Changes to Remote Administration in Windows Server 2008

Changes to Remote Administration in Windows Server 2008

Rate This

This article describes the differences between Windows Server 2003 and Windows Server 2008 when you use the Remote Desktop Connection (RDC) client to remotely connect to the server for administrative purposes.

 

In Windows Server 2003, you can start the RDC client (mstsc.exe) with the /console switch to remotely connect to the physical console session on the server (also known as session 0). In Windows Server 2008, the /console switch has been deprecated. (For more information, see the “Why the /console switch is no longer needed” section of this article.) In Windows Server 2008, session 0 is a non-interactive session that is reserved for services.

 

You can use the new /admin switch to remotely connect to a Windows Server 2008-based server for administrative purposes. The /admin switch is introduced with RDC 6.1. RDC 6.1 is included with the following operating systems:

       Windows Server 2008

       Windows Vista Service Pack 1 (SP1) Beta and RC

       Windows XP Service Pack 3 (SP3) Beta and RC

 

Note   RDC 6.1 (6.0.6001) supports Remote Desktop Protocol (RDP) 6.1.

 

RDC 6.1 does not support the /console switch. However, for backward compatibility, you can use the /admin switch to connect to the physical console session on a Windows Server 2003-based server. For example, to connect from a Windows Vista SP1 RC-based client to the physical console session of a Windows Server 2003-based server, you can run the command mstsc.exe /admin.

 

If you try to use the /console switch with the RDC 6.1 client, the behavior is as follows.

 

 

Scenario

Behavior

You type mstsc.exe /console at the command prompt, and then connect to a remote server that does not have Terminal Server installed.

The /console switch is silently ignored. You will be connected to a session to remotely administer the server.

 

(For more information about the Windows Server 2008 behavior, see the “Behavior when you connect to a server that does not have Terminal Server installed” section of this article.)

You type mstsc.exe /console at the command prompt, and then connect to a remote server that has Terminal Server installed.

The /console switch is silently ignored. You will be connected to a standard Remote Desktop session that requires a Terminal Services client access license (TS CAL).

In the RDC client UI, you specify Computer_name /console in the Computer box (where Computer_name represents the name of the remote computer to which you want to connect), and then click Connect.

You receive the following error message:

 

“An unknown parameter was specified in computer name field.”

In the .rdp file, you specify /console in the “full address” property, and then try to start the Remote Desktop connection.

You receive the following error message:

 

“An unknown parameter was specified in computer name field.”

In the .rdp file, you specify the “connect to console” property, and then start the Remote Desktop connection.

The property is silently ignored. You will be connected to a session that requires a TS CAL.

As a developer, you programmatically call the put_ConnectToServerConsole function or the get_ConnectToServerConsole function of the IMsRdpClientAdvancedSettings interface.

The function fails, and returns S_FALSE.

 

 

Why the /console switch is no longer needed

 

In Windows Server 2003, starting a Remote Desktop session by running mstsc.exe with the /console switch is used for the following reasons:

       To connect to session 0. Some applications install and run only in session 0 because they need to communicate with services that run in session 0, or display UI that is displayed in session 0.

       To connect back to an existing session on the physical console. Because the physical console session in Windows Server 2003 is always session 0, the only way that you can reconnect to this session is by using the /console switch.

 

In Windows Server 2008, the /console switch functionality is no longer needed for the following reasons:

       Improved application compatibility ensures that legacy applications that need to communicate with services in session 0 will install and run in sessions other than session 0. Additionally, if the service that is associated with an application tries to display UI in session 0, a built-in capability in Windows Server 2008 and in Windows Vista enables the user to view and to interact with the session 0 UI from the user’s session. Windows Server 2008 session 0 is a non-interactive session that is reserved for services. Therefore, there is no need for a user to have to explicitly connect to this session.

 

Note   For more information about session 0 isolation in Windows Vista, see “Impact of Session 0 Isolation on Services and Drivers in Windows Vista” (http://go.microsoft.com/fwlink/?LinkId=106201).

 

       Because the physical console session is never session 0, you can always reconnect to your existing session on the physical console. Reconnecting to your existing physical console session is controlled by the "Restrict Terminal Services users to a single remote session" Group Policy setting, available in the Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections node of the Local Group Policy Editor. You can also configure this setting in the UI by using Terminal Services Configuration. (The Restrict each user to a single session setting appears under Edit settings, in the General section.)

 

Behavior of the /admin switch

 

You can start the RDC 6.1 client (mstsc.exe) with the /admin switch to remotely administer a Windows Server 2008-based server (with or without Terminal Server installed). However, if you are connecting to remotely administer a Windows Server 2008-based server that does not have the Terminal Server role service installed, you do not have to specify the /admin switch. (In this case, the same connection behavior occurs with or without the /admin switch.) At any point in time, there can be two active remote administration sessions. To start a remote administration session, you must be a member of the Administrators group on the server to which you are connecting.

 

Behavior when you connect to a server that does not have Terminal Server installed

 

If you (as a member of the Administrators group on the destination server) start a Remote Desktop session to a Windows Server 2008-based server that does not have the Terminal Server role service installed, the following behavior is true for the remote administration session:

       Time zone redirection is disabled.

       Terminal Services Session Broker (TS Session Broker) redirection is disabled.

       Plug and Play device redirection is disabled.

       The remote session theme is changed to Windows Classic.

       Terminal Services Easy Print is disabled.

 

Behavior when you connect to a server that has Terminal Server installed

 

If you (as a member of the Administrators group on the destination server) start a Remote Desktop session to a Windows Server 2008-based server that has the Terminal Server role service installed, you must specify the /admin switch to connect to a session to remotely administer the server. The following behavior is true for the session:

       You do not need a TS CAL to connect remotely to administer a terminal server.

       Time zone redirection is disabled.

       Terminal Services Session Broker (TS Session Broker) redirection is disabled.

       Plug and Play device redirection is disabled.

       The remote session theme is changed to Windows Classic.

       Terminal Services Easy Print is disabled.

 

Developer resources – Changes to APIs

If you are using RDC 6.1, you can no longer use the ConnectToServerConsole property of the IMsRdpClientAdvancedSettings interface to specify whether the Remote Desktop ActiveX control should attempt to connect to the server for administrative purposes. Instead, you must use the ConnectToAdministerServer property of the IMsRdpClientAdvancedSettings6 interface to connect to the physical console session on a Windows Server 2003-based server, or to the session that is used for administrative purposes on a Windows Server 2008-based server.

For more information about the ConnectToServerConsole property, see http://go.microsoft.com/fwlink/?LinkId=106203.

For more information about the ConnectToAdministerServer property, see http://go.microsoft.com/fwlink/?LinkId=106204.

Leave a Comment
  • Please add 2 and 6 and type the answer here:
  • Post
  • just upgraded my Windows Vista machine to Vista SP1 RTM and found the changes while I was terminal-servicing

  • So this blog is documenting the changes to Windows Server 2008, and why "/console" is no longer needed in the new server.  Fine.

    Unfortunately, the /console option behavior was removed from the CLIENT.  So if I use the new client to connect to a Windows Server 2003 server, I STILL can't use /console.  Forget the fact that there really, really, really is a physical console session on Windows Server 2003.

    I'm agreeing with the other posters.  Symbolically, /console==/admin.  Session 0 is an irrelevant implementation detail.  The client should either give an error to the user for /console, or support both options with the same behavior, or both.

    The decision to remove support for the "hidden" admin connection isn't such a big deal, but I can understand the cause for complaint.  Instead there is the benefit that *no* sessions get logged out when a 3rd (4th) logs on, they just get disconnected (user switching).  That's a pretty neat feature, and based on many admin usage patterns it may even be a lot more important.

  • I regularly use "Remote Desktops" from the Windows 2003 Admin pack to connect to upwards of 20 virtual machines at the same time everyday (because it's far easier than haing 20 separate windows open). Much of these need access to the console while I am logged in.

    Having just installed Vista SP1, I can no longer do this. Is there an updated version of Remote Desktops? If not, I see this change as a serious FLAW in windows 2008 AND Vista SP1.

  • Este es un resumen del articulo publicado en Terminal Services Team Blog , en donde se describen las

  • I regularly use "Remote Desktops" from the Windows 2003 Admin pack  ---- where is the updated version /....?

  • Its' really anoyng, i'm using a third party rdp-tool thats uses the /console switch but not the /admin switch.

    I'm using this tool to connect to approx 50 Win2003 Server and are not able to connect to the consol-session anymore.

    I just trough out the windows my new notebook with Vista SP1 and use my old notebook with XP further.

    I don't think that on this way MS can bring us admins to use Vista SP1.

    Bring a fix for this immediatly

  • I see that RDC 6.1 has been released for Vista (SP1), Windows XP 32-bit (SP3 - Ok, nearly) and Server 2008 (RTM).

    Is there a release for Windows Server 2003, and/or for Windows XP 64-bit?  SP2 is still RDC 6.0, so is there an updated RDC for those operating systems?  At least that way I will be using the same version on all four OS!

  • The OSX version of RDC says: "This beta version of Remote Desktop Connection is out of date. You are using a beta version of Remote Desktop Connection Client for Mac 2.0. We recommend upgrading to the final release version. You can download the latest version of RDC at http://www.microsoft.com/mac/"

    BUT THIS IS A LIE! There is no final release version on the M$ site. Why are you implementing a timeout and don't offer at least a replacement version?

    Because of this annoying message, my .rdc files for various connections do not work anymore, RDC only remembers the login credentials of a single server now.

    PLEASE PLEASE PLEASE offer at least a timeout-fixed version if you are not able to provide a final version.

  • Dear OSX, I am the program manager for Mac RDC from Microsoft. Apologies for the inconvenience that the beta expiration message caused you. My team is heads down working to get the final version out for you guys as soon as possible. Please see my post at the Mac Mojo blog http://www.officeformac.com/blog/. In the meantime, it is possible to continue using the beta2 build by simply dismissing the beta message. Other than this message at launch, your copy of Mac RDC beta2 remains fully functional. Thank you for being patient with us!

    -David Liu

    Program Manager, MacBU, Microsoft

  • I'm using Windows Vista (Client) and 2003 (Server). However the bug (or feature?) for playing/recording audio on the remote hardware is still not fixed. It is annoying that the workaround to log on the console (where I can both play and record audio files on the physical sound driver) will not work any longer -- my Vista client does not support "/console" while my 2003 server does not support "/admin".

    How can I play / record audio remotely?

    Is the only way to remove SP1 on my Vista client?

    Will this be the end of my Media Services Installation, or should we offer silent films again?

  • After 3h of work, recreating all .rdp files and reinstalling the sound driver on the server it finally seems to work now. I can connect to my server and record/playback sound in the console session again :-) But why this unneccessary patchwork?

  • Anyone have an idea how/when the Remote Desktops admin feature will support using the TS Gateway to connect to servers?

    Thanks,

    Steven

  • Sage can you please explain to us what kind of patchwork did you do to enable audio in RDP please as I am suffering the same issue.

    Thanks

  • Who dropped the ball on this one? Removing the /console switch is just plain stupid. Release an update and add it back. I'll be uninstalling Vista SP1 from computers for the rest of the afternoon.

  • Really stupid change. Don't know what backward compatibility means Microsoft? You leave the /console switch and ignore it for new target platforms. I really hope the people deciding this get a kick in their a*****.

Page 3 of 8 (111 items) 12345»