Install Remote Desktop Session Host role service in Windows Server without Connection Broker role service
This article provides guidelines to install and configure the Remote Desktop Session Host role service on a computer that is running Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2 without the Remote Desktop Connection Broker role service installed.
Original KB number: 2833839
Summary
When you create a standard deployment of Remote Desktop Services, the Remote Desktop Connection Broker role service provides access to the complete functionality of Remote Desktop Services. A configuration that does not use the RD Connection Broker role service provides desktop sessions to users based on the number of Remote Desktop Services client access licenses (RDS CALs) that are installed on the server. Such a configuration does not provide access to RemoteApp programs or the RDWeb website. Because a configuration without the RD Connection Broker role service does not provide access to all RDS functionality, you should use such a configuration only if there is no other option.
You can use the instructions in this article to configure RDS service by using a single server (either a member of a workgroup or a domain controller (DC)). If you have a separate DC, we recommend that you use the Standard Remote Desktop Services deployment wizard.
Important
Configuring RDS on a workgroup server creates the following additional restrictions:
- You must use per-device licensing instead of per-user licensing. For more information, see License your RDS deployment with client access licenses (CALs).
- You must use Windows PowerShell to manage the RDS role services. This is because the Server Manager tools for RDS do not work. For more about using PowerShell cmdlets together with RDS, see Using Powershell to Install, Configure and Maintain RDS in Windows Server 2012.
For more information about the RDS roles, see Remote Desktop Services roles.
Process of deploying RDS service roles
The process of deploying RDS service roles on a single workgroup server or DC differs from that of deploying a standard RDS configuration on multiple computers.
Unless otherwise noted, these steps apply to both workgroup computer and DC cases.
Important
If you are using a single computer as both the RDS server and as a DC, configure the computer as a DC before you begin installing the RDS roles. For more information about how to install Active Directory Domain Services (AD DS) and configure the computer as a DC in Windows Server 2016 or Windows Server 2012, see Install Active Directory Domain Services (Level 100).
On the workgroup computer or DC, install the Remote Desktop Licensing role service and the Remote Desktop Session Host role service. To do this, follow these steps:
- Open Server Manager.
- Click Manage and select Add Roles and Features.
- Select Role-based or Feature-based installation.
- Select the computer as the destination server.
- On the Select server roles page, select Remote Desktop Services.
- On the Select role services page, select the Remote Desktop Licensing and Remote Desktop Session Host role services.
- Continue the installation. Select default values for the remaining settings.
DC step: Open Remote Desktop Licensing Manager, right-click the server, and then select Review Configuration.
Select Add to group.
Note
If you have to manage group memberships manually, the Terminal Server License Servers group is located in the Built-in container in Active Directory Users and Computers.
Restart the Remote Desktop Services service.
Use one of the following methods to activate the RDS license server:
- To activate a Windows Server 2012 RDS license server, see Test Lab Guide: Remote Desktop Licensing.
- To activate a Windows Server 2016 RDS license server, see Activate the Remote Desktop Services license server.
Install the appropriate RDS CALs.
Important
If you are using a workgroup server, you must use per-device CALs. For more information, see License your RDS deployment with client access licenses (CALs). For more information about how to install RDS CALs, see Install Remote Desktop Services Client Access Licenses.
Add the users that you want to allow to connect to the Remote Desktop Users group. To do this, use the following tools:
- To find the Remote Desktop Users group on a DC, open Active Directory Users and Computers and navigate to the Builtin container.
- To find the Remote Desktop Users group on a workgroup server, open Computer Management and then navigate to Local Users and Groups\Groups.
Change the local policy of the computer to add your remote desktop users to the Allow logon through Remote Desktop Services local policy object. To do this, follow these steps:
- Open Local Group Policy.
- Navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
- Double-click Allow log on through Remote Desktop Services, and then select Add User or Group.
- Type Remote Desktop Users (or the user names of each user account that you want to add, separated by semicolons), and then select OK two times.
Configure the Remote Desktop Session Host role service to use the local RDS license server.
Important
Before you begin this procedure, make sure that the RDS license server is activated.
To do this, follow these steps:
Open an elevated Windows PowerShell Command Prompt window.
Run the following command:
$obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
To set the licensing mode, run the following command:
$obj.ChangeMode("<value>")
Note
In this command, <value> represents the licensing mode and is either 2 (if you are using per-device licensing) or 4 (if you are using per-user licensing). If you are using a workgroup server, you must use 2.
Run the following command:
$obj.SetSpecifiedLicenseServerList("<licenseservername>")
To verify the settings, run the following command:
$obj.GetSpecifiedLicenseServerList()
You should see the RDS licensing server name in the output. After you finish this step, users can start remote desktop sessions by using any supported RDS client.
DC step: To enable printer redirection to function correctly on a DC that is acting as the RDSH host, follow these additional steps.
Open an elevated Command Prompt window.
Run the following commands:
C:\ CD \Windows\system32\Spool Cacls.exe PRINTERS /e /g users:C
Restart the computer.