Setting Up Clients

[powlaz]

I have started feeling my way through putting a Terminal Server in place for
our company. In a previous post I was referred to a book Brian Madden made
available on his website and I've read most everything in it. However there
are a couple of questions I have left.

1. Is there a 'Best Practices' method for connecting a client to the
Terminal Server? I went through the process of setting up a VPN connection
using my SonicWall Pro2040 but I'm not sure if VPN and an RDC session are the
generally accepted way of doing things.

Aside from the extensive security configured on the VPN is there a need for
additional security measures (regarding data being transferred) between the
TS and the client?

2. Do users need to be set up locally on the server?

3. Do licenses need to be assigned to a user or are they automatically
assigned to whomever logs in?

4. Is there a problem with letting the network DHCP server issue addresses
to the VPN clients from the existing pool?

5. Do the users need to be part of a Terminal Services group in AD for any
special reason (aside from Group Policy administration?)

6. Should a user be set up with a different TS login than he otherwise uses
on the network?

7. Is there such a thing as setting up a client to access only one
application. In other words when they click the .rdp file I'll give them
they connect to the TS but a desktop never loads, just the applicaton?

The company does not yet use Group Policy so I haven't bothered to read much
on using it for TS clients. But I'm interested in knowing if there are
policies that should be configured for the sake of the server or its
performance.

Thanks for helping with my slew of questions. I really appreciate the help.

PO

 

[ThePro]

Re: Setting Up Clients

See inline answers.

ThePro

"powlaz" <powlaz@discussions.microsoft.com> wrote:
>I have started feeling my way through putting a Terminal Server in place
>for
> our company. In a previous post I was referred to a book Brian Madden
> made
> available on his website and I've read most everything in it. However
> there
> are a couple of questions I have left.
>
> 1. Is there a 'Best Practices' method for connecting a client to the
> Terminal Server? I went through the process of setting up a VPN
> connection
> using my SonicWall Pro2040 but I'm not sure if VPN and an RDC session are
> the
> generally accepted way of doing things.
>
> Aside from the extensive security configured on the VPN is there a need
> for
> additional security measures (regarding data being transferred) between
> the
> TS and the client?

No, data will be encrypted by the VPN.

>
> 2. Do users need to be set up locally on the server?

No, if your TS is domain member your users can use their regular AD login.

>
> 3. Do licenses need to be assigned to a user or are they automatically
> assigned to whomever logs in?
>
> 4. Is there a problem with letting the network DHCP server issue
> addresses
> to the VPN clients from the existing pool?

No, that's the way we do it here and we never had a glitch.

>
> 5. Do the users need to be part of a Terminal Services group in AD for
> any
> special reason (aside from Group Policy administration?)

Yes, they need to be part of the "Remote desktop users" group to have the
right to logon remotely.

>
> 6. Should a user be set up with a different TS login than he otherwise
> uses
> on the network?

No.

>
> 7. Is there such a thing as setting up a client to access only one
> application. In other words when they click the .rdp file I'll give them
> they connect to the TS but a desktop never loads, just the applicaton?
>
> The company does not yet use Group Policy so I haven't bothered to read
> much
> on using it for TS clients. But I'm interested in knowing if there are
> policies that should be configured for the sake of the server or its
> performance.
>
> Thanks for helping with my slew of questions. I really appreciate the
> help.
>
> PO