Setting Up Clients

[Guest powlaz]

I have started feeling my way through putting a Terminal Server in place for

our company. In a previous post I was referred to a book Brian Madden made

available on his website and I've read most everything in it. However there

are a couple of questions I have left.

 

1. Is there a 'Best Practices' method for connecting a client to the

Terminal Server? I went through the process of setting up a VPN connection

using my SonicWall Pro2040 but I'm not sure if VPN and an RDC session are the

generally accepted way of doing things.

 

Aside from the extensive security configured on the VPN is there a need for

additional security measures (regarding data being transferred) between the

TS and the client?

 

2. Do users need to be set up locally on the server?

 

3. Do licenses need to be assigned to a user or are they automatically

assigned to whomever logs in?

 

4. Is there a problem with letting the network DHCP server issue addresses

to the VPN clients from the existing pool?

 

5. Do the users need to be part of a Terminal Services group in AD for any

special reason (aside from Group Policy administration?)

 

6. Should a user be set up with a different TS login than he otherwise uses

on the network?

 

7. Is there such a thing as setting up a client to access only one

application. In other words when they click the .rdp file I'll give them

they connect to the TS but a desktop never loads, just the applicaton?

 

The company does not yet use Group Policy so I haven't bothered to read much

on using it for TS clients. But I'm interested in knowing if there are

policies that should be configured for the sake of the server or its

performance.

 

Thanks for helping with my slew of questions. I really appreciate the help.

 

PO

[Guest ThePro]

Re: Setting Up Clients

 

See inline answers.

 

ThePro

 

"powlaz" <powlaz@discussions.microsoft.com> wrote:

>I have started feeling my way through putting a Terminal Server in place

>for

> our company. In a previous post I was referred to a book Brian Madden

> made

> available on his website and I've read most everything in it. However

> there

> are a couple of questions I have left.

>

> 1. Is there a 'Best Practices' method for connecting a client to the

> Terminal Server? I went through the process of setting up a VPN

> connection

> using my SonicWall Pro2040 but I'm not sure if VPN and an RDC session are

> the

> generally accepted way of doing things.

>

> Aside from the extensive security configured on the VPN is there a need

> for

> additional security measures (regarding data being transferred) between

> the

> TS and the client?

 

No, data will be encrypted by the VPN.

>

> 2. Do users need to be set up locally on the server?

 

No, if your TS is domain member your users can use their regular AD login.

>

> 3. Do licenses need to be assigned to a user or are they automatically

> assigned to whomever logs in?

>

> 4. Is there a problem with letting the network DHCP server issue

> addresses

> to the VPN clients from the existing pool?

 

No, that's the way we do it here and we never had a glitch.

>

> 5. Do the users need to be part of a Terminal Services group in AD for

> any

> special reason (aside from Group Policy administration?)

 

Yes, they need to be part of the "Remote desktop users" group to have the

right to logon remotely.

>

> 6. Should a user be set up with a different TS login than he otherwise

> uses

> on the network?

 

No.

>

> 7. Is there such a thing as setting up a client to access only one

> application. In other words when they click the .rdp file I'll give them

> they connect to the TS but a desktop never loads, just the applicaton?

>

> The company does not yet use Group Policy so I haven't bothered to read

> much

> on using it for TS clients. But I'm interested in knowing if there are

> policies that should be configured for the sake of the server or its

> performance.

>

> Thanks for helping with my slew of questions. I really appreciate the

> help.

>

> PO