In this chapter, you’ll learn about the world of virtual desktops. You’re going to see how to configure Windows Server so your users can use the server as a workstation. Then, rather than having several computers to administer, you’ll just have your own server to manage. From there, you’ll be able to organize the management of the different workstations.
Activate the Remote Desktop
Navigate to your server dashboard in Server Manager. Select Remote Desktop and click on Disabled to enable the service (this service is disabled by default for security reasons).
Once the service is enabled, you must carry out a few operations:
Go to your server’s System Properties in the Remote tab.
Tick the Allow remote connections to this computer box.
Untick Allow connections only from computers running Remote Desktop with NLA.
Open port 3389/tcp to your server.
Now you can open the client on a Windows computer by running the MSTSC command. You’ll see this window:
Enter your server’s IP address and click Connect. Identify yourself by entering your local administrator credentials when prompted. You should get a security warning.
You can now provide remote access to your users. They’ll have their own desktop on the server with a personal session.
Customize the Remote Desktop
Over time, Microsoft has locked this type of access to prevent users who aren’t administrators from carrying out certain actions. This means your users will have a more restricted view of your server (e.g., they can’t shut it down). Also, Server Manager won’t launch automatically when a session is opened. Even if it’s possible for a user to launch it, they will have no available actions.
Nonetheless, it’s better to customize users’ desktops to remove certain shortcuts, in particular in the Start menu, which you can find here: C:\Users\user-name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs .
Before a user connects, head to the following location: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs .
Active Directory or GPOs will help you further customize the session at a later stage. Next, navigate to the local group policy editor. These are the same settings as GPOs, except the impact will only be visible on the local server or computer.
Manage a Remote Desktop Server Farm
Remote desktops have markedly improved since Windows 2008, mainly thanks to fully-integrated services for remote desktop management, enhancing the user experience.
What’s this useful for?
Let’s look at previous difficulties and other desktop sharing limitations:
You needed to configure restrictions on the servers.
Your users couldn’t keep their sessions if there were several servers available.
Resource management was based on the network availability of the server and not on the status of its available resources.
You couldn’t add a server without impacting service provision.
With this type of infrastructure, you can get a much better user experience, such as:
Advanced session management (stored in a single location, regardless of the number of sessions).
The option to deploy a desktop or just applications (without needing to install them on client computers).
Simplified server addition through creating a sort of server farm, where virtual machines dedicated to desktop sharing can be added more easily.
You have three possible options:
Several servers, each with a specific role in the VDI system.
A single server that groups all of the VDI roles.
MultiPoint services that allow you to create user stations, giving them access to USB hubs.
Below is a table comparing different desktop sharing options:
Option | Several Servers | Single Server | MultiPoint Services |
Type | Virtual desktop infrastructure (VDI) | Virtual desktop infrastructure (VDI) | Server sharing. |
Advantages | Simplifies scalability and allows management of many users. | Simplifies deployment to a restricted number of users (ideally fewer than 25). | Lower-cost solution. |
Drawbacks | Difficult to install and administer. | Reduced user numbers, difficulty adding servers to manage others. | Reduced user numbers, difficulty adding servers to manage others. |
MultiPoint Services
Let’s start with the easiest option. With these services, you can configure a server used by several keyboards, mice, and screens. This way, you configure the server, set your services, and place the central unit in the middle of several desktops. Each user has a keyboard, mouse, and screen.
However, you will face the same problems as last time:
A limited number of possible sessions.
Administration challenges. You will have fewer computers to set up, but you’ll still have as many MultiPoint servers as user groups.
We’ll focus on setting up a single server. Although setting up several servers requires more time, the procedure is the same, so you can apply what you’ve learned about single servers to several servers.
Set Up a Single Server Grouping Together all of the VDI Roles
The first step in the Microsoft VDI is setting up all the roles and services on a single server.
For this deployment option, you have two scenarios:
Using virtual computers.
Using sessions on the current server.
With the help of the Add Roles and Features Wizard, add Remote Desktop Services, select the single server option, and only deploy sessions.
The installation will begin, and you’ll have to restart your server to complete the configuration.
The following roles and role services will be installed on your server:
Remote Desktop Connection Broker
Remote Desktop Web Access
Remote Desktop Session Host
Remote Desktop Web Access provides a web interface for accessing remote desktop services and available applications directly, without a desktop.
The Remote Desktop Session Host is the server that hosts the desktop and the applications (via RemoteApp) available to users.
Once those services are installed, you can check the installation by heading to https://localhost/rdWeb (here again, the certificate is self-signed, so ignore the security warning when prompted). After logging in with the local account you use for the server, you’ll see a web page with the Calculator, Paint, and WordPad available by default:
You can access this service on your network after opening port 443 and port 3389.
If you want to make the desktop appear on this list, go to Server Manager, the Remote Desktop Services section, and finally, the QuickSessionCollection section, which has been automatically created (you can rename this collection in its settings).
Next, access RemoteApp Programs and add the programs you need via the tasks available in the top right corner of the sidebar. For the desktop, you’ll find the Remote Desktop Connection program.
This method provides your colleagues access to administration tools (such as the IIS manager).
Additional Resources
Let’s Recap!
Remote Desktop Services allows you to share a desktop and publish applications your users might use without installing them.
Windows Server simplifies the deployment of shared desktop infrastructure via Remote Desktop Services.
Web access lets you centralize all access to remote desktop services.
These services let you keep centralized administration and access through AD, thereby guaranteeing security by controlling access to approved applications.
In the next chapter, you’ll learn how to configure the Windows update service: WSUS.
