Managing Remote Desktop Services Configurations and Access

The provided documentation details aspects of configuring and managing Remote Desktop Services (RDS) environments within Windows Server. Key areas covered include enabling multiple concurrent Remote Desktop Protocol (RDP) sessions, licensing requirements, troubleshooting performance issues, managing user access and permissions, and resolving connection problems. The information is relevant to system administrators and IT professionals responsible for maintaining RDS deployments.

Enabling Multiple Concurrent RDP Sessions

Windows Server configurations, by default, may limit Remote Desktop Services users to a single concurrent session. To allow multiple users to connect simultaneously, specific configurations must be implemented. The documentation outlines two primary methods for enabling this functionality.

First, the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting within the Group Policy Editor must be disabled. This is located at Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections. Disabling this setting allows multiple sessions per user.

Second, the Remote Desktop Services Session Host role must be installed on the server. Installation of this role immediately enables the hosting of multiple RDP sessions. However, the documentation emphasizes that this setup is initially unlicensed and operates under a 120-day grace period. After this period, the service will cease to function without proper licensing.

Remote Desktop Services Licensing

To maintain functionality beyond the grace period, RDS deployments require appropriate licensing. This is achieved through the installation of the Remote Desktop Services Licensing role, which includes the Remote Desktop Licensing Manager. This manager facilitates the registration of Client Access Licenses (CALs) and ensures the server is properly licensed for the number of concurrent users. Activation of CALs requires a valid product key, Online Licensing Program (OLP) license, or other applicable licensing information. The documentation notes that CALs can be purchased from the Microsoft store or authorized third-party resellers.

Addressing Performance Issues with RDS Applications

Users may experience performance discrepancies when running applications via RDS compared to running them directly on the server. One reported issue involves applications executing with reduced CPU usage and taking twice as long to complete tasks when accessed through RDS. This issue does not appear to affect applications published through alternative solutions like TSPlus. The documentation does not provide a definitive solution to this performance disparity.

Resolving RDP Connection Freezes and UDP Issues

Intermittent freezing during Remote Desktop connections can be addressed through several potential solutions. One approach involves disabling UDP on the client machine via the Local Group Policy Editor. This is achieved by navigating to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client and enabling the “Turn Off UDP On Client” setting.

Alternatively, the server can be configured to use only TCP for RDP transport. This is also managed through the Local Group Policy Editor, specifically under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections, by enabling the “Select RDP transport protocols” setting and ensuring only TCP is selected. The documentation notes that a registry edit can also achieve this, but recommends the Group Policy method for greater stability.

Managing User Access and Permissions for Shadowing Sessions

Administrators may need to grant technicians the ability to remotely shadow user sessions for troubleshooting purposes without granting full administrative privileges. The documentation outlines methods for achieving this on Windows Server 2022.

Permissions can be configured on a per-connection basis through the Remote Desktop Session Host Configuration. This involves accessing the properties of a specific connection under the Connections section and adjusting permissions on the Security tab.

Alternatively, permissions can be applied to the entire host using the wmic command-line tool or PowerShell. The AddAccount method allows adding users or groups to the terminal-services permissions settings. Three permission levels are available: 0 (logon permission), 1 (view-only shadow permission – Logon, Query Information, Send Message, and Connect permissions), and 2 (full control). PowerShell commands are provided for implementing this approach. For example:

powershell $group = 'DOMAIN\groupname' Get-CimInstance -Namespace root\CIMV2\TerminalServices -ClassName Win32_TSPermissionsSetting -Filter 'TerminalName ="RDP-Tcp"' | Invoke-CimMethod -MethodName AddAccount -Arguments @($group,2)

Troubleshooting RDS Session Collection Configuration

The documentation references an issue encountered when attempting to use the Set-RDSessionCollectionConfiguration PowerShell command. The command failed with an error message indicating that the Remote Desktop Services deployment was not found, despite being visible in Server Manager when logged in as an administrator. The resolution involved ensuring the command was executed with appropriate administrative privileges.

Conclusion

The provided documentation offers guidance on several key aspects of managing RDS environments. These include enabling multiple concurrent sessions, ensuring proper licensing, troubleshooting performance and connectivity issues, and managing user access for remote support. Correct configuration of these elements is crucial for maintaining a stable and functional RDS deployment. The documentation highlights the importance of licensing to avoid service interruption and provides methods for granular control over user permissions.