Using Remote Desktop for Administration for remote server administration

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using Remote Desktop for Administration for remote server administration

Remote Desktop for Administration can greatly reduce the overhead associated with remote administration. Enabled by Terminal Services technology, Remote Desktop for Administration is specifically designed for server management. Therefore, it does not install the application-sharing and multiuser capabilities or the process scheduling of the full Terminal Server component (formerly called Terminal Services in Application Server mode). As a result, Remote Desktop for Administration can be used on an already busy server without noticeably affecting CPU performance, which makes it a convenient and efficient service for remote management.

Remote Desktop for Administration does not require you to purchase special licenses for client computers that access the server. It is not necessary to install Terminal Server Licensing when using Remote Desktop for Administration.

Administrators can also fully administer computers running Windows Server 2003 family operating systems from computers running earlier versions of Windows by installing Remote Desktop Connection.

Notes

  • Remote Desktop for Administration is disabled by default in Windows Server 2003 family operating systems. For more information, see Enable or disable Remote Desktop.

  • To connect to Remote Desktop for Administration from a remote computer, use Remote Desktop Connection. For more information, see Remote Desktop Connection.

How Remote Desktop for Administration works

You can use Remote Desktop for Administration to manage a network remotely using a configuration similar to the one shown in the following illustration.

Remote Desktop for Administration

Remote Desktop for Administration provides remote access to the server desktop by using the Terminal Services Remote Desktop Protocol (RDP) on port 3389. RDP transmits the user interface to the client session, and also transmits keyboard and mouse clicks from the client to the server. You can create up to two simultaneous remote connections. Each session you log on to is independent of other client sessions as well as the server console session. In essence, you can use Remote Desktop for Administration to log on to the server remotely as though you were logged on locally.

If you need to connect to the server console session remotely (for example, to access applications that direct only their user interface to the console), either use the Remote Desktops snap-in management tool or use Remote Desktop Connection from the command line. When you attempt to connect to the console session, whether remotely or locally, you will be notified if there is already another user connected to the console session. The notification message will be shown after your logon credentials are validated, and will include information about the user who is logged on to the console session, including user name, location of logon (local or remote), and the state of the session (in use, locked, or idle).

Important

  • Be aware of the security implications of remote logons. Users who log on remotely can perform tasks as though they were sitting at the console. For this reason, you should ensure that the server is behind a firewall. For more information, see VPN servers and firewall configuration and Security information for IPSec.

  • You should require all users who make remote connections to use a strong password. For more information, see Strong passwords.

The connection to Remote Desktop for Administration uses TCP/IP, either over an existing network connection or by remote access. A remote access server running one of the Windows Server 2003 family operating systems provides two different types of remote access connectivity:

  • Network and Dial-up Connections

  • Virtual private networking

The following illustration shows how you can connect to a computer running one of the Windows Server 2003 family operating systems from a remote location using remote access.

Connecting to a server from a TS client

For more information, see Remote Access.

Administering Windows Server 2003 family operating systems remotely

After you are connected to a computer running a Windows Server 2003 family operating system, you can use Remote Desktop for Administration to remotely administer the server and its local computers. Remote Desktop for Administration gives you access to a variety of administrative tools you can use to configure and manage computers. Through a Terminal Services session, you can access Microsoft Management Console (MMC), Active Directory, Systems Management Server, network configuration tools, and most other administrative tools.

Remote Desktop for Administration is extremely useful because it provides remote access to most configuration settings, including Control Panel, which usually cannot be configured remotely. Also, using Remote Desktop for Administration can be particularly convenient for diagnosing a problem and testing multiple solutions quickly.

You can access the servers from anywhere in the world by using a wide-area network (WAN), a virtual private network (VPN), or a dial-up connection. You can start time-consuming batch administrative jobs (for example, tape backups), disconnect, and later reconnect to the corporate network to check progress.

Server application and operating system upgrades can be completed remotely as well as tasks that are not usually possible unless you are sitting at the console, such as domain controller promotion/demotion and disk defragmentation. Server file system tasks such as copying large files and virus scanning are much more efficient when performed within a Remote Desktop for Administration session, rather than using utilities that are executed from a client computer.

Administrative tasks are quicker and more intuitive than using command line utilities, although it is still possible to open a command shell.

Note

  • For some third-party applications, pop-up messages cannot be seen from a Terminal Services session. This is because there is a different security context or desktop for the connected session that does not display the application's pop-up messages. The pop-up messages in these instances will go directly to the console. If you need to see these messages, connect to the console session using Remote Desktop Connection from the command line or the Remote Desktops MMC snap-in.

    For more information, see Connect to the console session of a server using Remote Desktop for Administration.