April 6th, 2010, 04:30 PM #1
Server 2008 with Terminal Service - Active Directory?
Setting up a Server 2008 (virtual) machine.....going to deploy terminal services....do I want Active Directory on this server as well - if not - how do I add users to the RDP group?
April 6th, 2010, 04:40 PM #2going to deploy terminal servicesImagine a world where dogs took bad owners to the pound...
April 6th, 2010, 04:48 PM #3
Actually, already deployed it with 6 CAL's - user based........
April 6th, 2010, 05:56 PM #4
I haven't had much of a play with W2k8, but if it is anything like 2k3 (which I'm sure it is, after all AD is AD...) then you don't need to install AD on the server - as long as you've got it installed on a server in your network...
By all means, you may find that it works better for your setup to have AD installed, but [personally] I wouldn't like to have users able to log into a DC, even if it is only through TS........ YMMV..
April 6th, 2010, 07:25 PM #5
This is new to me......When I went to add Active Directory after adding Terminal Services, Server 2008 gave a warning, saying they do not recommend adding AD with TS installed......and I don't know because I don't have the experience.......I just didn't know how to authorize the users to connect through terminal services......I think I am at the point is this deployment where I have to create a certificate on the 2008 server......
April 7th, 2010, 02:03 AM #6
I would remove the AD role from that server (presuming you have a separate DC, which would have AD anyway) and try to install TS again. I have done it before, with a (single server) SBS server, at home, but I did have to do a fair amount of 'fiddling' to get it to work properly... and, yes, I did have to wipe it later as it was FUBARed from users clicking the wrong things and - if it wasn't for the fact that I'd removed the "Shutdown" option from the start menu......... (Sorry if the [Enter] didn't work when this gets posted) I think that one thing you may need to do is to create a group in AD that includes all the users who you want to have TS access, then include that group in the TS's "Remote Desktop Users" group.... Let us know how you get on...
April 7th, 2010, 06:52 AM #7
I haven't installed AD yet......we have one SBS 2003 that is a DC and users have been using that server exclusively - primarily for Peachtree. We are planning to use this one exclusively for Peachtree w/terminal services.....this 2008 is a virtual server with GoDaddy...I just don't know how to allow/enable the users to connect with this server through TS. I know we will use remote desktop - but I don't know where to create the accounts that will enable them access on the server and also how this CAL user licensing works.....sorry for my confusion
April 7th, 2010, 04:41 PM #8
The simplest way would be to use the AD Users and Groups to create a group called TS_Users and then just set up the RDP permissions to that group, rather than manually configure it on a user-by-user basis... The only other thing I can think of off the top of my head right now would be to think about whether users are only going to access it internally or if they're going to be working from outside of the office too...so you can determine whether you need to configure the firewall to forward the relevant post (default is :3389) to that VM or not...
April 7th, 2010, 04:45 PM #9
There's the rub for me...this is a virtual server, hosted on Godaddy......I think it is Arizona somewhere......so - that is why I thought I would need to deploy AD on this virtual box - to add the users...........
April 7th, 2010, 04:59 PM #10
OIC... I had the impression that it was a VirtualMachine within your LAN... I've never done anything with a TS that wasn't on the LAN, but I would imagine that it should be fine if you set up some form of VPN connection, which would enable you to utilise AD on your SBS and not have to faff about with setting that up on the VM - especially as otherwise you could wind up with issues like passwords not being the same and/or not being able to communicate with a DC to authenticate users...
April 7th, 2010, 05:06 PM #11
Ya - I'm in uncharted waters here I figured I'd just RDP into the remote server....but not sure how to set up the authentications on the remote server.....plus, I've never worked with a remote virtual server or deployment of terminal services......
April 7th, 2010, 05:13 PM #12
As I mentioned, I really wouldn't go with putting AD onto the server - especially after getting the warning about having AD and TS together...
I would make it a [normal] member server (of your domain) through a VPN connection, then configure it to use the AD of your SBS box in the office.
If your users are only going to access this VM from within the LAN, then you can just leave the connection to use the VPN link, if they're going to be remoting in from elsewhere then you're going to want to set up some form of DNS name and configure whatever firewall device to allow the connections through on the relevant port - just remember that you can only use one port, so if you change the listening port away from the standard, everyone has to use that port...unlike what someone I used to work with thought; they thought it just changed the TS port, not the one we used to access the server remotely... dumbo blocked our access off
September 25th, 2012, 06:34 PM #13
- Join Date
- Sep 2012
September 26th, 2012, 02:39 AM #14
It's still early here, but I'm struggling to see a reason for installing Terminal Services on a server if you *aren't* going to 'remote in' to it...
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By gyoung in forum Applications and Operating SystemsReplies: 4Last Post: December 6th, 2005, 08:50 AM
By sensi in forum Applications and Operating SystemsReplies: 2Last Post: May 4th, 2005, 11:11 PM
By ZX48K in forum Applications and Operating SystemsReplies: 1Last Post: December 16th, 2003, 04:37 PM
By Paluccie in forum Networking and InternetReplies: 11Last Post: March 14th, 2003, 02:44 AM
By mortus in forum General Tech DiscussionReplies: 14Last Post: April 19th, 2002, 06:06 PM