Changes to Remote Administration in Windows Server 2008

Changes to Remote Administration in Windows Server 2008

Rate This

This article describes the differences between Windows Server 2003 and Windows Server 2008 when you use the Remote Desktop Connection (RDC) client to remotely connect to the server for administrative purposes.

 

In Windows Server 2003, you can start the RDC client (mstsc.exe) with the /console switch to remotely connect to the physical console session on the server (also known as session 0). In Windows Server 2008, the /console switch has been deprecated. (For more information, see the “Why the /console switch is no longer needed” section of this article.) In Windows Server 2008, session 0 is a non-interactive session that is reserved for services.

 

You can use the new /admin switch to remotely connect to a Windows Server 2008-based server for administrative purposes. The /admin switch is introduced with RDC 6.1. RDC 6.1 is included with the following operating systems:

       Windows Server 2008

       Windows Vista Service Pack 1 (SP1) Beta and RC

       Windows XP Service Pack 3 (SP3) Beta and RC

 

Note   RDC 6.1 (6.0.6001) supports Remote Desktop Protocol (RDP) 6.1.

 

RDC 6.1 does not support the /console switch. However, for backward compatibility, you can use the /admin switch to connect to the physical console session on a Windows Server 2003-based server. For example, to connect from a Windows Vista SP1 RC-based client to the physical console session of a Windows Server 2003-based server, you can run the command mstsc.exe /admin.

 

If you try to use the /console switch with the RDC 6.1 client, the behavior is as follows.

 

 

Scenario

Behavior

You type mstsc.exe /console at the command prompt, and then connect to a remote server that does not have Terminal Server installed.

The /console switch is silently ignored. You will be connected to a session to remotely administer the server.

 

(For more information about the Windows Server 2008 behavior, see the “Behavior when you connect to a server that does not have Terminal Server installed” section of this article.)

You type mstsc.exe /console at the command prompt, and then connect to a remote server that has Terminal Server installed.

The /console switch is silently ignored. You will be connected to a standard Remote Desktop session that requires a Terminal Services client access license (TS CAL).

In the RDC client UI, you specify Computer_name /console in the Computer box (where Computer_name represents the name of the remote computer to which you want to connect), and then click Connect.

You receive the following error message:

 

“An unknown parameter was specified in computer name field.”

In the .rdp file, you specify /console in the “full address” property, and then try to start the Remote Desktop connection.

You receive the following error message:

 

“An unknown parameter was specified in computer name field.”

In the .rdp file, you specify the “connect to console” property, and then start the Remote Desktop connection.

The property is silently ignored. You will be connected to a session that requires a TS CAL.

As a developer, you programmatically call the put_ConnectToServerConsole function or the get_ConnectToServerConsole function of the IMsRdpClientAdvancedSettings interface.

The function fails, and returns S_FALSE.

 

 

Why the /console switch is no longer needed

 

In Windows Server 2003, starting a Remote Desktop session by running mstsc.exe with the /console switch is used for the following reasons:

       To connect to session 0. Some applications install and run only in session 0 because they need to communicate with services that run in session 0, or display UI that is displayed in session 0.

       To connect back to an existing session on the physical console. Because the physical console session in Windows Server 2003 is always session 0, the only way that you can reconnect to this session is by using the /console switch.

 

In Windows Server 2008, the /console switch functionality is no longer needed for the following reasons:

       Improved application compatibility ensures that legacy applications that need to communicate with services in session 0 will install and run in sessions other than session 0. Additionally, if the service that is associated with an application tries to display UI in session 0, a built-in capability in Windows Server 2008 and in Windows Vista enables the user to view and to interact with the session 0 UI from the user’s session. Windows Server 2008 session 0 is a non-interactive session that is reserved for services. Therefore, there is no need for a user to have to explicitly connect to this session.

 

Note   For more information about session 0 isolation in Windows Vista, see “Impact of Session 0 Isolation on Services and Drivers in Windows Vista” (http://go.microsoft.com/fwlink/?LinkId=106201).

 

       Because the physical console session is never session 0, you can always reconnect to your existing session on the physical console. Reconnecting to your existing physical console session is controlled by the "Restrict Terminal Services users to a single remote session" Group Policy setting, available in the Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections node of the Local Group Policy Editor. You can also configure this setting in the UI by using Terminal Services Configuration. (The Restrict each user to a single session setting appears under Edit settings, in the General section.)

 

Behavior of the /admin switch

 

You can start the RDC 6.1 client (mstsc.exe) with the /admin switch to remotely administer a Windows Server 2008-based server (with or without Terminal Server installed). However, if you are connecting to remotely administer a Windows Server 2008-based server that does not have the Terminal Server role service installed, you do not have to specify the /admin switch. (In this case, the same connection behavior occurs with or without the /admin switch.) At any point in time, there can be two active remote administration sessions. To start a remote administration session, you must be a member of the Administrators group on the server to which you are connecting.

 

Behavior when you connect to a server that does not have Terminal Server installed

 

If you (as a member of the Administrators group on the destination server) start a Remote Desktop session to a Windows Server 2008-based server that does not have the Terminal Server role service installed, the following behavior is true for the remote administration session:

       Time zone redirection is disabled.

       Terminal Services Session Broker (TS Session Broker) redirection is disabled.

       Plug and Play device redirection is disabled.

       The remote session theme is changed to Windows Classic.

       Terminal Services Easy Print is disabled.

 

Behavior when you connect to a server that has Terminal Server installed

 

If you (as a member of the Administrators group on the destination server) start a Remote Desktop session to a Windows Server 2008-based server that has the Terminal Server role service installed, you must specify the /admin switch to connect to a session to remotely administer the server. The following behavior is true for the session:

       You do not need a TS CAL to connect remotely to administer a terminal server.

       Time zone redirection is disabled.

       Terminal Services Session Broker (TS Session Broker) redirection is disabled.

       Plug and Play device redirection is disabled.

       The remote session theme is changed to Windows Classic.

       Terminal Services Easy Print is disabled.

 

Developer resources – Changes to APIs

If you are using RDC 6.1, you can no longer use the ConnectToServerConsole property of the IMsRdpClientAdvancedSettings interface to specify whether the Remote Desktop ActiveX control should attempt to connect to the server for administrative purposes. Instead, you must use the ConnectToAdministerServer property of the IMsRdpClientAdvancedSettings6 interface to connect to the physical console session on a Windows Server 2003-based server, or to the session that is used for administrative purposes on a Windows Server 2008-based server.

For more information about the ConnectToServerConsole property, see http://go.microsoft.com/fwlink/?LinkId=106203.

For more information about the ConnectToAdministerServer property, see http://go.microsoft.com/fwlink/?LinkId=106204.

Leave a Comment
  • Please add 6 and 5 and type the answer here:
  • Post
  • Bron: bink.nu Uit testen blijkt dat Windows Server 2008 RC0 erg veel sneller is dan de voorganger Windows

  • Will the Remote Desktops snap in be enhanced the same way as mstsc.exe?

    I use an mmc preconfigured with all my systems with a configuration for the console connection. I use this console for a majority of all my adminstrative work.

  • Forcing users, even admins in this case, to relearn a command for no good reason is really a waste of everyone's time.  There is no reason that Server 2008 couldn't just interpret the /console switch as "/admin" and be done with it.

    Even better for users (admins) is that Microsoft in their wisdom will either silently ignore the switch (CLI) or posting a vague error, “An unknown parameter was specified in computer name field.” (GUI).  

    If we REALLY have to change the switch, which I'm obviously not convinced makes sense at all, then wouldn't it be a nice idea to print out the usage parameters rather than fail silently, or in the GUI, I dunno, provide a link to a local help file that explains these changes?

    I can understand that from Microsoft's point of view this should help some application run better than rely on being run in session 0, and I've seen a handful of such applications; however with 5 years of time for application vendors to correct the issue, this change seems to be a bit late.

    In regards to the 3rd terminal server connection, I agree that is was definitely useful and I've even seen some instances where, especially SBS users, would use these 3 connections as a mini-terminal server.  These chahnges allow Microsoft to properly wring out every last cent...  err license features to those who need it.  

    Seriously though, to a user (or again admin most likely for this case), the only potential benefit is that you might not break a handful of applications that require session 0, everything else is an annoyance.  i.e. relearn command switches, lose 3rd remote session, lose ability for small customers to use server for a handful of remote users without having the complexities with licensing etc. involved with running terminal services in application mode.

    From a customer's point of view, I'd give this a C+ and only because of the handful of applications that should benefit from session 0 no longer being redirected.  Outside of that one benefit, from a customer's point of view, this new 'feature' is a FAIL.

  • The problem with this change is there are MILLIONS of 2003 Servers out there and exactly ZERO 2008 Servers out there.  In point of fact, 2003 will be the defacto standard server for MANY years to come just as 2000 was for some time after 2003 shipped.  Furthermore, there is NO slient ignoring of /console, it whines that it isn't a valid switch but provides no explanation.  This is based on Vista Ultimate SP1 (MSDN download of SP1).  There's no reason that /console can't still work other than you've broken yet another option in RDP that many of us have used for many years.  Time to find an open source RDP client or go to VNC and dump RDP all together for server adminitration.

  • '/console' equal 'connect to console:i:1' option in rdp file.

    Now, What option is '/admin' in rdp file ?

  • So which PM got this change passed?  How is changing this going to make things better?  If you have no GUI, /console would get you to session 1 instead of 0, just do it gracefully in the background.  Don't make changes just to justify your job!

    I'm still pissed with the RDP v6 client trying to remember the username and domain for the last connected server, and I can't find a way to disable it!  Do not append FQDN names to the front of a user account - it just won't work!  It doesn't match the domain name internally (remember .local or .dom, never use .com), or the machine name.

  • I understood the rdp file option for /admin.

    /console = "connect to console:i:1"

    /admin = "administrative session:i:1"

  • Just want to ditto Rich Balazsi comment though I'd rate it a C-, this "feature change" feels more like another new headache with 2008.

  • This really suck, wasted hours before I figured this one out...

    It is an arrogant move to not make the new option backwards compatible, and just another try at FORCING Vista and soon Windows 2008 down peoples throat...

    You should have left the /console option, windows 2008 could easily have ignored this..

    Poor job you guys.

  • I have to agree with a couple of other people who have posted. Regardless of the under-the-hood changes that have been made, would it not make sense to retain the name of the switch as /console, or just support /console and /admin? Making a well known and established switch not work, and fail silently, seems like the actions of someone who has never actually had to use remote desktop in their day to day work as a system administrator. I cannot work out why it is necessary, except to satisfy someone's sadism in inflicting idiotic changes on system administrators.

  • Perhaps the question is with all the "positive" feedback here, one must wonder if MS even cares at all.  As with http://blogs.msdn.com/ts/archive/2007/01/22/vista-remote-desktop-connection-authentication-faq.aspx?CommentPosted=true#commentmessage where they got no positive feedback either, it seems like MS has decided that changes that no one likes are acceptable and are becoming common place.  It's like they sit around and ask themselves, 'hey, what can we do to irritate another block of customers today?' and then they brain storm and come up with the most annoying and idiotic changes one could possible envision.

    I'm perfectly happy with RDP 5.2 on Vista and won't use 6.0 or 6.1 until MS listens.  The problem is they just don't care and make no $ off the RDP client so they have ZERO incentive to honour the wishes of customers.

  • WHY!?!?!

  • Windows Server 2008: Zmena v RDP z hlediska administrace serveru

  • just upgraded my Windows Vista machine to Vista SP1 RTM and found the changes while I was terminal-servicing

  • crosspost from http://blogs.msdn.com/rextang just upgraded my Windows Vista machine to Vista SP1 RTM

Page 2 of 8 (111 items) 12345»