Windows Server 2008 Centralized Application Access

Microsoft Virtual Labs
Windows Server 2008 Centralized

Application Access
Windows Server 2008 Centralized Application Access
Table of Contents
Windows Server 2008 Centralized Application Access ............................................................. 1
Exercise 1 Implementing Terminal Services Gateway ..................................................................................................2
Exercise 2 Implementing Terminal Services RemoteApp .............................................................................................9
Exercise 3 Implementing Terminal Services Web Access .......................................................................................... 13
Exercise 4 Using Windows System Resource Manager with Terminal Services (Optional)....................................... 15
Windows Server 2008 Centralized

Application Access
After completing this lab, you will be better able to:
Objectives Implement a Terminal Services Gateway
Implement Terminal Services RemoteApp
Utilize Windows System Resources Manager on a Terminal Services Server
In this lab, you perform the function of an administrator for a company that has
Scenario users who work both within the corporate network and remotely. Some of the
users who work remotely, access the internet via shared computers. These users
only require access to specific applications. You need to allow authorized users
on an Internet-connected computer running Microsoft Windows Vista to easily
and securely connect to remote computers on the corporate network through a
Terminal Services Gateway. In addition, you need to provide access to standard
Microsoft Windows programs from virtually any location to any Windows
device with Internet access.
As a Terminal Server administrator you will also configure policies on the server
to ensure that all users connecting to the server have an equal share of the
server’s resources and ensure a consistent and predictable experience for users of
applications and services. To achieve this goal you will implement a resource
management policy on the server using Windows Server Resource Manager.
Before working on this lab, you must have:
Prerequisites • Experience (level 200+) with Windows Server 2000 and/or Windows
Server 2003
• A MCSA/MCSA Certification or equivalent knowledge. You should be
familiar with basic networking concepts and Active Directory concepts.
Estimated Time to 90 Minutes

Complete This Lab
NYC-DC-01
Computer used in this Lab NYC-CLI-01
NYC-CLI-02
NYC-DC-01-2
NYC-CLI-01-2
NYC-CLI-02-2
Page 1 of 15
Exercise 1
Implementing Terminal Services Gateway
Scenario
In this exercise, you will configure a Terminal Services Gateway Server and a Terminal Services Gateway Client.
You will configure the Terminal Services Gateway Server by first obtaining, importing and mapping a security
certificate for the server. You will then configure the server with a Connection Authorization Policy, a Resource
Group and a Resource Authorization Policy.
After configuring the Terminal Services Gateway Server, you will then configure a Terminal Services Gateway
Client and then establish a connection to the Terminal Services Gateway Server.
Note: This exercise uses the following computers: NYC-DC-01 and NYC-CLI-01
Note: Before you begin this exercise, you must start and log on to the computers.
Note: The Terminal Services Gateway Server has already had the Terminal Services Gateway role installed.
Tasks Detailed Steps

Complete the following 3 Note: In this task you will confirm that the required services to run Terminal Services
tasks on: Gateway Server have been installed and have started correctly. In the case that you
have been given a pre-configured server this should always be your first action to
ensure that the relevant services have successfully started. These services are required
NYC-DC-01 for clients to connect via the Terminal Services Gateway. You will also confirm that
1. Confirm the the default Web Site is configured to start automatically. The web site on the Terminal
Terminal Server Services Gateway server is used by clients to establish the connection to the Terminal
Gateway Server Server. The gateway enables users to connect using a secure web connection port
services have started (port 443) rather than using the standard Terminal Services port (port 3389).
Note: This task uses the following computer: NYC-DC-01 and NYC-CLI-01
a. Log on to NYC-DC-01 as Administrator with the password of P@ssw0rd.
b. On the Start menu, navigate to All Programs/Administrative Tools and then
click Server Manager.
c. In Server Manager, in the Explorer pane, expand Roles and then select
Terminal Services.
d. In the Contents pane, examine the contents of the System Services area.
Note: The services required for terminal services should all be shown as running. This
is confirmed by the heading of System Services: All Running
e. In the Explorer pane, expand Roles/Web Server (IIS) and then select Internet
Information Services (IIS) Manager.
f. In the Connections pane, navigate to NYC-DC-01
(WOODGROVEBANK\administrator)/Sites and then select Default Web Site.
g. In the Action pane, click Advanced Settings….
h. In the Advanced Settings window, confirm that Start Automatically is set to
True and then click OK.
i. In Server Manager, in the File menu, click Exit to close the Server Manager
window.
j. A dialog box may occur during this step. If Server Manager Error Dialog pops
up click Cancel to close the dialog box.
Note: The reason for ensuring that the web services are set to start automatically is
that connections to the Gateway server are managed by Internet Information Services.
Page 2 of 15
2. Create and Map a Note: In this task you will use the Terminal Services Gateway management console
certificate for the snap-in to create and map a certificate to the Terminal Services Gateway server. In
Terminal Services order to be able to use a server as a Terminal Services Gateway server, you must first
Gateway Server install a SSL Compatible X.509 certificate. This ensures that the Terminal Services
Gateway will use this certificate when providing connection security. This task uses a
self-signed certificate. Self signed certificates are appropriate for use in environments
that do not have an established public key infrastructure, or do not wish to create one.
Note: The use of a self signed certificate is recommended in environments that do not
have an established public key infrastructure.
a. On the Start menu, navigate to All Programs/ Administrative Tools/Terminal
Services and then click TS Gateway Manager.
b. In TS Gateway Manager, in the Explorer pane, select NYC-DC-01 (Local).
c. On the Action menu, click Properties.
d. In the NYC-DC-01 Properties dialog box, select the SSL Certificate tab, and
then select Create a self-signed certificate for SSL encryption, and then click
Create Certificate….
e. In the Create Self-Signed Certificate dialog box, in File name, type
C:\Public\NYC-DC-01.cer and then and then click OK.
f. In the TS Gateway dialog box, click OK.
Note: The Issued to, Issued By and Expiration date fields now have values. This
indicates that you have successfully installed the certificate.
g. Click on OK to close the NYC-DC-01 Properties dialog box.
h. On the Start Menu, in Start Search, type MMC and then press ENTER.
i. In Console1, on the File menu, select Add/Remove Snap-in….
j. In the Add or Remove Snap-ins dialog box, select Certificates, and then click
Add.
k. In the Certificates snap-in dialog box, select Computer account, and then click
Next.
l. In the Select Computer dialog box, ensure Local computer is selected, and then
click Finish.
m. In the Add or Remove Snap-ins dialog box, click OK.
n. In Console1, navigate to Console Root/Certificates (Local Computer)/Trusted
Root Certification Authorities and then select Certificates.
o. In the Action menu, select All Tasks and then Import….
p. In the Certificate Import Wizard, click Next.
q. In the Certificate Import Wizard, on the File to Import Page, in the File name
text box, enter C:\Public\NYC-DC-01.cer, and then click Next.
r. In the Certificate Import Wizard, on the Certificate Store page, ensure Place all
certificates in the following store is selected and then click Next.
s. In the Certificate Import Wizard, on the Completing the Certificate Import
Wizard, click Finish.
t. On the Certificate Import Wizard dialog box, click OK.
u. In Console1, on the File menu, click Exit, Do not save changes.
3. Configure Group Note: In this task you will use group policy to ensure that the security certificate for
Policy to distribute your company is installed automatically on all client computers. This will ensure that
Security Certificate use and installation of the security certificates are uniform across the business
environment.
Page 3 of 15
Note: This task uses the following computer: NYC-DC-01
a. On the Start navigate to Start Search, and type GPMC.MSC.
b. In Group Policy Management, in the Explorer pane, navigate to Group Policy
Management/Forest:
Woodgrovebank.com/Domains/Woodgrovebank.com/Group Policy Objects
and then select Default Domain Policy.
c. In Group Policy Management, on the Action menu, click Edit….
d. In Group Policy Management Editor, navigate to Computer
Configuration/Windows Settings/Security Settings/Public Key Policies and
then select Trusted Root Certification Authorities.
e. In Group Policy Management Editor, on the Action menu, click Import….
f. In the Certificate Import Wizard dialog box, click Next.
g. In the Certificate Import Wizard, on the File to Import page, click Browse….
h. In the Open dialog box, in File Name type, \\NYC-DC-01\Public\ and then click
Open.
i. In the Open dialog box, select NYC-DC-01 and then click Open.
j. In the Certificate Import Wizard, on the File to Import page, click Next.
k. In the Certificate Import Wizard dialog box, on the Certificate Store page,
ensure Place all certificates in the following store is selected and then click
Next.
l. In the Certificate Import Wizard dialog box, on the Completing the Certificate
Import Wizard page, click Finish.
m. In the Certification Import Wizard dialog box, click OK.
n. In Group Policy Management Editor, on the File menu, click Exit.
o. Close Group Policy Management.
Complete the following Note: In this task you will configure the computer that will be hosting the remote
task on: applications. For this purpose configurations will be made that allow other
computers to connect via RDP.
Note: This task uses the following computer: NYC-CLI-02
NYC-CLI-02
4. Client Configuration
a. Log on to NYC-CLI-02 as Woodgrovebank\Administrator using the password
P@ssw0rd.
b. On NYC-CLI-02, in the Start menu, right click Computer and select properties
c. On the System dialog select Remote Settings (upper left of dialog)
d. On the System Properties Dialog select the Remote Tab.
e. In the Remote Desktop Region select Allow Connections from computers
running any version of Remote Desktop radio button.
f. System Properties Dialog, Click OK.
g. System Dialog, Click File, Close
h. Log Off from NYC-CLI-02
Complete the following Note: In this task you will force the application of the newly created group policy
task on: settings by using the GPUPDATE command on the client machines. This will ensure
that the self-signed certificate is available for the clients to use in the following
exercises.
NYC-CLI-01
Note: This task uses the following computers: NYC-CLI-01
5. Force application of
a. The NYC-CLI-01 has been prelogged in as Woodgrovebank\DonHall using the
the Group Policy
password P@ssw0rd.
settings to client
Page 4 of 15
machines b. On NYC-CLI-01, in the Start menu, in Start Search, type CMD and press
ENTER.
c. In the command prompt window, type the following command, and then press
ENTER.
GPUPDATE /FORCE
d. Log off NYC-CLI-01
Complete the following 3 Note: In this task you will create a Connection Authorization Policy (CAP) that will
tasks on: allow you to control who can connect to the Terminal Services Gateway server. A
CAP allows you to specify detailed connection requirements, including requirements
such as group membership, domain membership, and the requirement to use a smart
NYC-DC-01 card.
6. Create a Connection Note: This task use the following computer: NYC-DC-01
Authorization Policy
a. In TS Gateway Manager, in the Explorer pane, navigate to NYC-DC-01
(CAP)
(Local)/Polices and then select Connection Authorization Policies.
b. In the Actions pane, click Create New Policy and then click Wizard.
c. In the Authorization Policies dialog box, ensure that Create only a TS CAP is
selected, and then click Next.
d. Complete the Authorization Policies with the following values:
Setting Value
Name for the TS CAP: Remote User Access
Windows authentication Password
method:
User group Remote Application Users
membership(required):
Client computer group No group selected
membership (optional):
TS Gateway device redirection Enable device redirection for all client
devices
e. In the Authorization Policies dialog box, click Finish to complete the policy
creation.
f. Click Close to close the Authorization Policies dialog box.
7. Create a computer Note: In this task you will create a group containing computers that can connect
group to control remotely through the Terminal Services Gateway. If a computer tries to connect to the
access to the Terminal Services Gateway that is not part of this group they will be denied access.
Terminal Services a. In the TS Gateway Manager, In the Explorer pane, expand NYC-DC-01
Gateway (Local), Polices and then select Resource Authorization Policies.
b. In the Actions pane, click Manage Local Computer Groups.
c. In the Manage locally stored computer groups dialog box, click Create group….
d. In the New TS Gateway-Managed Computer Group dialog box, on the General
tab, enter the following values, do not click OK.
Setting Value
Name: Remote Access Computers
Page 5 of 15
Description: Computers allowed to connect to TS
Gateway
e. In the New TS Gateway-Managed Computer Group dialog box, on the
Network resources tab, in the text box, type NYC-CLI-01 and then click Add.
f. In the New TS Gateway-Managed Computer Group dialog box, on the
Network resources tab, in the text box, enter NYC-CLI-02 and then click Add.
g. In the New TS Gateway-Managed Computer Group dialog box, on the
Network resources tab, in the text box, enter NYC-DC-01 and then click Add.
h. In the New TS Gateway-Managed Computer Group dialog box, click OK.
i. In the Manage locally stored computer groups dialog box, click Close.
Note: You are only adding the computers that will access the Gateway server
remotely. Normally you would not add the Gateway server to the policy. As the
gateway server is NYC-DC-01 and in this lab is used to host the terminal services it is
required to be added.
8. Create a Resource Note: In this task you will create Resource Authorization Policy (RAP). The RAP is
Authorization Policy used to identify which computers users that connect to a Terminal Services Gateway
(RAP) can connect to. In order to connect to a computer using the Terminal Services
Gateway, the client must meet the conditions of one CAP and one RAP.
a. In the TS Gateway Manager, in the Explorer pane, navigate to NYC-DC-01
(Local)/Polices and then select Resource Authorization Policies.
b. In the Actions pane, click Create New Policy and then click Wizard.
c. In the Authorization Policies dialog box, ensure that Create only a TS RAP is
selected, and then click Next.
d. Complete the Authorization Policies with the following values:
Setting Value
Name for the TS RAP: Remote Resource Access
User group membership: Remote Application Users
Computer Group: Select an existing TS Gateway-managed
computer group or create a new one
Select an existing TS Remote Access Computers
Gateway-managed computer
group
Allowed Ports Allow connections only through TCP
port 3389
e. In the Authorization Policies dialog box, click Finish to complete the policy
creation
f. Click Close to close the Authorization Policies dialog box.
Complete the following Note: In this task, you will modify the Remote Desktop Connection settings on NYC-
task on: CLI-01 to connect through the Terminal Services Gateway that you have configured.
You will first attempt to connect directly to NYC-CLI-02 using the default settings of
Remote Desktop Connection. NYC-CLI-02 has had the default Windows Firewall
NYC-CLI-01 settings modified to only accept connections from the IP address of NYC-DC-01.
9. Configure Remote Note: In order to connect to NYC-CLI-02 you will need to modify the settings of the
Desktop Connection Remote Desktop Connection to use the Terminal Services Gateway to connect
Settings on the Client through.
Computer Note: This task uses the following computers: NYC-CLI-01, NYC-CLI-02 and NYC-
Page 6 of 15
DC-01
a. Log on to the NYC-CLI-01 as DonHall with a password of P@ssw0rd.
b. On the Start menu, navigate to Start/All Programs/ Accessories, and then click
Remote Desktop Connection.
c. In Remote Desktop Connection, in the Computer text box, type NYC-CLI-
02.Woodgrovebank.com and then click Connect.
d. In the Windows Security box, use the following values and then click OK.
Setting Value
User Name: Woodgrovebank\DonHall
Password: P@ssw0rd
Note: There will be a delay and then the connection will fail. This is because the
Windows Firewall on NYC-CLI-02 is configured to only accept Remote Desktop
connections from NYC-DC-01.
e. In the Remote Desktop Disconnected dialog box, click OK.
f. In the Remote Desktop Connection dialog box, click Options, and then click the
Advanced tab.
g. In the Remote Desktop Connection dialog box, in Connect from anywhere,
click Settings….
h. In the Gateway Server Settings dialog box, select Use these TS Gateway server
settings:.
i. In the Gateway Server Settings dialog box, in the Server name, type NYC-DC-
01.Woodgrovebank.com and select Logon method: Ask for password (NTLM).
j. In the Gateway Server Settings dialog box, uncheck Bypass TS Gateway server
for local addresses.
k. Click OK to accept the settings.
l. In Remote Desktop Connection, click on the General tab.
m. In the Computer text box, type NYC-CLI-02.Woodgrovebank.com and then
click Connect.
n. In the Windows Security box, use the following values:
Setting Value
User Name: Woodgrovebank\DonHall
Password: P@ssw0rd
o. Click OK.
Note: There will be a slight delay before the next step appears. When the next box
appears, observe that this is for the Gateway Server Credentials.
p. In the Windows Security box, use the following values:
Setting Value
User Name: DonHall
Password: P@ssw0rd
q. Click OK.
Note: There will be a slight delay before the desktop of NYC-CLI-02 appears. When it
Page 7 of 15
does appear, you can observe in the connection toolbar, the padlock which symbolizes
that the connection is using security.
r. If you are prompted that there is a user RDPed into the NYC-CLI-02 machine, log
off the other user and log on.
s. Log off the NYC-CLI-02 remote session.
Page 8 of 15
Exercise 2
Implementing Terminal Services RemoteApp
Scenario
RemoteApp applications are programs that are accessed remotely through Terminal Services and appear as if they
are running on a user's local computer. Users can run RemoteApp applications side-by-side with their local
programs. If a user is running more than one Remote Program on the same terminal server, RemoteApp will share
the same Terminal Services session. You can use TS Web Access to make RemoteApp applications available
through a Web site.
In this exercise, you will configure NYC-DC-01 to be able to publish remote applications. In addition you will
create packages for deploying remote applications to the client machines and then distribute these packages.
You will also test the connection of the remote program application from a client machine. In order to test these
RemoteApp, you will also modify the allow list to allow an application to be accessed remotely.
Note: This exercise uses the following computers: NYC-DC-01, NYC-CLI-01, NYC-DC-01-2, and NYC-CLI-01-2

Complete the following 4 Note: In this task you will add the Terminal Server role to NYC-DC-01.
tasks on: Note: This task uses the following computer: NYC-DC-01
a. On the Start menu, navigate to All Programs/Administrative Tools/Server
NYC-DC-01 Manager.
1. Install Terminal b. In Server Manager, in the Explorer pane, navigate to Roles/Terminal Services.
Server Role Service c. In Server Manager, in the Contents pane, under Role Services, click Add Roles
Services.
d. In the Add Role Services dialog box, in the Select Role Services page, select
Terminal Server.
e. In the Add Role Services dialog box, click Install Terminal Services anyway
(not recommended).
f. In the Add Role Services dialog box, click Next.
g. In the Add Role Services dialog box, in the Uninstall and Reinstall Applications
for Compatibility page, click Next.
h. In the Add Role Services dialog box, in the Select RDP Version page, select
Require Network Level Authentication then click Next.
i. In the Add Role Services dialog box, in the Specify the Terminal Services
Licensing Mode page, select Configure later then click Next.
j. In the Add Role Services dialog box, in the Select User Groups Allowed Access
to This Terminal Server page, click Next.
k. In the Add Role Services dialog box, in the Confirm Installation Selections screen,
click Install.
Note: On the Confirm Installation Selections screen, there is one warning. The
warning is advising that you may need to reinstall applications. In the lab it is safe to
ignore, however in a production environment it is important to remember that
applications may need to be reinstalled. The reason for the need to reinstall the
applications is that on a Terminal Server applications are installed into a different
section of the registry. This is so that the applications can be safely accessed by
multiple users simultaneously.
The installation process will take approximately 5 minutes. After this you will need to
Page 9 of 15
restart NYC-DC-01.
l. In the Add Role Services dialog box, in the Installation Results screen, click
Close.
m. In the Add Role Services dialog box, click Yes to begin the restart.
n. It takes a couple of minutes to restart the NYC-DC-01. Due to the network
limitation of machine reboot in the Virtual environment, please continue the rest of
the exercises on the NYC-DC-01-2 machine.
Note: The reboot will take several minutes. After completing the log in the Post-
Reboot Configuration Wizard will appear to confirm that the Terminal Services role
has been installed successfully.
Complete the following 3 Note: In this task you will add two existing program to the Allow list for Terminal
tasks on: Services RemoteApp. In order for a user to be able to access a program with
RemoteApp the application must be on the Allow List. The Allow List settings also
includes the ability to change settings for the remote applications, such as additional
NYC-DC-01-2 command line arguments and changes to the default icons. You will use a sample
2. Add a program to the program named OnTheServer.exe and in addition will add WordPad to the Allow List.
Allow list a. The NYC-DC-01-2 machine has been prelogged in as Administrator with the
password of P@ssw0rd.
b. In the Post-Reboot Configuration Wizard dialog box, click Close.
c. On the Start menu, navigate to All Programs/Administrative Tools/Terminal
Services/TS RemoteApp Manager.
d. In RemoteApp, in the Action menu, click Add RemoteApps.
e. In the RemoteApp Wizard, click Next.
f. In the Choose RemoteApp to add to the allow list, click Browse.
g. In the Choose a program dialog box, in File name type
C:\Public\OnTheServer.exe, and then click Open.
h. In the RemoteApp Wizard, in the Choose programs to add to the RemoteApps
list page, click Next.
i. In the RemoteApp Wizard, in the Review Settings page, click Finish.
j. In the RemoteApp console, in the Contents pane, select OnTheServer.exe.
k. In the RemoteApp console, in the Actions pane, click Properties.
l. In the RemoteApp Demo Properties, in the RemoteApp name text box, change
OnTheServer.exe to Demo Application and click OK.
m. In RemoteApp, in the Action pane, click Add RemoteApps.
n. In the RemoteApp Wizard, click Next.
o. In the Choose programs to add to the RemoteApps list, check the box next to
WordPad and then click Next.
p. In the RemoteApp Wizard, in the Review Settings page, click Finish.
3. Create a RDP file Note: In this task you will create a RDP file that can then be distributed to clients
that publishes a either via e-email or USB Flash Disk (UFD). This will then enable users to connect
connection to an remotely to the remote program that was added to the allow list. Any settings that
application have been added to the application in the allow list will also be added to the RDP file.
a. In TS RemoteApp Manager, select Demo Application in the Contents pane,
b. In TS RemoteApp Manager, in the Actions pane, click Create .rdp File.
c. In the RemoteApp Wizard, click Next.
d. In the RemoteApp Wizard, in the Specify Packages Settings page, modify the
location for saving the package to C:\Public\
Page 10 of 15
e. In the RemoteApp Wizard, in the Specify Packages Settings page, in TS
Gateway Settings, click Change….
f. In the Configure TS Gateway Settings dialog box, select Use these TS Gateway
Server settings: and enter the following settings and then click OK.
Setting Value
Server name: NYC-DC-01.Woodgrovebank.com
Logon method: Ask for password (NTLM)
Use the same user Checked
credentials for TS Gateway
and TS Server
Bypass TS Gateway Server Unchecked
for local addresses
g. In the RemoteApp Wizard, in the Specify Packages Settings page, click Next.
h. In the RemoteApp Wizard, in the Review Settings page, click Finish.
Note: Windows Explorer will now appear displaying the created RDP file. The
created file is named OnTheServer.rdp
4. Create a MSI file that Note: In this task you will create a MSI file that can be distributed as an installation
installs an package. This package could be distributed for users to manually install or installed
application as part of a Group Policy Object. As part of the configuration of an MSI package it is
possible to define where the remote program will appear in the User’s environment
and also to associate the remote program with client file associations. An example of
using this would be to publish Microsoft Word – to be intergrated into the user’s Start
Menu and to be opened when they click on a Word Document. This gives a seamless
integration for the users to the remote program. Any settings that have been added to
the application in the allow list will also be added to the MSI file.
a. In TS RemoteApp Manager, in the Contents pane, select WordPad
b. In the Actions pane, click Create Windows Installer Package.
c. In the RemoteApp Wizard, click Next.
d. In the RemoteApp Wizard, in the Specify Packages Settings page, modify the
location for saving the package to C:\Public\
e. In the RemoteApp Wizard, in the Specify Packages Settings page, in TS
Gateway Settings, click Change….
f. In the Configure TS Gateway Settings dialog box, select Use these TS Gateway
Server settings: and enter the following settings and then click OK. Then click
Next.
Setting Value
Server name: NYC-DC-01.Woodgrovebank.com
Logon method: Ask for password (NTLM)
Use the same user Checked
credentials for TS
Gateway and TS
Server
Page 11 of 15
Bypass TS Gateway Unchecked
Server for local
addresses
g. In the RemoteApp Wizard, in the Configure Distribution Package page, accept
the default settings by clicking Next.
h. In the RemoteApp Wizard, in the Review Settings page, click Finish.
Note: Windows Explorer will now appear displaying the created installation file. The
created file is named wordpad.rap.msi
Complete the following Note: In this task, you will use the RDP file and the MSI file that you created in the
task on: previous tasks. This will be achieved by accessing the files on the Public share on
NYC-DC-01.
Note: This task uses the following computer: NYC-CLI-01-2
NYC-CLI-01-2
Note: Log on to NYC-CLI-01-2 as Woodgrovebank\Administrator with the password
5. Using RemoteApp
of P@ssw0rd
Access
a. On the Start menu, in Start Search, type \\NYC-DC-01\Public and then press
ENTER.
b. In Windows Explorer, double click OnTheServer.RDP.
c. In the Windows Security dialog box, enter the following values:
Setting Value
User Name: DonHall
Password: P@ssw0rd
d. Check Remember my credentials and then click OK.
e. In the RemoteApp dialog box, check Don’t prompt me again for connections to
this computer, and then click Yes.
Note: The application now launches. When the application launches successfully it
will display on the screen as On The Server. This is the remote application running on
the server.
f. Close the On The Server remote program.
g. In Windows Explorer, double click WordPad.rap.msi.
Note: The remote WordPad application now installs. Observe the name of the
application matches the name that was entered during the creation of the MSI file.
h. After the application has completed installation, on the Start menu, navigate to All
Programs – RemoteApp – WordPad.
will display on the screen as WordPad.
i. In the remote WordPad application, in the File menu, click Exit to close.
Page 12 of 15
Exercise 3
Implementing Terminal Services Web Access
Scenario
TS Web Access is a feature that makes RemoteApp available to users from a Web browser. With TS Web Access, a
user can visit a Web site—either from the Internet or from an intranet—to access a list of available RemoteApp
applications. When a user starts a RemoteApp applicaion, a Terminal Services session is started on the terminal
server that hosts the Remote Program.
TS Web Access includes a default Web page that you can use to deploy RemoteApp applications over the Web. The
Web page consists of a frame and a customizable Web Part, where the list of RemoteApp application is displayed.
In this exercise, you will configure the terminal server to support Terminal Services Web Access and then configure
an application to be made unavailable via the web interface.
Note: This exercise uses the following computers: NYC-DC-01-2 and NYC-CLI-02-2

Complete the following Note: In this task you will modify NYC-DC-01-2 to include the Terminal Server Web
task on: Access role. This will then extend our Terminal Server to now be able to provide
Remote Applications via a web interface.
Note: This task uses the following computer: NYC-DC-01-2
NYC-DC-01-2
Note: Log on to NYC-DC-01-2 using the username Administrator and the password
1. Install Terminal
P@ssw0rd.
Server Web Access
Role Service a. On the Start menu, navigate to All Programs/Administrative Tools/Server
Manager.
b. In the Explorer pane, navigate to Roles/Terminal Services.
c. In the Contents pane, in Role Services, click Add Roles Services.
d. In the Select Role Services dialog box, check TS Web Access.
e. In the Add Role Services dialog box, select Add Required Role Services.
f. In the Add Role Services dialog box, in the Select Role Services page, click Next.
g. In the Add Role Services dialog box, in the Web Server (IIS) page, click Next.
h. In the Add Role Services dialog box, in the Select Role Services page, click Next.
i. In the Add Role Services dialog box, in the Confirm Installation Selections
page, click Install.
Note: The installation process will take approximately 5 minutes. Wait until the
installation has completed before continuing to the next task.
Complete the following Note: In this task, use the Terminal Server Web Access to access to the applications
task on: that you have previously published.
Note: This task uses the following computer: NYC-CLI-02-2
NYC-CLI-02-2 a. On the Start menu, click Internet Explorer.
2. Connect to Terminal b. In the address bar, enter the address http://NYC-DC-01/ts and then press
Server Web Access ENTER. (The TS site may not be created . If this fails, continue with next
and launch exercise.)
application c. In the Connect to nyc-dc-01 dialog box, enter the User name
Woodgrovebank\Administrator and the password P@ssw0rd.
Note: The TS Web Access page is now displayed. There is two programs displayed –
Page 13 of 15
the Demo Application and the WordPad that you published in an earlier task.
d. Click Demo Application in the TS Web Access webpage.
e. In the Trust Warning pop-up, click Yes.
f. In the RemoteApp dialog box, click Yes
g. In the Windows Security dialog box, enter the username
Woodgrovebank\donhall and the password P@ssw0rd, and then press ENTER.
will display on the screen as On The Server.
Page 14 of 15
Exercise 4
Using Windows System Resource Manager with Terminal
Services (Optional)
Scenario
Windows System Resource Manager (WSRM) is a feature of Windows Server 2008. Using WSRM, administrators
can control how CPU resources are allocated to applications, services, and processes. Managing these resources
improves system performance and reduces the chance that these applications, services, or processes will interfere
with the rest of the system. WSRM also creates a more consistent and predictable experience for users. In the
terminal services environment it is even more important as it ensures a consistent experience for all users of the
server.
In this exercise, you will add Windows System Resource Manager to NYC-DC-01-2 and then configure a resource
allocation policy.
Note: This exercise uses the following computer: NYC-DC-01-2

Complete the following Note: In this task, you will implement a Windows System Resource Manager Policy
task on: that will ensure that all sessions will share equal processor time. This will ensure that
the access to the terminal server by all users is not affected by a single user running
an application that may attempt to take more server resources.
NYC-DC-01-2
Note: Log on to NYC-DC-01-2 using the username Administrator and the password
1. Implement a P@ssw0rd.
Windows System
a. On the Start menu, navigate to All Programs\Administrative Tools and then
Resource Manager
click Services.
Policy
b. In the Contents pane, double click Windows System Resource Manager.
c. In the Windows System Resource Manager Properties (Local Computer) dialog
box, in Startup type, select Manual, click Apply, and then click Start.
d. Click OK to close the Windows System Resource Manager (Local Computer)
dialog box.
e. In the Start menu, navigate to All Programs\Administrative Tools\Windows
System Resource Manager.
f. In the Connect to computer dialog box, select Connect.
g. In Windows System Resource Manager, expand Resources Allocation Policies.
h. In the Contents pane, select Equal_Per_Session {Manage}
i. In the Action pane, select Set as Managing Policy.
j. In the Warning dialog box, click OK.
k. In Windows System Resource Manager, in the Explorer pane, select Resource
Monitor.
Note: In the Resource Monitor, there is a counter that has been added, System
Managed CPU% with an instance of Equal_Per_Session. This is the display of WSRM
monitoring that all sessions are obtaining equal access to the CPU.
Page 15 of 15

Windows Server 2008 Centralized Application Access

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Windows Server 2008 Centralized Application Access

Încărcat de

Drepturi de autor:

Formate disponibile

Microsoft Virtual Labs

Windows Server 2008 Centralized

Windows Server 2008 Centralized

Estimated Time to 90 Minutes

Tasks Detailed Steps

Tasks Detailed Steps

Tasks Detailed Steps

Tasks Detailed Steps

S-ar putea să vă placă și