This step-by-step instruction guide describes how to configure Terminal Services in Windows 2000 Server

for Remote Administration mode, which allows you to manage all of your computers remotely. This
document describes how to install and configure Terminal Services, how to install and run the client, and
briefly describes how to make Terminal Services work over firewalls.

Back to the top

Installing Terminal Services

You can install Terminal Services in two modes: Application Server mode and Remote Administration
mode. Application Server mode is used for thin-client environments in which users have lightweight PCs
and run programs remotely on the server instead of locally. Application Server mode requires a license for
each connected user.

Remote Administration mode allows two low-resource simultaneous connections that are ideally suited for
remote administration. No additional licenses are necessary, and the limit cannot be increased. This
document describes Remote Administration mode.

To Install Terminal Services

1. Insert the Windows 2000 Server CD-ROM into the CD-ROM or DVD-ROM drive.
2. If a dialog box appears automatically after you insert the CD-ROM, click Install Add-on
Components. If no dialog box appears, click Start, point to Settings, and then click Control
Panel. Double-click Add/Remove Programs, and then click Add/Remove Windows
Components.
3. In the list of components, click to select the Terminal Services check box.
4. Click to clear the Terminal Services Licensing check box if it is selected. You do not need this
service for Remote Administration mode. Click Next.
5. Click Remote Administration Mode, and then click Next.
6. The Terminal Services Wizard runs and installs Terminal Services. Close the wizard when it is
finished, and then reboot your computer if you are prompted to do so.

Back to the top

Connecting to Terminal Services

To connect to Terminal Services running on a server, you must use a Terminal Services client. The
client is available on the server on which you installed Terminal Services, in the following folder:
%SystemRoot%\System32\Clients\Tsclient\Net\Win32
Create a share on your server so that you can easily install the client on any computer.

To Create a Share on Your Server

1. Use Windows Explorer to locate the %SystemRoot%\System32\Clients\Tsclient\Net\Win32

folder. Note that %SystemRoot% may be the C:\Winnt folder.
2. Right-click the Win32 folder, and then click Sharing.
3. On the Sharing tab, click Share this folder.
4. Change the share name to TSClient.
 5. Click Permissions.
6. Click to clear the Full control and Change check boxes. Only the Read permission should be
selected.
7. Click OK, and then click OK.

Follow the next steps on the computer from which you want to perform remote administration. The
Terminal Services client runs on any 32-bit version of Windows, including Microsoft Windows 95,
Microsoft Windows 98, Microsoft Windows Millennium Edition (Me), Microsoft Windows NT 3.5x and 4.0,
Microsoft Windows 2000 Professional, and various server versions. Connect to the share you created
earlier. The share is named \\Servername\TSClient, where Servername is the name of the computer on
which you installed Terminal Services. You do not have to follow the uppercase and lowercase
convention that is used in this article.

To Install the Terminal Services Client

1. Connect to the \\Servername\TSClient share that you created earlier.

2. Double-click Setup.exe.
3. Click Continue in the dialog box that appears, and then type your name and organization in the
next dialog box.
4. Click I agree (if you agree) when you see the license agreement.
5. Click the large button in the next dialog box. You can change the installation path first, if you want
to.
6. Click Yes when you are prompted whether you want all users to have the same initial settings.

Back to the top

Using the Terminal Services Client

Before you can manage your Terminal Services servers remotely, you must create a connection to
these servers. This procedure uses the Client Connection Manager tool to create icons for all of the
Terminal Services servers you want to manage.

To Create a Connection to the Terminal Services Server

1. Click Start, point to Programs, point to Terminal Services Client, and then click Client
Connection Manager.
2. When the Client Connection Manager Wizard starts, click Next.
3. In the Connection name box, type a descriptive name for the connection.
4. In the Server name or IP address box, type the server's name or IP address, or click Browse to
search for the server. When you are done, click Next.
5. Leave all automatic logon information blank. Using automatic logon information might present a
security problem if a non-administrator has access to the computer from which you run the client.
Click Next.
6. Click a screen resolution that is appropriate for you. It is best to use the largest area you can
select (the client does not let you select an area that is larger than your local screen can display).
Do not select Full screen at this time; you can toggle between windowed and full screen modes
later. Leaving the initial connection in a window helps reinforce the fact that you are working on a
remote computer rather than your local workstation. Click Next.
 7. Leave the Enable data compression and Cache bitmaps check boxes clear. They are useful
only if you are working over a slow dial-up link. Click Next.
8. Leave the Start the following program check box clear. You want the client to display the
server's desktop. Click Next. Change the icons if you want to. Click Next. Click Finish to
complete the wizard.

This process creates an icon for your server. Double-clicking the icon connects you to the server. You can
also right-click the icon to change the connection properties if you need to.

To Connect to the Server Using Terminal Services

1. Double-click the server icon in Client Connection Manager.

2. The Terminal Services client window appears and displays the server's logon dialog box. You
might need to double-click the window's title bar to see it all.
3. Type an appropriate set of credentials to log on to the server. Typically, you will log on as some
kind of administrator (local, domain, or enterprise).
4. If you use correct credentials, you see the server's desktop.

Note that this is very different from using a remote-control product. You are not manipulating the
keyboard, mouse, and screen at the server. Instead, you are logged on to the computer and have created
a new session, but this session is displayed remotely, over Terminal Services, rather than locally at the
computer. You do, however, have full access to the computer's programs just as if you were working at its
local console.

Back to the top

Disconnecting the Terminal Services client

There is an important distinction between disconnecting from a session and logging off. If you only
close the Terminal Services client window, your session remains active on the server. When you connect
again, Terminal Services reconnects you to that session. Any programs that you left running in the
session are still available. To end the session, you need to log off by using the remote computer's Start
menu. Note that this logs you off and ends the remote session. It does not log off the user at the
computer's local console.

Back to the top

Useful Client Shortcut Keys

Collapse this tableExpand this table

Key combination Function Similar local keys
CTRL+ALT+END Opens the Windows Security dialog box CTRL+ALT+DELETE
Toggles the Terminal Services client display from window to
CTRL+ALT+BREAK
full screen
ALT+INSERT Cycles through running programs on the remote computer ALT+TAB
ALT+HOME Displays the remote computer's Start menu
ALT+DELETE Displays the remote window's Control menu ALT+SPACE BAR
You can take screenshots with these shortcuts:
Collapse this tableExpand this table
Key combination Function Similar local
 keys
CTRL+ALT+NUMBER PAD ALT+PRINT
Places an image of active window onto the TS clipboard
MINUS SCREEN
CTRL+ALT+NUMBER PAD Places an image of the entire Terminal Services client
PRINT SCREEN
PLUS on the Terminal Services clipboard
Back to the top

Troubleshooting

Cannot Connect Because of a Firewall Between the Client and the Server
Terminal Services operates over TCP port 3389. If a firewall is protecting the server to which you want to
connect, that firewall must permit inbound connections to the server's TCP port 3389. If you are running
the client from behind a firewall, that firewall must permit outbound connections to TCP port 3389. Check
with your firewall administrator for assistance.

Terminal Services - Remote Control your W2K Server

Overview

Looking for a way to remote control your Windows 2000 Server without actually sitting in front of it? If you
have one of the Server editions of Windows then you're in luck. You can use Terminal Services which
works quite well and it's free!

Terminal Services runs in two modes:

• Remote Administration
• Application Server Mode

We're interested in the Remote Administration mode because it is what we want to do and because the
Application Server mode requires additional licensing.

Here is an overview of how Terminal Services works. You have Terminal Services run on your Server and
it sits there and waits for a remote computer to connect to it. This will be referred to as "Terminal
Services Server". How does a remote computer connect to Terminal Services? There are two ways.

How Terminal Services works

The first way is to install a Terminal Services client on each of the computers you will use to remotely
administer the server. This will be referred to as "Terminal Services Client". You will have to create
client disks using a built-in program. This method works well, but you have to install the Terminal Services
Client software on each computer you use to administer the server. This could be a problem if you want to
have the freedom to remotely control your server from a variety of places such as school, the library, or
from a friends computer. We don't think you want to install the client in all of those places. However, this
method is fairly secure because the only people who can administer your server also need the Terminal
Services Client.

The second way requires that you install a special module called the Terminal Services Advanced Client
which can be downloaded from Microsoft.com. This will be called the "Terminal Services Advanced
Client". We have no idea what Microsoft decided to call it "Advanced Client" because there is really
nothing advanced about it. This module allows you to log into Terminal Services via any computer that
has a web browser and Active X. Of course there are still passwords required, but you get the
convenience of administering your server from any computer connected to the Internet.

These two methods of connecting to Terminal Services will be covered in different articles. Which of the
two methods you use to access Terminal Services is your choice

Terminal Services Server Configuration

Install Terminal Service

Start -> Settings -> Control Panel -> Add/Remove Programs ->
Add/Remove Windows Components.

Scroll down until you see the Terminal Services listing.

Check the box that is labeled "Terminal Services". For remote administration, you DO NOT need to check
the box labeled "Terminal Services Licensing".
The next window allows you to choose between "Remote Administration Mode" and "Application Server
Mode". We are interested in the Remote Administration Mode so that we can manage the server from
across the Internet.

Configure Terminal Service

Start -> Settings -> Control Panel -> Administrative Tools

Let's take a look at the Terminal Services Manager. Double click on the "Terminal Services Manager"
icon.

Here we can see who is connected to the Terminal Services and other monitoring information. Nothing to
really do here. Just to keep tabs on who is remotely administering your server.

Next, we'll look at the Terminal Services Configuration. Double click on the "Terminal Services
Configuration" icon. Click on "Server Settings". Here you can change the settings of how Terminal
Services runs. Everything can be safely left at the default settings. By default, Terminal Services Server
and Client talk to each other over port 3389.
Now, your Terminal Service is up and running and you are ready to allow client devices to access a virtual
Windows 2000 Professional desktop session and Windows-based programs running on the Server.
Terminal Services Client Configuration

On your Terminal Services Server, there is an icon labeled "Terminal Services Client Creator" which
creates disks that are used to install the Terminal Services Client program on the computer you plan to
use to remote administer the server. You must install this client program on each computer you plan on
using to remote administer the server.

Double click on the "Terminal Services Client Creator" icon. You will see the following screen. You must
choose which version of windows (16-bit or 32-bit) the client disks should support. As a gross
simplification, windows 3.1 is 16-bit while windows 95 and later are 32-bit. The 16 bit version of the
Terminal Services Client requires 4 disks while the 32 bit version of TS Client requires only 2 disks.

Choose which version of the client you require and follow the directions. After you are done making the
Terminal Services Client disks, you can now install the Terminal Services Client on any computer you will
use to remotely administer your server.

Port Forwading

The client computer that you use to remote administer your server can be on the external WAN or the
internal LAN. If you are using a LAN computer to access Terminal Services on your server, then you do
not need to do anything with your router. However, if you are planning on accessing Terminal Services
from a computer across the Internet, you will need to forward port 3389 to your server. This is very
important since Terminal Services listens on port 3389.

Install Terminal Services Client

Let's install the Terminal Services Client on a computer that you will use to remote administer your server.
Insert the first Terminal Services Client floppy disk into your disk drive and click setup.exe. After this you
are ready to connect using Terminal Services Client.
Once you connect to you server through Terminal Services, you have full control over the server.
However, the desktop you see is not exactly the one that is open on the server itself. The Terminal
Services logs in separately, so technically, it is a different session. However, everything you do in the
Terminal Services session will be executed on the server.

Once you are done working with terminal services, how do you get out?

Go to "Start -> Shut Down". You'll see four options.

Log off This shuts down all applications and terminates your Terminal Services session.

Shut down This physically shuts down the computer and does not give you a way to restart the
computer. Be careful.

Restart This physically restarts the computer and in the process breaks your Terminal
Services connection. However, you will be able to reconnect once the server
reboots.

Disconnect This is like logging off, but leaves your applications and open so you can reconnect
and pick up work where you left off.

Download Terminal Services Client

If you do not have a Windows 2000 Server machine, you can download the two disks from here.