Windows Server 2008 Centralized Application Access

8/8/2019 Windows Server 2008 Centralized Application Access

1/17

Windows Server 2008 CentralizedApplication Access

Microsoft Virtual Labs


2/17

Windows Server 2008 Centralized Application Access

Table of Contents

Windows Server 2008 Centralized Application Access ............................................................. 1Exercise 1 Implementing Terminal Services Gateway ........... .......... ........... .......... ........... ........... .......... ........... .......... ... 2Exercise 2 Implementing Terminal Services RemoteApp ............................................................................................. 9Exercise 3 Implementing Terminal Services Web Access .......... ........... .......... ........... .......... ........... .......... ........... ...... 13Exercise 4 Using Windows System Resource Manager with Terminal Services (Optional) .......... ........... .......... ........ 15


3/17


Page 1 of 15

Windows Server 2008 Centralized

Application Access

ObjectivesAfter completing this lab, you will be better able to: Implement a Terminal Services Gateway

Implement Terminal Services RemoteApp

Utilize Windows System Resources Manager on a Terminal Services Server

ScenarioIn this lab, you perform the function of an administrator for a company that has

users who work both within the corporate network and remotely. Some of the

users who work remotely, access the internet via shared computers. These users

only require access to specific applications. You need to allow authorized users

on an Internet-connected computer running Microsoft Windows Vista to easily

and securely connect to remote computers on the corporate network through a

Terminal Services Gateway. In addition, you need to provide access to standard

Microsoft Windows programs from virtually any location to any Windows

device with Internet access.As a Terminal Server administrator you will also configure policies on the server

to ensure that all users connecting to the server have an equal share of the

servers resources and ensure a consistent and predictable experience for users of

applications and services. To achieve this goal you will implement a resource

management policy on the server using Windows Server Resource Manager.

PrerequisitesBefore working on this lab, you must have:

Experience (level 200+) with Windows Server 2000 and/or Windows

Server 2003

A MCSA/MCSA Certification or equivalent knowledge. You should be

familiar with basic networking concepts and Active Directory concepts.

Estimated Time toComplete This Lab

90 Minutes

Computer used in this LabNYC-DC-01

NYC-CLI-01

NYC-CLI-02

NYC-DC-01-2

NYC-CLI-01-2

NYC-CLI-02-2


4/17


Page 2 of 15

Exercise 1Implementing Terminal Services Gateway

ScenarioIn this exercise, you will configure a Terminal Services Gateway Server and a Terminal Services Gateway Client.You will configure the Terminal Services Gateway Server by first obtaining, importing and mapping a security

certificate for the server. You will then configure the server with a Connection Authorization Policy, a Resource

Group and a Resource Authorization Policy.

After configuring the Terminal Services Gateway Server, you will then configure a Terminal Services Gateway

Client and then establish a connection to the Terminal Services Gateway Server.

Note: This exercise uses the following computers:NYC-DC-01 andNYC-CLI-01

Note:Before you begin this exercise, you must start and log on to the computers.

Note: The Terminal Services Gateway Server has already had the Terminal Services Gateway role installed.

Tasks Detailed StepsComplete the following 3

tasks on:

NYC-DC-01

1. Confirm the

Terminal Server

Gateway Server

services have started

Note:In this task you will confirm that the required services to run Terminal Services

Gateway Server have been installed and have started correctly. In the case that you

have been given a pre-configured server this should always be your first action to

ensure that the relevant services have successfully started. These services are required

for clients to connect via the Terminal Services Gateway. You will also confirm that

the default Web Site is configured to start automatically. The web site on the Terminal

Services Gateway server is used by clients to establish the connection to the Terminal

Server. The gateway enables users to connect using a secure web connection port

(port 443) rather than using the standard Terminal Services port (port 3389).

Note: This task uses the following computer: NYC-DC-01 and NYC-CLI-01

a. Log on to NYC-DC-01 as Administrator with the password ofP@ssw0rd.

b. On the Start menu, navigate to All Programs/Administrative Tools and thenclickServer Manager.

c. In Server Manager, in the Explorer pane, expand Roles and then selectTerminalServices.

d. In the Contents pane, examine the contents of the SystemServices area.

Note: The services required for terminal services should all be shown as running. This

is confirmed by the heading of System Services: All Running

e. In the Explorer pane, expand Roles/Web Server (IIS) and then select InternetInformation Services (IIS) Manager.

f. In the Connections pane, navigate to NYC-DC-01(WOODGROVEBANK\administrator)/Sitesand then select Default Web Site.

g. In the Action pane, clickAdvanced Settings.

h. In the Advanced Settings window, confirm that Start Automatically is set toTrue and then clickOK.

i. In Server Manager, in the File menu, clickExit to close the Server Managerwindow.

j. A dialog box may occur during this step. IfServer Manager Error Dialog popsup clickCancel to close the dialog box.

Note: The reason for ensuring that the web services are set to start automatically is

that connections to the Gateway server are managed by Internet Information Services.


5/17


Page 3 of 15

Tasks Detailed Steps

2. Create and Map a

certificate for the

Terminal Services

Gateway Server

Note:In this task you will use the Terminal Services Gateway management console

snap-in to create and map a certificate to the Terminal Services Gateway server. In

order to be able to use a server as a Terminal Services Gateway server, you must first

install a SSL Compatible X.509 certificate. This ensures that the Terminal Services

Gateway will use this certificate when providing connection security. This task uses a

self-signed certificate. Self signed certificates are appropriate for use in environments

that do not have an established public key infrastructure, or do not wish to create one.Note: The use of a self signed certificate is recommended in environments that do not

have an established public key infrastructure.

a. On the Start menu, navigate to All Programs/ Administrative Tools/Terminal

Services and then clickTS Gateway Manager.

b. In TS Gateway Manager, in the Explorer pane, select NYC-DC-01 (Local).

c. On the Action menu, clickProperties.

d. In the NYC-DC-01 Properties dialog box, select the SSL Certificate tab, andthen select Create a self-signed certificate for SSL encryption, and then click

Create Certificate.

e. In the Create Self-Signed Certificate dialog box, in File name, type

C:\Public\NYC-DC-01.cer and then and then clickOK.

f. In the TS Gateway dialog box, clickOK.

Note: The Issued to, Issued By and Expiration date fields now have values. This

indicates that you have successfully installed the certificate.

g. Click on OK to close the NYC-DC-01 Properties dialog box.

h. On the Start Menu, in Start Search, type MMC and then press ENTER.

i. In Console1, on the File menu, select Add/Remove Snap-in.

j. In the Add or Remove Snap-ins dialog box, select Certificates, and then click

Add.

k. In the Certificates snap-in dialog box, select Computer account, and then click

Next.

l. In the Select Computer dialog box, ensure Local computer is selected, and thenclickFinish.

m.In the Add or Remove Snap-ins dialog box, clickOK.

n. In Console1, navigate to Console Root/Certificates (Local Computer)/Trusted

Root Certification Authorities and then select Certificates.

o. In the Action menu, select All Tasks and then Import.

p. In the Certificate Import Wizard, clickNext.

q. In the Certificate Import Wizard, on the File to Import Page, in the File nametext box, enter C:\Public\NYC-DC-01.cer, and then clickNext.

r. In the Certificate Import Wizard, on the Certificate Store page, ensure Place all

certificates in the following store is selected and then clickNext.

s. In the Certificate Import Wizard, on the Completing the Certificate ImportWizard, clickFinish.

t. On the Certificate Import Wizard dialog box, clickOK.

u. In Console1, on the File menu, clickExit, Do not save changes.

3. Configure Group

Policy to distribute

Security Certificate

Note:In this task you will use group policy to ensure that the security certificate for

your company is installed automatically on all client computers. This will ensure that

use and installation of the security certificates are uniform across the business

environment.


6/17


Page 4 of 15


Note: This task uses the following computer:NYC-DC-01

a. On the Start navigate to Start Search, and type GPMC.MSC.

b. In Group Policy Management, in the Explorer pane, navigate to Group Policy

Management/Forest:

Woodgrovebank.com/Domains/Woodgrovebank.com/Group Policy Objects

and then select Default Domain Policy.

c. In Group Policy Management, on the Action menu, clickEdit.

d. In Group Policy Management Editor, navigate to ComputerConfiguration/Windows Settings/Security Settings/Public Key Policies and

then select Trusted Root Certification Authorities.

e. In Group Policy Management Editor, on the Action menu, clickImport.

f. In the Certificate Import Wizard dialog box, clickNext.

g. In the Certificate Import Wizard, on the File to Import page, clickBrowse.

h. In the Open dialog box, in File Name type, \\NYC-DC-01\Public\and then click

Open.

i. In the Open dialog box, select NYC-DC-01 and then clickOpen.

j. In the Certificate Import Wizard, on the File to Import page, clickNext.

k. In the Certificate Import Wizard dialog box, on the Certificate Store page,

ensure Place all certificates in the following store is selected and then click

Next.

l. In the Certificate Import Wizard dialog box, on the Completing the CertificateImport Wizard page, clickFinish.

m.In the Certification Import Wizard dialog box, clickOK.

n. In Group Policy Management Editor, on the File menu, clickExit.

o. Close Group Policy Management.

Complete the following

task on:

NYC-CLI-02

4. Client Configuration

Note:In this task you will configure the computer that will be hosting the remote

applications. For this purpose configurations will be made that allow other

computers to connect via RDP.

Note: This task uses the following computer:NYC-CLI-02

a. Log on to NYC-CLI-02 as Woodgrovebank\Administrator using the password

P@ssw0rd.

b. On NYC-CLI-02, in the Start menu, right clickComputer and select properties

c. On the System dialog select Remote Settings (upper left of dialog)

d. On the System Properties Dialog select the Remote Tab.

e. In the Remote Desktop Region select Allow Connections from computersrunning any version of Remote Desktop radio button.

f. System Properties Dialog, ClickOK.

g. System Dialog, ClickFile, Close

h. Log Off from NYC-CLI-02


task on:

NYC-CLI-01

5. Force application of

the Group Policy

settings to client

Note:In this task you will force the application of the newly created group policy

settings by using the GPUPDATE command on the client machines. This will ensure

that the self-signed certificate is available for the clients to use in the following

exercises.

Note: This task uses the following computers:NYC-CLI-01

a. The NYC-CLI-01 has been prelogged in as Woodgrovebank\DonHall using the

password P@ssw0rd.


7/17


Page 5 of 15


machines b. On NYC-CLI-01, in the Start menu, in Start Search, type CMD and press

ENTER.

c. In the command prompt window, typethe following command, and then press

ENTER.

GPUPDATE /FORCE

d. Log off NYC-CLI-01

Complete the following 3

tasks on:

NYC-DC-01

6. Create a Connection

Authorization Policy

(CAP)

Note:In this task you will create a Connection Authorization Policy (CAP) that will

allow you to control who can connect to the Terminal Services Gateway server. A

CAP allows you to specify detailed connection requirements, including requirements

such as group membership, domain membership, and the requirement to use a smart

card.

Note: This task use the following computer:NYC-DC-01

a. In TS Gateway Manager, in the Explorer pane, navigate to NYC-DC-01

(Local)/Polices and then select Connection Authorization Policies.

b. In the Actions pane, clickCreate New Policy and then clickWizard.

c. In the AuthorizationPolicies dialog box, ensure that Create only a TS CAP is

selected, and then clickNext.

d. Complete the Authorization Policies with the following values:

Setting Value

Name for the TS CAP: Remote User Access

Windows authenticationmethod:

Password

User groupmembership(required):

Remote Application Users

Client computer group

membership (optional):

No group selected

TS Gateway device redirection Enable device redirection for all clientdevices

e. In the Authorization Policies dialog box, clickFinish to complete the policycreation.

f. ClickClose to close the AuthorizationPolicies dialog box.

7. Create a computer

group to control

access to the

Terminal Services

Gateway

Note:In this task you will create a group containing computers that can connect

remotely through the Terminal Services Gateway. If a computer tries to connect to the

Terminal Services Gateway that is not part of this group they will be denied access.

a. In the TS Gateway Manager, In the Explorer pane, expand NYC-DC-01(Local), Polices and then select Resource Authorization Policies.

b. In the Actions pane, clickManage Local Computer Groups.c. In the Manage locally stored computer groups dialog box, clickCreate group.

d. In the New TS Gateway-Managed Computer Group dialog box, on the Generaltab, enter the following values, do not clickOK.

Setting Value

Name: Remote Access Computers


8/17


Page 6 of 15


Description: Computers allowed to connect to TSGateway

e. In the New TS Gateway-Managed Computer Group dialog box, on the

Network resources tab, in the text box, type NYC-CLI-01 and then clickAdd.

f. In the New TS Gateway-Managed Computer Group dialog box, on the

Network resources tab, in the text box, enter NYC-CLI-02 and then clickAdd.

g. In the New TS Gateway-Managed Computer Group dialog box, on the

Network resources tab, in the text box, enter NYC-DC-01 and then clickAdd.

h. In the New TS Gateway-Managed Computer Group dialog box, clickOK.

i. In the Managelocallystoredcomputergroups dialog box, clickClose.

Note: You are only adding the computers that will access the Gateway server

remotely. Normally you would not add the Gateway server to the policy. As the

gateway server is NYC-DC-01 and in this lab is used to host the terminal servicesit is

requiredto be added.

8. Create a Resource

Authorization Policy

(RAP)

Note:In this task you will create Resource Authorization Policy (RAP). The RAP is

used to identify which computers users that connect to a Terminal Services Gateway

can connect to. In order to connect to a computer using the Terminal Services

Gateway, the client must meet the conditions of one CAP and one RAP.a. In the TS Gateway Manager, in the Explorer pane, navigate to NYC-DC-01

(Local)/Polices and then select Resource Authorization Policies.

b. In the Actions pane, clickCreate New Policy and then clickWizard.

c. In the Authorization Policies dialog box, ensure that Create only a TS RAP is

selected, and then clickNext.

d. Complete the Authorization Policies with the following values:

Setting Value

Name for the TS RAP: Remote Resource Access

User group membership: Remote Application UsersComputer Group: Select an existing TS Gateway-managed

computer group or create a new one

Select an existing TSGateway-managed computergroup

Remote Access Computers

Allowed Ports Allow connections only through TCPport 3389

e. In the Authorization Policies dialog box, clickFinish to complete the policy

creation

f. ClickClose to close the Authorization Policies dialog box.

Complete the followingtask on:

NYC-CLI-01

9. Configure Remote

Desktop Connection

Settings on the Client

Computer

Note:In this task, you will modify the Remote Desktop Connection settings on NYC-CLI-01 to connect through the Terminal Services Gateway that you have configured.

You will first attempt to connect directly to NYC-CLI-02 using the default settings of

Remote Desktop Connection. NYC-CLI-02 has had the default Windows Firewall

settings modified to only accept connections from the IP address of NYC-DC-01.

Note:In order to connect to NYC-CLI-02 you will need to modify the settings of the

Remote Desktop Connection to use the Terminal Services Gateway to connect

through.

Note: This task uses the following computers:NYC-CLI-01, NYC-CLI-02 and NYC-


9/17


Page 7 of 15


DC-01

a. Log on to the NYC-CLI-01 as DonHall with a password ofP@ssw0rd.

b. On the Start menu, navigate to Start/All Programs/Accessories, and then click

Remote Desktop Connection.

c. In Remote Desktop Connection, in the Computer text box, type NYC-CLI-

02.Woodgrovebank.com and then clickConnect.

d. In the Windows Security box, use the following values and then clickOK.

Setting Value

User Name: Woodgrovebank\DonHall

Password: P@ssw0rd

Note: There will be a delay and then the connection will fail. This is because the

Windows Firewall on NYC-CLI-02 is configured to only accept Remote Desktop

connections from NYC-DC-01.

e. In the Remote Desktop Disconnected dialog box, clickOK.

f. In the Remote Desktop Connection dialog box, clickOptions, and then click theAdvanced tab.

g. In the Remote Desktop Connection dialog box, in Connect from anywhere,clickSettings.

h. In the Gateway Server Settings dialog box, select Use these TS Gateway serversettings:.

i. In the Gateway Server Settings dialog box, in the Server name, type NYC-DC-01.Woodgrovebank.com and select Logon method: Ask for password (NTLM).

j. In the Gateway Server Settings dialog box, uncheckBypass TS Gateway serverfor local addresses.

k. ClickOK to accept the settings.

l. In Remote Desktop Connection, click on the General tab.

m.In the Computer text box, type NYC-CLI-02.Woodgrovebank.com and thenclickConnect.

n. In the Windows Security box, use the following values:

Setting Value

User Name: Woodgrovebank\DonHall

Password: P@ssw0rd

o. ClickOK.

Note: There will be a slight delay before the next step appears. When the next box

appears, observe that this is for the Gateway Server Credentials.

p. In the Windows Security box, use the following values:

Setting Value

User Name: DonHall

Password: P@ssw0rd

q. ClickOK.

Note: There will be a slight delay before the desktop of NYC-CLI-02 appears. When it


10/17


Page 8 of 15


does appear, you can observe in the connection toolbar, the padlock which symbolizes

that the connection is using security.

r. If you are prompted that there is a user RDPed into the NYC-CLI-02 machine, log

off the other user and log on.

s. Log off the NYC-CLI-02 remote session.


11/17


Page 9 of 15

Exercise 2Implementing Terminal Services RemoteApp

ScenarioRemoteApp applications are programs that are accessed remotely through Terminal Services and appear as if theyare running on a user's local computer. Users can run RemoteApp applications side-by-side with their local

programs. If a user is running more than one Remote Program on the same terminal server, RemoteApp will share

the same Terminal Services session. You can use TS Web Access to make RemoteApp applications available

through a Web site.

In this exercise, you will configure NYC-DC-01 to be able to publish remote applications. In addition you will

create packages for deploying remote applications to the client machines and then distribute these packages.

You will also test the connection of the remote program application from a client machine. In order to test these

RemoteApp, you will also modify the allow list to allow an application to be accessed remotely.

Note: This exercise uses the following computers:NYC-DC-01, NYC-CLI-01, NYC-DC-01-2, and NYC-CLI-01-2



tasks on:

NYC-DC-01

1. Install Terminal

Server Role Service

Note:In this task you will add the Terminal Server role to NYC-DC-01.

Note: This task uses the following computer:NYC-DC-01

a. On the Start menu, navigate to All Programs/Administrative Tools/ServerManager.

b. In Server Manager, in the Explorer pane, navigate to Roles/Terminal Services.

c. In Server Manager, in the Contents pane, under Role Services, clickAdd RolesServices.

d. In the Add Role Services dialog box, in the Select Role Services page, select

Terminal Server.

e. In the Add Role Services dialog box, clickInstall Terminal Services anyway(not recommended).

f. In the Add Role Services dialog box, clickNext.

g. In the Add Role Services dialog box, in the Uninstall and Reinstall Applicationsfor Compatibility page, clickNext.

h. In the Add Role Services dialog box, in the Select RDP Version page, selectRequire Network Level Authentication then clickNext.

i. In the Add Role Services dialog box, in the Specify the Terminal ServicesLicensing Mode page, select Configure later then clickNext.

j. In the Add Role Services dialog box, in the Select User Groups Allowed Accessto This Terminal Server page, clickNext.

k. In the Add Role Services dialog box, in the Confirm Installation Selections screen,clickInstall.

Note: On the Confirm Installation Selections screen, there is one warning. The

warning is advising that you may need to reinstall applications. In the lab it is safe to

ignore, however in a production environment it is important to remember that

applications may need to be reinstalled. The reason for the need to reinstall the

applications is that on a Terminal Server applications are installed into a different

section of the registry. This is so that the applications can be safely accessed by

multiple users simultaneously.

The installation process will take approximately 5 minutes. After this you will need to


12/17


Page 10 of 15


restart NYC-DC-01.

l. In the Add Role Services dialog box, in the Installation Results screen, click

Close.

m.In the Add Role Services dialog box, clickYes to begin the restart.

n. It takes a couple of minutes to restart the NYC-DC-01. Due to the networklimitation of machine reboot in the Virtual environment, please continue the rest of

the exercises on the NYC-DC-01-2 machine.

Note: The reboot will take several minutes. After completing the log in the Post-

Reboot Configuration Wizard will appear to confirm that the Terminal Services role

has been installed successfully.


tasks on:

NYC-DC-01-2

2. Add a program to the

Allow list

Note:In this task you will add two existing program to the Allow list for Terminal

Services RemoteApp. In order for a user to be able to access a program with

RemoteApp the application must be on the Allow List. The Allow List settings also

includes the ability to change settings for the remote applications, such as additional

command line arguments and changes to the default icons. You will use a sample

program named OnTheServer.exe and in addition will add WordPad to the Allow List.

a. The NYC-DC-01-2 machine has been prelogged in as Administrator with the

password ofP@ssw0rd.

b. In the Post-Reboot Configuration Wizard dialog box, clickClose.

c. On the Start menu, navigate to All Programs/Administrative Tools/Terminal

Services/TS RemoteApp Manager.

d. In RemoteApp, in the Action menu, clickAddRemoteApps.

e. In the RemoteApp Wizard, clickNext.

f. In the Choose RemoteApp to add to the allow list, clickBrowse.

g. In the Choose a program dialog box, in File name type

C:\Public\OnTheServer.exe, and then clickOpen.

h. In the RemoteApp Wizard, in the Choose programs to add to the RemoteAppslist page, clickNext.

i. In the RemoteApp Wizard, in the Review Settings page, clickFinish.j. In the RemoteApp console, in the Contents pane, select OnTheServer.exe.

k. In the RemoteApp console, in the Actions pane, clickProperties.

l. In the RemoteApp Demo Properties, in the RemoteApp name text box, change

OnTheServer.exe to Demo Application and clickOK.

m.In RemoteApp, in the Action pane, clickAddRemoteApps.

n. In the RemoteApp Wizard, clickNext.

o. In the Choose programs to add to the RemoteApps list, check the box next to

WordPad and then clickNext.

p. In the RemoteApp Wizard, in the Review Settings page, clickFinish.

3. Create a RDP file

that publishes aconnection to an

application

Note:In this task you will create a RDP file that can then be distributed to clients

either via e-email or USB Flash Disk (UFD). This will then enable users to connectremotely to the remote program that was added to the allow list. Any settings that

have been added to the application in the allow list will also be added to the RDP file.

a. In TS RemoteApp Manager, select Demo Application in the Contents pane,

b. In TS RemoteApp Manager, in the Actions pane, clickCreate .rdp File.

c. In the RemoteApp Wizard, clickNext.

d. In the RemoteApp Wizard, in the Specify Packages Settings page, modify thelocation for saving the package to C:\Public\


13/17


Page 11 of 15


e. In the RemoteApp Wizard, in the Specify Packages Settings page, in TSGateway Settings, clickChange.

f. In the Configure TS Gateway Settings dialog box, select Use these TS GatewayServer settings: and enter the following settings and then clickOK.

Setting ValueServer name: NYC-DC-01.Woodgrovebank.com

Logon method: Ask for password (NTLM)

Use the same usercredentials for TS Gatewayand TS Server

Checked

Bypass TS Gateway Serverfor local addresses

Unchecked

g. In the RemoteApp Wizard, in the Specify Packages Settings page, clickNext.

h. In the RemoteApp Wizard, in the Review Settings page, clickFinish.

Note: Windows Explorer will now appear displaying the created RDP file. The

created file is named OnTheServer.rdp

4. Create a MSI file that

installs an

application

Note:In this task you will create a MSI file that can be distributed as an installation

package. This package could be distributed for users to manually install or installed

as part of a Group Policy Object. As part of the configuration of an MSI package it is

possible to define where the remote program will appear in the Users environment

and also to associate the remote program with client file associations. An example of

using this would be to publish Microsoft Word to be intergrated into the users Start

Menu and to be opened when they click on a Word Document. This gives a seamless

integration for the users to the remote program. Any settings that have been added to

the application in the allow list will also be added to the MSI file.

a. In TS RemoteApp Manager, in the Contents pane, select WordPad

b. In the Actions pane, clickCreate Windows Installer Package.

c. In the RemoteApp Wizard, clickNext.

d. In the RemoteApp Wizard, in the SpecifyPackagesSettings page, modify the

location for saving the package to C:\Public\

e. In the RemoteApp Wizard, in the Specify Packages Settings page, in TS

Gateway Settings, clickChange.

f. In the Configure TS Gateway Settings dialog box, select Use these TS Gateway

Server settings: and enter the following settings and then clickOK. Then click

Next.

Setting Value

Server name: NYC-DC-01.Woodgrovebank.com

Logon method: Ask for password (NTLM)

Use the same user

credentials for TS

Gateway and TS

Server

Checked


14/17


Page 12 of 15


Bypass TS Gateway

Server for local

addresses

Unchecked

g. In the RemoteApp Wizard, in the Configure Distribution Package page, accept

the default settings by clicking Next.

h. In the RemoteApp Wizard, in the Review Settings page, clickFinish.Note: Windows Explorer will now appear displaying the created installation file. The

created file is named wordpad.rap.msi


task on:

NYC-CLI-01-2

5. Using RemoteApp

Access

Note:In this task, you will use the RDP file and the MSI file that you created in the

previous tasks. This will be achieved by accessing the files on the Public share on

NYC-DC-01.

Note: This task uses the following computer: NYC-CLI-01-2

Note:Log on toNYC-CLI-01-2 as Woodgrovebank\Administrator with the password

ofP@ssw0rd

a. On the Start menu, in StartSearch, type \\NYC-DC-01\Public and then press

ENTER.

b. In Windows Explorer, double clickOnTheServer.RDP.

c. In the Windows Security dialog box, enter the following values:

Setting Value

User Name: DonHall

Password: P@ssw0rd

d. CheckRemember my credentials and then clickOK.

e. In the RemoteApp dialog box, checkDont prompt me again for connections tothis computer, and then clickYes.

Note: The application now launches. When the application launches successfully it

will display on the screen as On The Server. This is the remote application running on

the server.

f. Close the On The Server remote program.

g. In Windows Explorer, double clickWordPad.rap.msi.

Note: The remote WordPad application now installs. Observe the name of the

application matches the name that was entered during the creation of the MSI file.

h. After the application has completed installation, on the Start menu, navigate to AllPrograms RemoteApp WordPad.

Note: The application now launches. When the application launches successfully it

will display on the screen as WordPad.

i. In the remote WordPad application, in the File menu, clickExit to close.


15/17


Page 13 of 15

Exercise 3Implementing Terminal Services Web Access

ScenarioTS Web Access is a feature that makes RemoteApp available to users from a Web browser. With TS Web Access, auser can visit a Web siteeither from the Internet or from an intranetto access a list of available RemoteApp

applications. When a user starts a RemoteApp applicaion, a Terminal Services session is started on the terminal

server that hosts the Remote Program.

TS Web Access includes a default Web page that you can use to deploy RemoteApp applications over the Web. The

Web page consists of a frame and a customizable Web Part, where the list of RemoteApp application is displayed.

In this exercise, you will configure the terminal server to support Terminal Services Web Access and then configure

an application to be made unavailable via the web interface.

Note: This exercise uses the following computers:NYC-DC-01-2 andNYC-CLI-02-2



task on:

NYC-DC-01-2

1. Install Terminal

Server Web Access

Role Service

Note:In this task you will modify NYC-DC-01-2 to include the Terminal Server Web

Access role. This will then extend our Terminal Server to now be able to provide

Remote Applications via a web interface.

Note: This task uses the following computer: NYC-DC-01-2

Note:Log on toNYC-DC-01-2 using the usernameAdministrator and the password

P@ssw0rd.

a. On the Start menu, navigate to All Programs/Administrative Tools/ServerManager.

b. In the Explorer pane, navigate to Roles/TerminalServices.

c. In the Contents pane, in Role Services, clickAdd Roles Services.

d. In the Select Role Services dialog box, checkTS Web Access.

e. In the Add Role Services dialog box, select Add Required Role Services.

f. In the Add Role Services dialog box, in the Select Role Services page, clickNext.

g. In the Add Role Services dialog box, in the Web Server (IIS) page, clickNext.

h. In the Add Role Services dialog box, in the Select Role Services page, clickNext.

i. In the Add Role Services dialog box, in the Confirm Installation Selections

page, clickInstall.

Note: The installation process will take approximately 5 minutes. Wait until the

installation has completed before continuing to the next task.


task on:

NYC-CLI-02-2

2. Connect to Terminal

Server Web Access

and launch

application

Note:In this task, use the Terminal Server Web Access to access to the applications

that you have previously published.

Note: This task uses the following computer: NYC-CLI-02-2a. On the Start menu, clickInternetExplorer.

b. In the address bar, enter the address http://NYC-DC-01/ts and then press

ENTER. (The TS site may not be created . If this fails, continue with next

exercise.)

c. In the Connect to nyc-dc-01 dialog box, enter the User nameWoodgrovebank\Administrator and the password P@ssw0rd.

Note: The TS Web Access page is now displayed. There is two programs displayed


16/17


Page 14 of 15


the Demo Application and the WordPad that you published in an earlier task.

d. ClickDemo Application in the TS Web Access webpage.

e. In the Trust Warning pop-up, clickYes.

f. In the RemoteApp dialog box, clickYes

g. In the Windows Security dialog box, enter the username

Woodgrovebank\donhall and the password P@ssw0rd, and then press ENTER.Note: The application now launches. When the application launches successfully it

will display on the screen as On The Server.


17/17


Page 15 of 15

Exercise 4Using Windows System Resource Manager with TerminalServices (Optional)

ScenarioWindows System Resource Manager (WSRM) is a feature of Windows Server 2008. Using WSRM, administrators

can control how CPU resources are allocated to applications, services, and processes. Managing these resources

improves system performance and reduces the chance that these applications, services, or processes will interfere

with the rest of the system. WSRM also creates a more consistent and predictable experience for users. In the

terminal services environment it is even more important as it ensures a consistent experience for all users of the

server.

In this exercise, you will add Windows System Resource Manager to NYC-DC-01-2 and then configure a resource

allocation policy.

Note: This exercise uses the following computer:NYC-DC-01-2



task on:

NYC-DC-01-2

1. Implement a

Windows System

Resource Manager

Policy

Note:In this task, you will implement a Windows System Resource Manager Policy

that will ensure that all sessions will share equal processor time. This will ensure that

the access to the terminal server by all users is not affected by a single user running

an application that may attempt to take more server resources.

Note:Log on toNYC-DC-01-2 using the usernameAdministrator and the password

P@ssw0rd.

a. On the Start menu, navigate to All Programs\Administrative Tools and then

clickServices.

b. In the Contents pane, double clickWindows System Resource Manager.

c. In the Windows System Resource Manager Properties (Local Computer) dialogbox, in Startup type, select Manual, clickApply, and then clickStart.

d. ClickOK to close the Windows System Resource Manager (Local Computer)dialog box.

e. In the Start menu, navigate to All Programs\Administrative Tools\WindowsSystem Resource Manager.

f. In the Connect to computer dialog box, select Connect.

g. In Windows System Resource Manager, expand Resources Allocation Policies.

h. In the Contents pane, select Equal_Per_Session {Manage}

i. In the Action pane, select Set as Managing Policy.

j. In the Warning dialog box, clickOK.

k. In Windows System Resource Manager, in the Explorer pane, select ResourceMonitor.

Note:In the Resource Monitor, there is a counter that has been added, System

Managed CPU% with an instance of Equal_Per_Session. This is the display of WSRM

monitoring that all sessions are obtaining equal access to the CPU.

Documents

Windows Server 2008 Centralized Application Access