Desktop Session
We want to have the first option activated. It will make sure you get reconnected after for example short internet disconnection.
The second option set as desired depending on the number of users authorized to use RDS
Third option make sure to deactivate.
At this stage we are ready to install the RDS license.
Installing License for Remote Desktop on Terminal Server
At this stage it is important to install the CAL License. You can actually use RDS without a valid license, but this is allowed only for a limited time and any per son logging into a Terminal Server will be informed that not license is not present. Additional you will be receiving a ballon message saying:
Remote Desktop licensing mode is not configured. Remote Desktop Service will stop in 10 days. On the RD Connection Broker server, use Server Manager to specify the Remote Desktop licensing mode and the license server.
Let’s open the Remote Desktop Licence Manager. You can find it by searching the name in the Start Menu.
Now we will click on the name of our Server with the right mouse button and choose Install License. This will open a Wizzard which will guide you through the process. Makes sure you have got a valid license.
Once you have added a valid license, it will validate and allocate it. I for example use a license for 50 users. (In this case I use a license per user)
So now we are almost done but still one point needs to be adjusted. Because in this tutorial we a using active directory, we must tell our AD Sever that there is an valid license for the Remote Desktop Sessions. For this reason we will point Active Directory to the RD Licensing Server (which in our case is found on our Terminal Server)
Linking Licensing Server to our Active Directory Server
- This procedure will be done using the Group Policy.
- Lets add a new organizational unit to our Active Directory and name it e.g. TerminalServer.
- Having done so let us move the Terminal Server Computer inside this newly created OU.
- Now open the Policy Editor. Let us create a new policy and call it “Licensing_RDP”
- Now edit the newly created policy and navigate to:
Computer > Navigation > Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Licensing
You will want to activate and set the Set the Remote Desktop licensing mode option. I have chosen the option “per user” as this corresponds to my license type
Now we must point where our Remote Desktop Licensing Server is found. For this active and edit Use the specified Remote Desktop license servers. Inside the option just add the server IP address.
Now we are done done with the configuration. Run gpupdate /force on both servers and test your RDS connections
Useful Trouble Shooting
Should you get difficulties with the RDS Profiles at some point it is crucial to check the the C:\Users Folder for any TEMP Folders. If these get created check out the SID of the USERS and look for the settings in the Registry editor:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\
In order to list the SID of the users use the following command in CMD
wmic useraccount get name, sid
or using PowerShell 7
Get-ADUser -Identity ‘username’ | select Name, SID