Terminal Services Configuration In Windows Server 2008 Pdf' title='Terminal Services Configuration In Windows Server 2008 Pdf' />Configuring the Windows Server 2. Terminal Services Gateway Part 1If you would like to read the next part in this article series please go to Configuring the Windows Server 2. Terminal Services Gateway Part 2Microsoft security administrators have always been a bit wary of publishing Terminal Servers to the Internet. And for good reason there was no ability to pre authenticate connections or use policy to determine which users could access which Terminal Servers. The lack of pre authentication was an especially difficult problem. Without pre authentication, anonymous users could leverage their anonymous connections to compromise the published Terminal Server. A compromised Terminal Server is perhaps the most dangerous exploit possible against your network, as the attacker has access to a full operating system to launch his attacks. Terminal Services Configuration In Windows Server 2008 Pdf' title='Terminal Services Configuration In Windows Server 2008 Pdf' />Windows Server 2. Terminal Services Gateway. Using a Terminal Services Gateway, you can pre authenticate users and control what Terminal Servers users can access based on credentials and policy. This gives you the fine grained control you need to insure that you have a secure remote access RDP solution. Remote Desktop Services. Terminal Services in Windows Server 2008 and earlier. Terminal Services topics available in the Windows Server 2008 Technical Library. Windows Terminal Services is becoming. When Terminal Services debuted with Windows. Windows Server 2008 R2 allows administrators to deploy. In this two part series on how to put together a working Terminal Services Gateway solution, we will use the lab network you see in the figure below. The arrows show the flow of communications from the external RDP client to the Terminal Server. Figure 1. Each of the servers in this scenario are running Windows Server 2. Enterprise Edition. In this example network, I am using the Windows Server 2. NAT server as my Internet gateway. You could use any other simple NAT device or packet filtering router, like a PIX, or even an advanced firewall like the Microsoft ISA Firewall. The key configuration option here is that you forward TCP port 4. Terminal Service Gateway computer. The Domain Controller has DNS, DHCP, Certificate Services in Enterprise CA mode, and WINS installed. The Terminal Server has only the base operating system installed. We will install other services during the course of this article series. The TS Gateway has only the base operating system installed. We will install other services during the course of this article series. In this article series I will describe the following processes and procedures that you need to perform to get the basic solution running Install Terminal Services and Terminal Services Licensing on the Terminal Server. Configure Terminal Services Licensing. Install Desktop Experience on the Terminal Server optional. Configure the Terminal Services Licensing Mode. Install the Terminal Services Gateway Service on the Terminal Services Gateway. Request a Certificate for the Terminal Services Gateway. Configure Terminal Services Gateway to Use the Certificate. Create a Terminal Services Gateway RAP. Create a Terminal Services Gateway CAP. Configure the RDP Client to use the Terminal Services Gateway. Install Terminal Services and Terminal Services Licensing on the Terminal Server. The first step is to install Terminal Services on the Terminal Services computer. Perform the following steps to install Terminal Services and Terminal Services Licensing On the Terminal Server computer, open the Server Manager. In the Server Manager, click on the Roles node in the left pane of the console. Click the Add. Roles link in the right pane of the console. Figure 2. Click Next on the Before You Begin page. On the Select Server Roles page, put a checkmark in the Terminal Services checkbox. Format For Drivers Salary Slip Formats. Click Next. Figure 3. Click Next on the Terminal Services page. On the Select Role Services page, put a checkmark in the Terminal Server and TS Licensing checkboxes. Click Next. Figure 4. Click Next on the Uninstall and Reinstall Application for Compatibility page. On the Specify Authentication Method for Terminal Server page, select the Require Network Level Authentication. We can select this option in our current scenario because we are using only Vista SP1 clients to connect to the Terminal Server through the TS Gateway. We would not be able to use this option if we needed to support Windows XP SP2 clients. However, you should be able to support Network Level Authentication with Windows XP SP3. However, I have not yet confirmed this, so make sure to check the release notes on Windows XP SP3 when it is released later this year. Click Next. Figure 5. On the Specify Licensing Mode page, select the Configure later option. We could select an option now, but I decided that we should select Configure later so that I can show you where in the Terminal Services console you configure the licensing mode. Click Next. Figure 6. On the Select Use Groups Allowed Access To This Terminal Server page, use the default options. You can add or remove groups if you want finer tuned access control over the Terminal Server. However, if all of your users will be going through the Terminal Services Gateway, then you can control who can connect to the Terminal Server using the TS Gateway policy settings. Leave the default settings as they are and click Next. Figure 7. On the Configure Discovery Scope for TS Licensing page, select the This domain option. We select this option in this scenario because we only have a single domain. If you have a multi domain forest, you might consider selecting the The forest option. Click Next. Figure 8. On the Confirm Installation Selections page, check the warning information indicating that you might have to reinstall applications that were already installed on this machine if you want them to work properly in a Terminal Services session environment. Also note that IE Enhanced Security Configuration will be turned off. Click Install. Figure 9. On the Installation Results page, you will see a warning that you must restart the server to complete the installation. Click Close. Figure 1. Click Yes in the Add Roles Wizard dialog box that asks if you want to restart the server. Log on as Administrator. The installation will continue for a few minutes as the Installation Progress page appears after the Server Manager comes up. Click Close on the Installation Results page after you see the Installation succeeded message. Figure 1. 1You may see a balloon telling you that Terminal Services licensing mode is not configured. You can dismiss that warning, as we will next configure Terminal Services Licensing and then configure the licensing mode on the Terminal Server. Figure 1. 2Configure Terminal Services Licensing. At the point we are ready to configure Terminal Services Licensing. In this example I will use some dummy data, which does not meet the actual requirements for licensing Terminal Services client connections, but it will provide an example of how the process works. Please do not use the same procedure that I show here to license your Terminal Services clients, because you will not be compliant with actual licensing requirements. Perform the following steps to activate your Terminal Services Licensing Server From the Administrative Tools menu, click the Terminal Services menu and then click on TS Licensing Manager. In the TS Licensing Manager console, right click the server name in the left pane of the console. Click on Activate Server. Figure 1. 3Click Next on the Welcome to the Activate Server Wizard page. On the Connection Method page, select the Automatic Connection recommended option. Click Next. Figure 1. On the Company Information page, enter your company information and click Next. Figure 1. 5Enter optional information if you like on the Company Information page.