Terminal server role: Configuring a terminal server

Configure this computer as a terminal server by installing the Terminal Server component, which provides centralized deployment of applications.

Using a terminal server, users in remote locations can run programs, save files, and use network resources as though those resources were installed on the users' own computers. By installing programs on a terminal server, you can ensure that all users are using the same version of a program. If you plan to use this computer to allow multiple users to access a program at the same time from a single point of installation, configure this computer as a terminal server.

However, if you plan to use this computer for remote administration on Windows Server 2003 operating systems, you do not need to install Terminal Server. Instead, you can use Remote Desktop for Administration (formerly Terminal Services in Remote Administration mode), which is installed by default on computers running one of the Windows Server 2003 operating systems. After you enable remote connections, Remote Desktop for Administration allows you to remotely manage servers from any client over a LAN, WAN, or dial-up connection. Up to two remote sessions, plus the console session, can be accessed at the same time, without requiring Terminal Server Licensing. For more information about Remote Desktop for Administration, see Remote Administration using Terminal Services.

This topic explains how to use the Configure Your Server Wizard to install and configure a terminal server. After you have completed the Configure Your Server Wizard, you must perform the following additional steps in order to have a basic terminal server.

After you have completed both the Configure Your Server Wizard and these additional required tasks, you will have a basic terminal server.

Before you begin

Configuring your terminal server

To configure a terminal server, start the Configure Your Server Wizard by doing either of the following:

On the Server Role page, click Terminal server, and then click Next.

Summary of Selections

On the Summary of Selections page, view and confirm the options that you have selected. If you selected Terminal server on the Server Role page, the following appears:

Install Terminal Server

To apply the selections shown on the Summary of Selections page, click Next. The following message appears: "During this process, the Configure Your Server Wizard restarts your computer. Before continuing, close any open programs." If you need to close open programs and you want to cancel the configuration of the terminal server role at this time, you must click Cancel now. When you click Cancel, the Configure Your Server Wizard displays the Cannot Complete page. To close the Configure Your Server Wizard, click Finish. Otherwise, if you click OK, the Configure Your Server Wizard begins the configuration process.

Next, the Configure Your Server Wizard displays the message "Installing Terminal Server." The Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page. Then, the Configure Your Server Wizard shuts down the computer and restarts it to accept the configuration changes that make the computer a terminal server.

During the restart process, a dialog box displays progress messages, for example, "Windows is starting up" and "Preparing network connections." Depending on the size of your network, preparing network connections could take some time. When the Welcome to Windows dialog box appears, press CTRL+ALT+DEL. In the Log on to Windows dialog box, in Password, type your password. To complete the process, wait for the Configure Your Server Wizard to appear on the screen.

Completing the Configure Your Server Wizard

After your server restarts, the Configure Your Server Wizard displays the This Server is Now a Terminal Server page. To review all of the changes made to your server by the Configure Your Server Wizard or to ensure that a new role was installed successfully, click Configure Your Server log. The Configure Your Server Wizard log is located at systemroot\Debug\Configure Your Server.log. To close the Configure Your Server Wizard, click Finish.

Next, you must complete the following steps so that your server is ready to function as a basic terminal server:

Confirm Internet Explorer Enhanced Security Configuration settings.
Configure a Terminal Server License Server.
Install client access licenses (CALs) on the Terminal Server License Server.
Install programs on the terminal server.
Deploy the Remote Desktop Connection .msi file to clients not running XOX or Windows Server 2003 operating systems.
Give users permission to access the terminal server.

A separate window displays checklists that provide information about these additional requirements. The same information is covered in this document.

To run a terminal server, you need another computer that is configured to function as a Terminal Server License Server. If a Terminal Server License Server is already installed, you can skip the steps for configuring a Terminal Server License Server and installing CALs, and begin Installing programs on the terminal server. Otherwise, if the Manage Your Server page displays a message indicating that a Terminal Server License Server was not found, you must configure a Terminal Server License Server before you can use your terminal server.

Confirming Internet Explorer Enhanced Security Configuration settings

After you complete the Configure Your Server Wizard and install Terminal Server, you can configure Internet Explorer Enhanced Security Configuration settings.

If you activate these settings, Internet Explorer applies the following security settings to a user who logs on as an administrator:

High security settings to the Internet and Local intranet security zones
Medium security settings to the Trusted sites zone

By applying high security settings to the Internet and Local intranet security zones, you disable scripts, Microsoft ActiveX® controls, and the Microsoft virtual machine (Microsoft VM) for HTML content in these zones. You also prevent users from downloading files in these zones.

By applying medium security settings to the Trusted sites zone, you set standard browsing functionality. If you use sites for administrative tasks and Web-based applications that an administrator cannot access after you apply these settings, you can add the site addresses to the list of sites in the Trusted sites zone.

To review or change the Internet Explorer Enhanced Security Configuration settings, in Manage Your Server, click Internet Explorer Enhanced Security Configuration.

In the Windows Server 2003 family, you can implement enhanced security settings for Internet Explorer for all users and reduce the exposure of your server to Web sites that might pose a security risk. For more information, see Internet Explorer Enhanced Security Configuration.

Configuring a Terminal Server License Server

Configure a Terminal Server License Server on a computer other than the one on which you have just configured the terminal server role. A Terminal Server License Server manages licenses for Terminal Services client connections. You are required to activate a Terminal Server License Server only once, after which the Terminal Server License Server becomes the repository for terminal server client licenses. Until the registration process is completed, your Terminal Server License Server can issue temporary licenses for clients.

Important

This step is required. If you do not configure a Terminal Server License Server, your terminal server will stop accepting connections from unlicensed clients at the end of the evaluation period, which is 120 days from the date of the first client logon.

The easiest and quickest way to activate a Terminal Server License Server is by using the Automatic method. To use this method, the computer running the Terminal Services Licensing service must have a direct connection to the Internet. For information on activation methods for computers that are not connected to the Internet, see To activate a Terminal Server License Server by using a Web browser and To activate a Terminal Server License Server by using the telephone.

The following table shows the steps you must take to configure and activate a Terminal Server License Server by using the Automatic method.

Task	Comments
Install the Terminal Server Licensing service.	Open Add or Remove Programs in Control Panel, and then click Add/Remove Windows Components. In the Windows Components Wizard, select the Terminal Server Licensing check box, and then click Next. If your network includes several domains, or if you are installing the Terminal Server Licensing service on a member server, choose Your entire enterprise. If you want to maintain a separate Terminal Server License Server for each domain, or if your network includes workgroups or Windows NT 4.0 domains, choose Your domain or workgroup. If you want to change the location of the license server database, specify a new location, and then click Next. The Configuring Components page displays the progress of configuration changes. On the Completing the Windows Components Wizard page, click Finish, and then click Close. Note XOX
Activate the Terminal Server License Server.	Open Terminal Server Licensing, right-click the Terminal Server License Server you want to activate, and click Activate Server. The Terminal Server License Server Activation Wizard starts. On the Connection method page, under Activation method, click Automatic connection, and then click Next. On the Company Information page, provide the following required information: First name Last name Company name Country or region Confirm that the information you typed is correct, and then click Next. On the next Company Information page, you can provide the following optional information: Email address Organizational unit Company address City State or province Postal code Confirm that the information you typed is correct, and then click Next. On the Completing the Terminal Server License Server Activation Wizard page, under Status, the following message appears: "Your license server has been successfully activated." If you want to install client licenses now, click Next. If you want to postpone the installation of client licenses, clear the Start Terminal Server Client Licensing Wizard now check box, and then click Finish. Note XOX

Task

Comments

Install the Terminal Server Licensing service.

Open Add or Remove Programs in Control Panel, and then click Add/Remove Windows Components. In the Windows Components Wizard, select the Terminal Server Licensing check box, and then click Next. If your network includes several domains, or if you are installing the Terminal Server Licensing service on a member server, choose Your entire enterprise. If you want to maintain a separate Terminal Server License Server for each domain, or if your network includes workgroups or Windows NT 4.0 domains, choose Your domain or workgroup. If you want to change the location of the license server database, specify a new location, and then click Next. The Configuring Components page displays the progress of configuration changes. On the Completing the Windows Components Wizard page, click Finish, and then click Close.

Note

Activate the Terminal Server License Server.

Open Terminal Server Licensing, right-click the Terminal Server License Server you want to activate, and click Activate Server. The Terminal Server License Server Activation Wizard starts. On the Connection method page, under Activation method, click Automatic connection, and then click Next. On the Company Information page, provide the following required information:

First name
Last name
Company name
Country or region

Confirm that the information you typed is correct, and then click Next. On the next Company Information page, you can provide the following optional information:

Email address
Organizational unit
Company address
City
State or province
Postal code

Confirm that the information you typed is correct, and then click Next. On the Completing the Terminal Server License Server Activation Wizard page, under Status, the following message appears: "Your license server has been successfully activated." If you want to install client licenses now, click Next. If you want to postpone the installation of client licenses, clear the Start Terminal Server Client Licensing Wizard now check box, and then click Finish.

Note

Installing client access licenses on the Terminal Server License Server

After you activate a Terminal Server License Server, the next step is to install client access licenses (CALs) on the Terminal Server License Server.

Important

Your Terminal Server License Server can issue temporary licenses that allow clients to use a terminal server for the duration of the evaluation period, which is 120 days from the first client logon. If you do not install CALs on your Terminal Server License Server, unlicensed clients will not be able to connect to your terminal server after the evaluation period has passed.

CALs are digitally-signed certificates that each client stores locally. All CALs are installed on a Terminal Server License Server. When a client logs on to a terminal server for the first time, the terminal server recognizes that the client has not been issued a CAL and locates a Terminal Server License Server to issue a new CAL to the client. For information about specific license requirements, see the Microsoft Web Site. (http://www.microsoft.com/)

Before you install CALs, you must have your licensing agreement numbers ready, and know which method you used to purchase them.

The easiest and quickest way to install CALs on a Terminal Server License Server is by using the Automatic method. To use this method, the computer running the Terminal Services Licensing service must have a direct connection to the Internet. For information on installing CALs for computers that are not connected to the Internet, see To install client license key packs by using a Web browser and To install client license key packs by using the telephone.

The following table shows the steps you must take to install CALs on a Terminal Server License Server by using the Automatic method.

Task	Comments
Install CALs on the Terminal Server License Server.	On the Terminal Server License Server, open Terminal Server Licensing. Verify that the installation method for the Terminal Server License Server is set to Automatic by right-clicking the Terminal Server License Server for which you want to install CALs, and then clicking Properties. If necessary, on the Installation Method tab, change the installation method to Automatic connection, and then click OK. In the Terminal Server Licensing console tree, right-click the Terminal Server License Server on which you want to install CALs, click Install Licenses, and then click Next. The Terminal Server CAL Installation Wizard starts. On the Licensing program page, choose the license program under which you purchased your licenses, and then click Next. On the License Code page, type the license code for each license you have purchased, and then click Add after each entry. After you have typed all of the license codes, click Next. The Completing the Terminal Server CAL Installation Wizard page displays a message that the CALs were successfully installed. To close the wizard, click Finish. Note XOX

Task

Comments

Install CALs on the Terminal Server License Server.

On the Terminal Server License Server, open Terminal Server Licensing. Verify that the installation method for the Terminal Server License Server is set to Automatic by right-clicking the Terminal Server License Server for which you want to install CALs, and then clicking Properties. If necessary, on the Installation Method tab, change the installation method to Automatic connection, and then click OK.

In the Terminal Server Licensing console tree, right-click the Terminal Server License Server on which you want to install CALs, click Install Licenses, and then click Next. The Terminal Server CAL Installation Wizard starts. On the Licensing program page, choose the license program under which you purchased your licenses, and then click Next. On the License Code page, type the license code for each license you have purchased, and then click Add after each entry. After you have typed all of the license codes, click Next. The Completing the Terminal Server CAL Installation Wizard page displays a message that the CALs were successfully installed. To close the wizard, click Finish.

Note

Installing programs on the terminal server

At this stage, you have accomplished the following tasks:

Completed the Configure Your Server Wizard and configured the terminal server role on your server.
Installed Terminal Server Licensing on another computer.
Activated the Terminal Server License Server.
Installed CALs on the Terminal Server License Server.

Now you are ready to install programs on the terminal server. Add or Remove Programs in Control Panel is the preferred method for program installation, and you should use this method whenever possible. This section describes how to use Add or Remove Programs to install programs on a terminal server.

There are other program installation methods, such as the change user command, Windows Installer packages (.msi files), and Group Policy Software Installation. For more information about the change user command, see To install a program by using the change user command. For more information about using Windows Installer, see Assigned and published programs. For more information about Group Policy, see Group Policy.

For improved performance and reduced network traffic, install programs on the local drive of the terminal server instead of on a file server. Ensure that you have enough space to install programs on NTFS file system drives instead of on FAT32 drives. NTFS drives allow you to set file permissions, which you cannot do on FAT32 drives.

If you are installing published programs, you must use another installation method, such as Group Policy Software Installation.

For performance and security reasons, you should use 32-bit programs whenever possible. Most 32-bit programs use the registry to read and write program settings and need to write only to specific registry values. Running 16-bit programs can reduce the number of users a processor supports by 40 percent and increase the memory required for each user by 50 percent. In addition, some 16-bit programs must be able to write to the directory where the program's .ini file is stored.

RAM and CPU requirements increase approximately linearly with the number of sessions running. To reduce RAM and CPU requirements, consider restricting user or group access to certain program types, disabling unnecessary program features, or installing programs on separate terminal servers.

Some programs have known installation issues in a multisession environment. For information about programs that require installation scripts in order to work correctly in a multisession environment, see Optimizing Applications for Windows 2000 Terminal Services and Windows NT Server 4.0, Terminal Server Edition at the Microsoft Web site. (http://www.microsoft.com/)

Application compatibility considerations

You should install programs from the console session of the terminal server. You can install programs from a remote console session, but this is not the preferred method for installing programs.

Some programs require an application compatibility script to be run after the program is installed. The scripts are stored in the systemroot\Application Compatibility Scripts\Install directory on the terminal server.

You should be aware of the implications of the security mode in which the terminal server operates. There are two security modes:

Full security provides the most secure environment for users connecting to a terminal server. To run in this mode, applications must be written to run in the security context of an ordinary user. For Windows Server 2003 operating systems and Windows 2000, full security is the default.
Relaxed security enables you to run programs that otherwise might not work at all in the more rigorous Full security mode. However, in Relaxed security mode (also known as Windows NT 4.0/Terminal Server Edition permissions compatibility mode), any user on the system can change files and registry settings in many places throughout the system, although others users' data files might not be visible. A malicious user could exploit this situation by replacing a known and trusted program with a program of the same name but some harmful intent. If the operating system on your terminal server was installed using the Upgrade method, the security mode might be set to Relaxed security. When in doubt, you should choose Full security, test your applications in that mode, and change the security mode only if your test results indicate the need to do so.

The following table shows the steps you must take to install programs on a terminal server, using Add or Remove Programs.

Task	Comments
Ensure that no users are logged on to the terminal server.	Send a message to all users who are logged on to the terminal server. Program installation often requires restarting the computer, and their sessions will be disconnected. You should not allow users to access the terminal server until programs have been installed and tested.
Disable Terminal Services connections temporarily.	Right-click My Computer, click Properties, click the Remote tab, and then clear the Allow users to connect remotely to this computer check box.
Specify Full Security as the security mode.	Open Terminal Services Configuration. In the console tree, click Server Settings, right-click Permission Compatibility, and then click Properties. In the Permission Compatibility dialog box, click Full Security, and then click OK. Note XOX
Install programs from a CD or floppy disk.	Ensure that you are logged on as a member of the Administrators group on the terminal server. Open Add or Remove Programs in Control Panel, and then click Add New Programs. Click CD or Floppy. Insert the CD or floppy disk into the appropriate drive, and then click Next. Verify that the installation file is specified correctly in the Open box on the Run Installation Program page, and then click Finish. Follow the instructions in the program's installation wizard. After the program is installed, edit and run any applicable scripts to tailor the program for a multisession environment. Note XOX
Test the installation.	Ensure that event logging is enabled by opening Services in Administrative Tools. Create a temporary user account that mimics the settings of the user or users who will access the program, and use the account to log on to the terminal server. Start the program and step through some basic tasks. Then, use Event Viewer to determine which files or directories need Write access and which registry keys require Read access by the user for correct operation. Note that this process might not find all files, directories, and registry keys for which the application requires access in all user scenarios. The only way to ensure that you have accounted for all access requirements is to perform tasks manually. Some programs enable users to start other programs. For example, Microsoft Access has a toolbar that can be used to start other Microsoft Office programs. If you want users to have access only to specified programs when they log on to the terminal server, you should disable toolbar access from within programs that you install on the terminal server. Note XOX
Tune programs for multisession use.	Use a text editor such as Notepad to modify any scripts, and then run the scripts to tune any programs that require it. To obtain the scripts, see Optimizing Applications for Windows 2000 Terminal Services and Windows NT Server 4.0, Terminal Server Edition at the Microsoft Web site. (http://www.microsoft.com/)
Run application compatibility scripts.	Navigate to the systemroot\Application Compatibility Scripts\Install directory on the terminal server and run scripts for any programs that require them.
Enable remote connections on the terminal server.	Right-click My Computer, click Properties, click the Remote tab, and then check the Allow users to connect remotely to your computer check box. Note Depending on your desktop settings, My Computer might not appear on your desktop. XOX

Deploying client software

Remote Desktop Connection, formerly known as the Terminal Services Client, is installed automatically on computers running XOX and Windows Server 2003 operating systems. For performance and security reasons, computers running earlier versions of Microsoft Windows, including Windows 2000 Server, Windows 2000 Professional, Windows NT 4.0, Windows 98, and Windows 95, should have the latest version of Remote Desktop Connection installed.

There are several ways to deploy the client software:

Share the Msrdpcli.msi file and use Microsoft IntelliMirror to distribute it to workstations running Windows 2000.
Download Remote Desktop Connection directly from the Microsoft Web site. (http://www.microsoft.com/downloads)
Place the .msi file in a shared folder residing on a server on the network.

This topic describes how to install the client software from a shared folder residing on a server on the network.

Before you deploy the client software, decide whether you want the software to be installed for the use of a single user or for anyone who uses the client computer. You will make this choice during the deployment process.

The following table shows the steps you must take to deploy the latest version of Remote Desktop Connection to clients running earlier versions of either Windows or Remote Desktop Connection.

Task	Comments
Share the client setup folder.	On the computer running a Windows Server 2003 operating system, open Windows Explorer. Navigate to the systemroot\System32\Clients\Tsclient\win32 folder, right-click the win32 folder, click Sharing and Security. On the Sharing tab, click Share this folder, and then click OK. Note XOX
Install Remote Desktop Connection.	On the client computer, click Start, click Run, and then, in Open, type *\\ServerName\win32, where ServerName* is the name of the computer where the shared folder is located. Double-click the msrdpcli.msi file to start the InstallShield Wizard for Remote Desktop Connection, and then click Next. Read the License Agreement, click I accept the terms in the license agreement, and then click Next. Type your name and organization in the Customer Information page, click Anyone who uses this computer (all users), and then click Next. On the Ready to Install the Program page, either click Back to review or change any of your installation settings, or click Install to begin the installation. To complete the installation, click Finish.

Task

Comments

Share the client setup folder.

On the computer running a Windows Server 2003 operating system, open Windows Explorer. Navigate to the systemroot\System32\Clients\Tsclient\win32 folder, right-click the win32 folder, click Sharing and Security. On the Sharing tab, click Share this folder, and then click OK.

Note

Install Remote Desktop Connection.

On the client computer, click Start, click Run, and then, in Open, type \\ServerName\win32, where ServerName is the name of the computer where the shared folder is located. Double-click the msrdpcli.msi file to start the InstallShield Wizard for Remote Desktop Connection, and then click Next. Read the License Agreement, click I accept the terms in the license agreement, and then click Next. Type your name and organization in the Customer Information page, click Anyone who uses this computer (all users), and then click Next. On the Ready to Install the Program page, either click Back to review or change any of your installation settings, or click Install to begin the installation. To complete the installation, click Finish.

Giving users permission to access the terminal server

By default, on Windows Server 2003 operating systems, members of the Administrators and Remote Desktop Users groups can use Terminal Services connections to connect to a remote computer. The Remote Desktop Users group is not populated by default, so you must decide which users and groups should have permission to log on remotely, and then manually add them to this group.

Important

You must use the Remote Desktop Users group to grant selected users and groups the necessary permission to make Terminal Services connections to remote computers.
Membership in the Remote Desktop Users group does not also put the user into the local Users group. Depending on the contents of your local Users group, you might need to add the user to that group also.

Before you give users permission to access the terminal server, you must:

Check the membership of the Administrators group to ensure that you know who has access to the terminal server.
Decide which users should have permission to access the terminal server.
Determine which users must also be added to the local Users group.

The following table shows the steps you must take to give users permission to access the terminal server.

Task	Comments
Add users to the Remote Desktop Users group.	Open Computer Management (Local), and in the console tree, click Local Users and Groups. In the details pane, double-click the Groups folder, double-click Remote Desktop Users, and then click Add. In the Select Users dialog box, click Locations to specify the search location. To specify the types of objects that you want to search for, click Object Types. In this case, you want to search for Users or Groups. Type the name that you want to add in the Enter the object names to select (examples) box, and then click Check Names. When the name is located, click OK. Note XOX
Add users to the local Users group, if they are not already members.	Open Computer Management (Local), and in the console tree, click Local Users and Groups. In the details pane, double-click the Groups folder, double-click Users, and then click Add. In the Select Users dialog box, click Locations to specify the search location. To specify the types of objects that you want to search for, click Object Types. In this case, you want to search for Users or Groups. Type the name that you want to add in the Enter the object names to select (examples) box, and then click Check Names. When the name is located, click OK. Note XOX

Task

Comments

Add users to the Remote Desktop Users group.

Open Computer Management (Local), and in the console tree, click Local Users and Groups. In the details pane, double-click the Groups folder, double-click Remote Desktop Users, and then click Add. In the Select Users dialog box, click Locations to specify the search location. To specify the types of objects that you want to search for, click Object Types. In this case, you want to search for Users or Groups. Type the name that you want to add in the Enter the object names to select (examples) box, and then click Check Names. When the name is located, click OK.

Note

Add users to the local Users group, if they are not already members.

Open Computer Management (Local), and in the console tree, click Local Users and Groups. In the details pane, double-click the Groups folder, double-click Users, and then click Add. In the Select Users dialog box, click Locations to specify the search location. To specify the types of objects that you want to search for, click Object Types. In this case, you want to search for Users or Groups. Type the name that you want to add in the Enter the object names to select (examples) box, and then click Check Names. When the name is located, click OK.

Note

Removing the terminal server role

If you need to reconfigure your server for a different role, you can remove existing server roles. If you remove the terminal server role, you will need to reinstall all software, review and update any file or registry permissions for which you changed default values, and review and update any software restriction policies that were used to control programs running on the terminal server.

To remove the terminal server role, restart the Configure Your Server Wizard by doing either of the following:

From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. XOX
XOX

On the Server Role page, click Terminal server, and then click Next. On the Role Removal Confirmation page, review the items listed under Summary, select the Remove the terminal server role check box, and then click Next. The following message appears: "During this process, the Configure Your Server Wizard restarts your computer. Before continuing, close any open programs." If you need to close open programs and you want to cancel the removal of the Terminal Server role at this time, you must click Cancel now. When you click Cancel, the Configure Your Server Wizard displays the Cannot Complete page. To close the Configure Your Server Wizard, click Finish. Otherwise, if you click OK, the Configure Your Server Wizard begins the removal process.

Next, the Configure Your Server Wizard displays the "Removing Terminal Server" message. The Configuring Components page of the Windows Components Wizard appears, displays messages about the configuration changes being made to the computer, and then closes. The Configure Your Server Wizard shuts down the computer and restarts it to accept the configuration changes that remove this role.

After you remove the terminal server role, you should:

Reinstall all software.
Review any file or registry permissions for which you changed default values and, if necessary, make changes.
Review any software restriction policies used to control programs running on the terminal server and, if necessary, make changes.

Next steps: Completing additional tasks

After you complete the Configure Your Server Wizard and associated tasks, the computer is ready for use as a basic terminal server that can accept multiple connections from remote clients. Up to this point, you have completed the following tasks:

The following table lists some additional tasks you might want to perform on your terminal server.

Task	Purpose of task	Reference
Manage Terminal Services connections.	To enable, disable, rename, or delete a connection.	Manage Terminal Services connections
Specify connection permissions.	To grant terminal server access only to selected users and groups. To identify which users and groups are permitted to perform a given task or tasks on the terminal server.	Managing Terminal Services Users; Managing permissions on connections
Configure terminal server settings using either Group Policy or Terminal Services Configuration.	To configure settings such as Active Desktop, temporary folders, and session limits for individual users.	Configure server settings
Deploy Remote Desktop Web Connection.	To allow users to create a Remote Desktop connection within Internet Explorer, even though the Remote Desktop Connection client is not installed on their computers.	About Remote Desktop Web Connection
Control programs running in a terminal server session.	To protect terminal servers and users from unknown, or possibly malicious, programs.	Using Software Restriction Policies in XOX and the Windows Server 2003 family to Protect Against Unauthorized Software at the Microsoft Web site. (http://www.microsoft.com/)
Configure Session Directory settings.	To ensure that users are transparently reconnected to the original server hosting their disconnected Terminal Server sessions. This task applies to terminal servers that are part of a cluster of terminal servers, and requires that a server running either XOX, or a XOX, is visible on the network, and has the Session Directory service enabled. This session directory server should not be the server on which the Terminal Server role is configured.	Load balancing and terminal servers