Changes to Remote Administration in Windows Server 2008

Changes to Remote Administration in Windows Server 2008

Rate This

This article describes the differences between Windows Server 2003 and Windows Server 2008 when you use the Remote Desktop Connection (RDC) client to remotely connect to the server for administrative purposes.

 

In Windows Server 2003, you can start the RDC client (mstsc.exe) with the /console switch to remotely connect to the physical console session on the server (also known as session 0). In Windows Server 2008, the /console switch has been deprecated. (For more information, see the “Why the /console switch is no longer needed” section of this article.) In Windows Server 2008, session 0 is a non-interactive session that is reserved for services.

 

You can use the new /admin switch to remotely connect to a Windows Server 2008-based server for administrative purposes. The /admin switch is introduced with RDC 6.1. RDC 6.1 is included with the following operating systems:

       Windows Server 2008

       Windows Vista Service Pack 1 (SP1) Beta and RC

       Windows XP Service Pack 3 (SP3) Beta and RC

 

Note   RDC 6.1 (6.0.6001) supports Remote Desktop Protocol (RDP) 6.1.

 

RDC 6.1 does not support the /console switch. However, for backward compatibility, you can use the /admin switch to connect to the physical console session on a Windows Server 2003-based server. For example, to connect from a Windows Vista SP1 RC-based client to the physical console session of a Windows Server 2003-based server, you can run the command mstsc.exe /admin.

 

If you try to use the /console switch with the RDC 6.1 client, the behavior is as follows.

 

 

Scenario

Behavior

You type mstsc.exe /console at the command prompt, and then connect to a remote server that does not have Terminal Server installed.

The /console switch is silently ignored. You will be connected to a session to remotely administer the server.

 

(For more information about the Windows Server 2008 behavior, see the “Behavior when you connect to a server that does not have Terminal Server installed” section of this article.)

You type mstsc.exe /console at the command prompt, and then connect to a remote server that has Terminal Server installed.

The /console switch is silently ignored. You will be connected to a standard Remote Desktop session that requires a Terminal Services client access license (TS CAL).

In the RDC client UI, you specify Computer_name /console in the Computer box (where Computer_name represents the name of the remote computer to which you want to connect), and then click Connect.

You receive the following error message:

 

“An unknown parameter was specified in computer name field.”

In the .rdp file, you specify /console in the “full address” property, and then try to start the Remote Desktop connection.

You receive the following error message:

 

“An unknown parameter was specified in computer name field.”

In the .rdp file, you specify the “connect to console” property, and then start the Remote Desktop connection.

The property is silently ignored. You will be connected to a session that requires a TS CAL.

As a developer, you programmatically call the put_ConnectToServerConsole function or the get_ConnectToServerConsole function of the IMsRdpClientAdvancedSettings interface.

The function fails, and returns S_FALSE.

 

 

Why the /console switch is no longer needed

 

In Windows Server 2003, starting a Remote Desktop session by running mstsc.exe with the /console switch is used for the following reasons:

       To connect to session 0. Some applications install and run only in session 0 because they need to communicate with services that run in session 0, or display UI that is displayed in session 0.

       To connect back to an existing session on the physical console. Because the physical console session in Windows Server 2003 is always session 0, the only way that you can reconnect to this session is by using the /console switch.

 

In Windows Server 2008, the /console switch functionality is no longer needed for the following reasons:

       Improved application compatibility ensures that legacy applications that need to communicate with services in session 0 will install and run in sessions other than session 0. Additionally, if the service that is associated with an application tries to display UI in session 0, a built-in capability in Windows Server 2008 and in Windows Vista enables the user to view and to interact with the session 0 UI from the user’s session. Windows Server 2008 session 0 is a non-interactive session that is reserved for services. Therefore, there is no need for a user to have to explicitly connect to this session.

 

Note   For more information about session 0 isolation in Windows Vista, see “Impact of Session 0 Isolation on Services and Drivers in Windows Vista” (http://go.microsoft.com/fwlink/?LinkId=106201).

 

       Because the physical console session is never session 0, you can always reconnect to your existing session on the physical console. Reconnecting to your existing physical console session is controlled by the "Restrict Terminal Services users to a single remote session" Group Policy setting, available in the Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections node of the Local Group Policy Editor. You can also configure this setting in the UI by using Terminal Services Configuration. (The Restrict each user to a single session setting appears under Edit settings, in the General section.)

 

Behavior of the /admin switch

 

You can start the RDC 6.1 client (mstsc.exe) with the /admin switch to remotely administer a Windows Server 2008-based server (with or without Terminal Server installed). However, if you are connecting to remotely administer a Windows Server 2008-based server that does not have the Terminal Server role service installed, you do not have to specify the /admin switch. (In this case, the same connection behavior occurs with or without the /admin switch.) At any point in time, there can be two active remote administration sessions. To start a remote administration session, you must be a member of the Administrators group on the server to which you are connecting.

 

Behavior when you connect to a server that does not have Terminal Server installed

 

If you (as a member of the Administrators group on the destination server) start a Remote Desktop session to a Windows Server 2008-based server that does not have the Terminal Server role service installed, the following behavior is true for the remote administration session:

       Time zone redirection is disabled.

       Terminal Services Session Broker (TS Session Broker) redirection is disabled.

       Plug and Play device redirection is disabled.

       The remote session theme is changed to Windows Classic.

       Terminal Services Easy Print is disabled.

 

Behavior when you connect to a server that has Terminal Server installed

 

If you (as a member of the Administrators group on the destination server) start a Remote Desktop session to a Windows Server 2008-based server that has the Terminal Server role service installed, you must specify the /admin switch to connect to a session to remotely administer the server. The following behavior is true for the session:

       You do not need a TS CAL to connect remotely to administer a terminal server.

       Time zone redirection is disabled.

       Terminal Services Session Broker (TS Session Broker) redirection is disabled.

       Plug and Play device redirection is disabled.

       The remote session theme is changed to Windows Classic.

       Terminal Services Easy Print is disabled.

 

Developer resources – Changes to APIs

If you are using RDC 6.1, you can no longer use the ConnectToServerConsole property of the IMsRdpClientAdvancedSettings interface to specify whether the Remote Desktop ActiveX control should attempt to connect to the server for administrative purposes. Instead, you must use the ConnectToAdministerServer property of the IMsRdpClientAdvancedSettings6 interface to connect to the physical console session on a Windows Server 2003-based server, or to the session that is used for administrative purposes on a Windows Server 2008-based server.

For more information about the ConnectToServerConsole property, see http://go.microsoft.com/fwlink/?LinkId=106203.

For more information about the ConnectToAdministerServer property, see http://go.microsoft.com/fwlink/?LinkId=106204.

Leave a Comment
  • Please add 6 and 1 and type the answer here:
  • Post
  • Hi !

    I am completely disappointed. We have old apps, running with auto-logon on the console .... What a pain to connect to ....

    Although - this was announced one day:Admin will have four [4] admin sessions - we have now two instead of three!!!!!!!!! Additionally, using a server for development purposes - in many cases a necessity - and not having themes over RDP is really a mess!

    Additonal pain on server w2k8:No netmeeting to share admin sessions for instructions. And the vista-like communication system cannot be installed. Really very dirty.

    On our linux servers, we can decide per installation, what we really need and that for a good price ;-)

    br--mabra

  • Hi !

    Additional notes:Taking over a console session is possible. Open another RDP session, do a "qwinsta" to obtain the session-id for the console [usually 1]. Then do a "tscon 1" and you're there.

    The big mess is:This works only, if there is someone logged on !! If not, you'll receive an error message!!!!

    :-(  :-(

  • Thank you , that covers all about mstsc.exe

  • So this is what has broken my Console access to client SBS 2003 servers via Remote Web Workplace.

    I will get this RWW functionality back how?

  • Sir,

    In windows 2003 server's user environment setup, we can define the startup application. With this once user is authenticated through remote desktop connectivity automatically the application executes. User need not to remember the appliation name, path etc.

    But the same configuration setup is not working in windows 2008 server. After the user is logged in through remote desktop connection, it goes to upto to the server desktop. The defined appplication is not getting executed. Can any one help me on this. This is very critical for us because we are going on live with multiple location using multiple version of software application. (srini1705@gmail.com) this my mail id, can anyone give some solutions please

  • Sir,

    In windows 2003 server's user environment setup, we can define the startup application. With this once user is authenticated through remote desktop connectivity automatically the application executes. User need not to remember the appliation name, path etc.

    But the same configuration setup is not working in windows 2008 server. After the user is logged in through remote desktop connection, it goes to upto to the server desktop. The defined appplication is not getting executed. Can any one help me on this. This is very critical for us because we are going on live with multiple location using multiple version of software application. (srini1705@gmail.com) this my mail id, can anyone give some solutions please

  • To Srini1705.

    Do you have "Terminal Server" role installed on your server?

    Single Application mode works only when "Terminal Server" role is installed.

  • Yet another example that Microsoft development team for the server OS does not appear to talk to real world server admins.

    Wherever functionality is to be changed or decreased, there should be some serious discussion before going forward.

    This is true not just with this RDP change, but in the server admin tools on Server 2008. Change for the sake of change is not progress.

    Or how about the fact that the Exchange admin tools don't run on Vista, and you have to use RDP from Vista to a server with the tools - and now you alter the way it connects to the console connection as well? A case of cascading changes resulting in admin pain.

  • It nice to disappear switch /console, but better is to change also the documentation.

    If you buy new car generaly you get actual user manual. Not with Microsoft. RDP 6.1 is still delivered with information about /console switch. There is no information about /admin switch. On the other hand RDP 6.0 is terrible.

  • I have not found a way to enable this other than installing the Terminal Services role. Rob responded in October 2008, stating that you could install RemoteApp Manager separately.

    I have not found this listed as a separate installation anywhere.

  • @HansW_1203:

    Right-click Computer, Manage.

    Click on Features (on the left)

    Click Add Features

    Open Remote Server Administration Tools

    Open Role Administration Tools

    Check RemoteApp Manager

    Next

    Install

  • Thanks for the pointer. On my system, the Remote tools hierarchy was slightly different (Terminal Server Tools/Terminal Services rather than RemoteApp Manager). This installed the tools, but not the role.

    Unfortunately, even when I followed the original instructions to "either list the allowed programs, or allow users to start unlisted programs", the application would not launch.

    Just for clarification, I'm using the Remote Desktop client feature where you can specify to "Start a program" on connection.

    If I DO NOT have Terminal Service role installed, the desktop appears. If I DO have Terminal Service installed (no other changes), then the application launches successfully.

    HansW

  • guys, if you want to solve this problem you should find a real person to blame not just "Microsoft"

    make a service to yourself and find out who is behind this change and then BLAME until people that a responable for this product will make a change, if they don't - BLAME them and use real NAMES!

    It will be more effective!

  • Has anyone worked out a way to access the console as an admin while the "start program on connection" is set? I want a way to do it without setting the "start program on connection" on the users, it's a computer setting. Thanks.

  • @HansW

    I noticed the same, very confusing. It gets even better though: in the scenario WITHOUT the terminal service role installed (but with TSRemote  Apps set to 'launch any application') I can programmatically launch an application through the  ServerStartProgram API but not through the StartProgram API. Not very consistent. I prefer the StartProgram API though, any comments?

Page 7 of 8 (111 items) «45678