fbpx
Wikipedia

Remote Desktop Services

February 16, 2024

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier,[1] is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session[2] on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems,[3] receiving updates and improvements with each version of Windows.[4] Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2[5] in 2009.

Remote Desktop Services
Other namesTerminal Services
Developer(s)Microsoft
Operating systemMicrosoft Windows
Service nameTermService
TypeRemote desktop software
Websitedocs.microsoft.com/en-us/windows/win32/termserv/terminal-services-portal

RDS is Microsoft's implementation of thin client architecture, where Windows software, and the entire desktop of the computer running RDS, are made accessible to any remote client machine that supports Remote Desktop Protocol (RDP). User interfaces are displayed from the server onto the client system and input from the client system is transmitted to the server - where software execution takes place.[6] This is in contrast to application streaming systems, like Microsoft App-V, in which computer programs are streamed to the client on-demand and executed on the client machine.

RemoteFX was added to RDS as part of Windows Server 2008 R2 Service Pack 1.

Overview edit

Windows includes three client components that use RDS:

  1. Quick Assist (Windows 10 and later) and Windows Remote Assistance (Windows XP through Windows 8.1)
  2. Remote Desktop Connection (RDC)
  3. Fast user switching

The first two are individual utilities that allow a user to operate an interactive session on a remote computer over the network. In case of Remote Assistance, the remote user needs to receive an invitation and the control is cooperative. In case of RDC, however, the remote user opens a new session on the remote computer and has every power granted by its user account's rights and restrictions.[6][7][8] Fast User Switching allows users to switch between user accounts on the local computer without quitting software and logging out. Fast User Switching is part of Winlogon and uses RDS to accomplish its switching feature.[9][10] Third-party developers have also created client software for RDS. For example, rdesktop supports Unix platforms.

Although RDS is shipped with most editions of all versions of Windows NT since Windows 2000,[3] its functionality differs in each version. Windows XP Home Edition does not accept any RDC connections at all, reserving RDS for Fast User Switching and Remote Assistance only. Other client versions of Windows only allow a maximum of one remote user to connect to the system at the cost of the user who has logged onto the console being disconnected. Windows Server allows two users to connect at the same time. This licensing scheme, called "Remote Desktop for Administration", facilitates administration of unattended or headless computers. Only by acquiring additional licenses (in addition to that of Windows) can a computer running Windows Server service multiple remote users at one time and achieve virtual desktop infrastructure.[5][9]

For an organization, RDS allows the IT department to install applications on a central server instead of multiple computers.[11] Remote users can log on and use those applications over the network. Such centralization can make maintenance and troubleshooting easier. RDS and Windows authentication systems prevent unauthorized users from accessing apps or data.

Microsoft has a long-standing agreement with Citrix to facilitate sharing of technologies and patent licensing between Microsoft Terminal Services and Citrix XenApp (formerly Citrix MetaFrame and Citrix Presentation Server). In this arrangement, Citrix has access to key source code for the Windows platform, enabling its developers to improve the security and performance of the Terminal Services platform. In late December 2004 the two companies announced a five-year renewal of this arrangement to cover Windows Vista.[12]

Server components edit

The key server component of RDS is Terminal Server (termdd.sys), which listens on TCP port 3389. When a Remote Desktop Protocol (RDP) client connects to this port, it is tagged with a unique SessionID and associated with a freshly spawned console session (Session 0, keyboard, mouse and character mode UI only). The login subsystem (winlogon.exe) and the GDI graphics subsystem is then initiated, which handles the job of authenticating the user and presenting the GUI. These executables are loaded in a new session, rather than the console session. When creating the new session, the graphics and keyboard/mouse device drivers are replaced with RDP-specific drivers: RdpDD.sys and RdpWD.sys. The RdpDD.sys is the device driver and it captures the UI rendering calls into a format that is transmittable over RDP. RdpWD.sys acts as keyboard and mouse driver; it receives keyboard and mouse input over the TCP connection and presents them as keyboard or mouse inputs. It also allows creation of virtual channels, which allow other devices, such as disc, audio, printers, and COM ports to be redirected, i.e., the channels act as replacement for these devices. The channels connect to the client over the TCP connection; as the channels are accessed for data, the client is informed of the request, which is then transferred over the TCP connection to the application. This entire procedure is done by the terminal server and the client, with the RDP mediating the correct transfer, and is entirely transparent to the applications.[13] RDP communications are encrypted using 128-bit RC4 encryption. Windows Server 2003 onwards, it can use a FIPS 140 compliant encryption schemes.[6]

Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server, it loads up the device as well as the keyboard/mouse drivers. The UI data received over RDP is decoded and rendered as UI, whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers, and transmitted over RDP to the server. It also creates the other virtual channels and sets up the redirection. RDP communication can be encrypted; using either low, medium or high encryption. With low encryption, user input (outgoing data) is encrypted using a weak (40-bit RC4) cipher. With medium encryption, UI packets (incoming data) are encrypted using this weak cipher as well. The setting "High encryption (Non-export)" uses 128-bit RC4 encryption and "High encryption (Export)" uses 40-bit RC4 encryption.[14]

Terminal Server edit

Terminal Server is the server component of Terminal services. It handles the job of authenticating clients, as well as making the applications available remotely. It is also entrusted with the job of restricting the clients according to the level of access they have. The Terminal Server respects the configured software restriction policies, so as to restrict the availability of certain software to only a certain group of users. The remote session information is stored in specialized directories, called Session Directory which is stored at the server. Session directories are used to store state information about a session, and can be used to resume interrupted sessions. The terminal server also has to manage these directories. Terminal Servers can be used in a cluster as well.[6]

In Windows Server 2008, it has been significantly overhauled. While logging in, if the user logged on to the local system using a Windows Server Domain account, the credentials from the same sign-on can be used to authenticate the remote session. However, this requires Windows Server 2008 to be the terminal server OS, while the client OS is limited to Windows Server 2008, Windows Vista and Windows 7. In addition, the terminal server may be configured to allow connection to individual programs, rather than the entire desktop, by means of a feature named RemoteApp. Terminal Services Web Access (TS Web Access) makes a RemoteApp session invocable from the web browser. It includes the TS Web Access Web Part control which maintains the list of RemoteApps deployed on the server and keeps the list up to date. Terminal Server can also integrate with Windows System Resource Manager to throttle resource usage of remote applications.[4]

Terminal Server is managed by the Terminal Server Manager Microsoft Management Console snap-in. It can be used to configure the sign in requirements, as well as to enforce a single instance of remote session. It can also be configured by using Group Policy or Windows Management Instrumentation. It is, however, not available in client versions of Windows OS, where the server is pre-configured to allow only one session and enforce the rights of the user account on the remote session, without any customization.[6]

Remote Desktop Gateway edit

The Remote Desktop Gateway service component, also known as RD Gateway, can tunnel the RDP session using a HTTPS channel.[15] This increases the security of RDS by encapsulating the session with Transport Layer Security (TLS).[16] This also allows the option to use Internet Explorer as the RDP client. The official MS RDP client for macOS supports RD Gateway as of version 8. This is also available for iOS and Android.

This feature was introduced in the Windows Server 2008 and Windows Home Server products.

In October 2021, Thincast, the main contributor of the FreeRDP project, published the first Remote Desktop Gateway solution running natively on Linux.[17]

Remote Desktop HTML5 Web Client edit

In late 2018 Microsoft released the Remote Desktop HTML5 Web Client. The client allows users to connect to their remote apps or to their remote desktops without using an installed remote desktop client.[18][19] The web client uses the TLS secured port 443 and does not use the RD Gateway to transport traffic, instead relying solely on the remote desktop session host aspect of remote desktop services.[20][21]

Roles edit

Remote Desktop Gateway
Enables authorized users to connect to virtual desktops, Remote-App programs, and session-based desktops over a private network or the Internet.
Remote Desktop Connection Broker Role
Allows users to reconnect to their existing virtual desktop, RemoteApp programs, and session-based desktops. It enables even load distribution across RD Session Host servers in a session collection or across pooled virtual desktops in a pooled virtual desktop collection, and provides access to virtual desktops in a virtual desktop collection.
Remote Desktop Session Host
Enables a server to host RemoteApp programs as session-based desktops. Users can connect to RD Session Host servers in a session collection to run programs, save files, and use resources on those servers. Users can access Remote Desktop Session Host server by using the Remote Desktop Connection client or by using RemoteApp programs.
Remote Desktop Virtualization Host
Enables users to connect to virtual desktops by using RemoteApp and Desktop Connection.
Remote Desktop Web Access
Enables users to access RemoteApp and Desktop Connection through the Start Menu or through a web browser. RemoteApp and Desktop Connection provides users with a customized view of RemoteApp programs, session-based desktops, and virtual desktops.
Remote Desktop Licensing
Enables a server to manage RDS client access licenses (RDS CALs) that are required for each device or user to connect to a Remote Desktop Session Host server. RDS CALs are managed using the Remote Desktop Licensing Manager application.[22]

RemoteApp edit

RemoteApp (or TS RemoteApp) is a special mode of RDS, available in Windows Server 2008 R2 and later, where remote session configuration is integrated into the client operating system. The RDP 6.1 client ships with Windows XP SP3, KB952155 for Windows XP SP2 users,[23] Windows Vista SP1 and Windows Server 2008. The UI for the RemoteApp is rendered in a window over the local desktop, and is managed like any other window for local applications. The end result of this is that remote applications behave largely like local applications. The task of establishing the remote session, as well as redirecting local resources to the remote application, is transparent to the end user.[24] Multiple applications can be started in a single RemoteApp session, each with their own windows.[25]

A RemoteApp can be packaged either as a .rdp file or distributed via an .msi Windows Installer package. When packaged as an .rdp file (which contains the address of the RemoteApp server, authentication schemes to be used, and other settings), a RemoteApp can be launched by double clicking the file. It will invoke the Remote Desktop Connection client, which will connect to the server and render the UI. The RemoteApp can also be packaged in a Windows Installer database, installing which can register the RemoteApp in the Start menu as well as create shortcuts to launch it. A RemoteApp can also be registered as handler for file types or URIs. Opening a file registered with RemoteApp will first invoke Remote Desktop Connection, which will connect to the terminal server and then open the file. Any application which can be accessed over Remote Desktop can be served as a RemoteApp.[24]

Windows 7 includes built-in support for RemoteApp publishing, but it has to be enabled manually in registry, since there is no RemoteApp management console in client versions of Microsoft Windows.[26]

Windows Desktop Sharing edit

In Windows Vista onwards, Terminal Services also includes a multi-party desktop sharing capability known as Windows Desktop Sharing. Unlike Terminal Services, which creates a new user session for every RDP connection, Windows Desktop Sharing can host the remote session in the context of the currently logged in user without creating a new session, and make the Desktop, or a subset of it, available over RDP.[27] Windows Desktop Sharing can be used to share the entire desktop, a specific region, or a particular application.[28] Windows Desktop Sharing can also be used to share multi-monitor desktops. When sharing applications individually (rather than the entire desktop), the windows are managed (whether they are minimized or maximized) independently at the server and the client side.[28]

The functionality is only provided via a public API, which can be used by any application to provide screen sharing functionality. Windows Desktop Sharing API exposes two objects: RDPSession for the sharing session and RDPViewer for the viewer. Multiple viewer objects can be instantiated for one Session object. A viewer can either be a passive viewer, who is just able to watch the application like a screencast, or an interactive viewer, who is able to interact in real time with the remote application.[27] The RDPSession object contains all the shared applications, represented as Application objects, each with Window objects representing their on-screen windows. Per-application filters capture the application Windows and package them as Window objects.[29] A viewer must authenticate itself before it can connect to a sharing session. This is done by generating an Invitation using the RDPSession. It contains an authentication ticket and password. The object is serialized and sent to the viewers, who need to present the Invitation when connecting.[27][29]

Windows Desktop Sharing API is used by Windows Meeting Space and Windows Remote Assistance for providing application sharing functionality among network peers.[28]

Network Level Authentication edit

Network Level Authentication (NLA) is a feature of RDP Server or Remote Desktop Connection (RDP Client) that requires the connecting user to authenticate themselves before a session is established with the server.

Originally, if a user opened an RDP (remote desktop) session to a server it would load the login screen from the server for the user. This would use up resources on the server, and was a potential area for denial of service attacks as well as remote code execution attacks (see BlueKeep). Network Level Authentication delegates the user's credentials from the client through a client-side Security Support Provider and prompts the user to authenticate before establishing a session on the server.

Network Level Authentication was introduced in RDP 6.0 and supported initially in Windows Vista. It uses the new Security Support Provider, CredSSP, which is available through SSPI in Windows Vista. With Windows XP Service Pack 3, CredSSP was introduced on that platform and the included RDP 6.1 Client supports NLA; however CredSSP must be enabled in the registry first.[30][31]

Advantages edit

The advantages of Network Level Authentication are:

  • It requires fewer remote computer resources initially, by preventing the initiation of a full remote desktop connection until the user is authenticated, reducing the risk of denial-of-service attacks.
  • It allows NT Single sign-on (SSO) to extend to RDP Services.
  • It can help mitigate Remote Desktop vulnerabilities that can only be exploited prior to authentication. [32]

Disadvantages edit

  • No support for other credential providers
  • To use Network Level Authentication in Remote Desktop Services, the client must be running Windows XP SP3 or later, and the host must be running Windows Vista or later [33] or Windows Server 2008 or later.
  • Support for RDP Servers requiring Network Level Authentication needs to be configured via registry keys for use on Windows XP SP3.
  • Not possible to change password via CredSSP. This is a problem when "User must change password at next logon" is enabled or if an account's password expires.
  • Requires "Access this computer from the network" privilege, which may be restricted for other reasons.
  • The IP addresses of the clients trying to log in will not be stored in the security audit logs, making it harder to block brute force or dictionary attacks by means of a firewall.
  • Smart card authentication from one domain to another using a remote desktop gateway is not supported with NLA enabled on the end client.

Client software edit

Remote Desktop Connection edit

 
Remote Desktop Connection client on macOS

Remote Desktop Connection (RDC, also called Remote Desktop or just RD,[34][35] formerly known as Microsoft Terminal Services Client, mstsc or tsclient in Windows 2000 and prior)[36][37] is the client application for RDS. It allows a user to remotely log into a networked computer running the terminal services server. RDC presents the desktop interface (or application GUI) of the remote system, as if it were accessed locally.[6] In addition to regular username/password for authorizing for the remote session, RDC also supports using smart cards for authorization.[6]

RDC 6.0 was released as part of Windows Vista. With RDC 6.0, the resolution of a remote session can be set independently of the settings at the remote computer. If the Desktop Experience component is plugged into the remote server, remote application user interface elements (e.g., application windows borders, Maximize, Minimize, and Close buttons etc.) will take on the same appearance of local applications. In this scenario, the remote applications will use the Aero theme if the user connects to the server from a Windows Vista machine running Aero.[4] Later versions of the protocol also support rendering the UI in full 32-bit color, as well as resource redirection for printers, COM ports, disk drives, mice and keyboards. With resource redirection, remote applications can use the resources of the local computer. Audio is also redirected, so that any sounds generated by a remote application are played back at the client system.[6][4] Moreover, a remote session can also span multiple monitors at the client system, independent of the multi-monitor settings at the server. RDC can also be used to connect to Windows Media Center (WMC) remote sessions; however, since WMC does not stream video using RDP, only the applications can be viewed this way, not any media.

RDC prioritizes UI data as well as keyboard and mouse inputs, as opposed to print jobs or file transfers. so as to make the applications more responsive. It redirects plug and play devices such as cameras, portable music players, and scanners, so that input from these devices can be used by the remote applications as well.[4] RDC can also be used to connect to computers which are exposed via Windows Home Server RDP Gateway over the Internet.[38] Finally, few shortcuts that will be handy

  • To achieve Ctrl+Alt+Del effect on remote desktop, you can use the Ctrl+Alt+End key combination.
  • To alternate between the full screen and window mode of remote desktop, you can use Ctrl+Alt+Break ( Ctrl+Fn+Alt+⇧ Shift on certain HP laptops).

Other clients edit

Microsoft produces an official client for a variety of non Windows platforms:

  • Windows Mobile[39][40]
  • MacOS: Microsoft Remote Desktop for Mac
  • Android: Microsoft Remote Desktop
  • iOS and iPadOS: Microsoft Remote Desktop

There have been numerous non-Microsoft implementations of clients that implement subsets of the Microsoft functionality for a range of platforms. The most common are:

  • FreeRDP - Open Source under Apache license
  • rdesktop for Linux/Unix and Microsoft Windows
  • Remmina for Linux (based on FreeRDP)
  • CoRD for macOS (Discontinued in April 2020)
  • Thincast Client for Linux, macOS and Windows

See also edit

References edit

  1. ^ "Windows Remote Desktop Services spotlight". Retrieved 2010-11-18.
  2. ^ QuinnRadich. "Remote Desktop Sessions - Win32 apps". docs.microsoft.com. Retrieved 2022-07-09.
  3. ^ a b "Remote Desktop Connection". PC World. IDG. 17 August 2011.
  4. ^ a b c d e "Whats new in Terminal Services in Windows Server 2008". Retrieved 2007-07-23.
  5. ^ a b Russel, Charlie; Zacker, Craig (2009). (PDF). Introducing Windows Server 2008 R2. Redmond, WA: Microsoft Press. Archived from the original (PDF) on 29 August 2017. Retrieved 11 January 2014.
  6. ^ a b c d e f g h . Microsoft. Archived from the original on 2003-01-26. Retrieved 2007-07-23.
  7. ^ "How to change the listening port for Remote Desktop". Retrieved 2010-11-18.
  8. ^ "Frequently Asked Questions about Remote Desktop". Microsoft. Retrieved 2007-07-23.
  9. ^ a b Russinovich, Mark; Solomon, David A.; Ionescu, Alex (2012). Windows Internals (6th ed.). Redmond, WA: Microsoft Press. pp. 20–21. ISBN 978-0-7356-4873-9.
  10. ^ "Architecture of Fast User Switching". Support. Microsoft. 15 January 2006. Retrieved 11 January 2014.
  11. ^ "Remote Services". Log me in 123.
  12. ^ . Citrix. 2004-12-21. Archived from the original on 2011-07-05. Retrieved 2012-04-13.
  13. ^ "How Terminal Services Works". Microsoft. 2003-03-28. Retrieved 2007-07-23.
  14. ^ "Connection Configuration in Terminal Server". Support (5.0 ed.). Microsoft. 22 June 2014.
  15. ^ "Terminal Services Gateway (TS Gateway)". Microsoft TechNet. Retrieved 2009-09-10.
  16. ^ "Remote Desktop Protocol". Microsoft Developer Network (MSDN). Retrieved 2009-09-10.
  17. ^ "RD Gateway Documentation". Thincast. Retrieved 2021-10-17.
  18. ^ Waggoner, Rob. "Microsoft Has Released the HTML5-Based RDP Web Client". blog.mycloudit.com. Retrieved 2020-05-10.
  19. ^ "Remote Desktop HTML5 client on Windows Server 2019". msfreaks. 2018-10-06. Retrieved 2020-05-10.
  20. ^ "RD Web Client (HTML5) – New Features In 1.0.11". www.rdsgurus.com. Retrieved 2020-05-10.
  21. ^ Berson, Freek (2018-01-12). "The Microsoft Platform: HTML5 client for Microsoft Remote Desktop Services 2016: Remote Desktop Web Client". The Microsoft Platform. Retrieved 2020-05-10.
  22. ^ TechNet: Remote Desktop Licensing
  23. ^ "Description of the Remote Desktop Connection 6.1 client update for Terminal Services in Windows XP Service Pack 2". Retrieved 2010-11-18.
  24. ^ a b "Terminal Services RemoteApp (TS RemoteApp)". Retrieved 2007-07-23.
  25. ^ "Terminal Services RemoteApp Session Termination Logic". Retrieved 2007-10-02.
  26. ^ "How to enable RemoteApp (via RDP 7.0) within VirtualBox or VMWare running Windows 7, Vista SP1+ or Windows XP SP3". Retrieved 2010-11-18.
  27. ^ a b c "Windows Desktop Sharing". Retrieved 2007-10-11.
  28. ^ a b c "Windows Desktop Sharing API". Retrieved 2007-10-11.
  29. ^ a b "About Windows Desktop Sharing". Retrieved 2007-10-11.
  30. ^ . Archived from the original on 2017-09-18.
  31. ^ "Description of the Remote Desktop Connection 6.1 client update for Terminal Services". Microsoft. 2011-09-23. Retrieved 2020-05-07.
  32. ^ Simon Pope (2019-05-14). "Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)". Microsoft Security Response Center. Retrieved 2020-05-07.
  33. ^ "Configure Network Level Authentication for Remote Desktop Services Connections". Microsoft TechNet. 2009-11-17. Retrieved 2020-05-07.
  34. ^ "Remote Desktop Services - Access from anywhere". Microsoft.
  35. ^ "Get started with the Android client". Microsoft.
  36. ^ "Why doesn't the New Folder command work in the root of a redirected drive resource in a Remote Desktop session?". The Old New Thing. Microsoft. 17 December 2013. Retrieved 18 December 2013.
  37. ^ Savill, John (1 October 2008). The Complete Guide to Windows Server 2008. Pearson Education. p. 1752. ISBN 978-0-13-279758-0. Retrieved 1 June 2012. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 all contain the RDC tool, mstsc.exe [...] MSTSC in the filename mstsc.exe stands for Microsoft Terminal Services Client.
  38. ^ "Remote Desktop Connection". Remote Support.
  39. ^ Drager, Dave (27 March 2008). "How to Remotely Control your Mobile Phone from Desktop". MakeUseOf. Retrieved 27 January 2022.
  40. ^ Miniman, Brandon (2009-03-16). . PocketNow. Archived from the original on 2009-08-01. Retrieved 27 January 2022.

External links edit

  • Welcome to Remote Desktop Services
  • "Configure Network Level Authentication for Remote Desktop Services Connections". Microsoft TechNet. 17 November 2009.
  • . Microsoft Corporation. Archived from the original on 2016-06-08.

February 16, 2024
remote, desktop, services, known, terminal, services, windows, server, 2008, earlier, components, microsoft, windows, that, allow, user, initiate, control, interactive, session, remote, computer, virtual, machine, over, network, connection, first, released, 19. Remote Desktop Services RDS known as Terminal Services in Windows Server 2008 and earlier 1 is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session 2 on a remote computer or virtual machine over a network connection RDS was first released in 1998 as Terminal Server in Windows NT 4 0 Terminal Server Edition a stand alone edition of Windows NT 4 0 Server that allowed users to log in remotely Starting with Windows 2000 it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems 3 receiving updates and improvements with each version of Windows 4 Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 5 in 2009 Remote Desktop ServicesOther namesTerminal ServicesDeveloper s MicrosoftOperating systemMicrosoft WindowsService nameTermServiceTypeRemote desktop softwareWebsitedocs wbr microsoft wbr com wbr en us wbr windows wbr win32 wbr termserv wbr terminal services portalRDS is Microsoft s implementation of thin client architecture where Windows software and the entire desktop of the computer running RDS are made accessible to any remote client machine that supports Remote Desktop Protocol RDP User interfaces are displayed from the server onto the client system and input from the client system is transmitted to the server where software execution takes place 6 This is in contrast to application streaming systems like Microsoft App V in which computer programs are streamed to the client on demand and executed on the client machine RemoteFX was added to RDS as part of Windows Server 2008 R2 Service Pack 1 Contents 1 Overview 2 Server components 2 1 Terminal Server 2 2 Remote Desktop Gateway 2 3 Remote Desktop HTML5 Web Client 2 4 Roles 2 5 RemoteApp 2 6 Windows Desktop Sharing 3 Network Level Authentication 3 1 Advantages 3 2 Disadvantages 4 Client software 4 1 Remote Desktop Connection 4 2 Other clients 5 See also 6 References 7 External linksOverview editWindows includes three client components that use RDS Quick Assist Windows 10 and later and Windows Remote Assistance Windows XP through Windows 8 1 Remote Desktop Connection RDC Fast user switchingThe first two are individual utilities that allow a user to operate an interactive session on a remote computer over the network In case of Remote Assistance the remote user needs to receive an invitation and the control is cooperative In case of RDC however the remote user opens a new session on the remote computer and has every power granted by its user account s rights and restrictions 6 7 8 Fast User Switching allows users to switch between user accounts on the local computer without quitting software and logging out Fast User Switching is part of Winlogon and uses RDS to accomplish its switching feature 9 10 Third party developers have also created client software for RDS For example rdesktop supports Unix platforms Although RDS is shipped with most editions of all versions of Windows NT since Windows 2000 3 its functionality differs in each version Windows XP Home Edition does not accept any RDC connections at all reserving RDS for Fast User Switching and Remote Assistance only Other client versions of Windows only allow a maximum of one remote user to connect to the system at the cost of the user who has logged onto the console being disconnected Windows Server allows two users to connect at the same time This licensing scheme called Remote Desktop for Administration facilitates administration of unattended or headless computers Only by acquiring additional licenses in addition to that of Windows can a computer running Windows Server service multiple remote users at one time and achieve virtual desktop infrastructure 5 9 For an organization RDS allows the IT department to install applications on a central server instead of multiple computers 11 Remote users can log on and use those applications over the network Such centralization can make maintenance and troubleshooting easier RDS and Windows authentication systems prevent unauthorized users from accessing apps or data Microsoft has a long standing agreement with Citrix to facilitate sharing of technologies and patent licensing between Microsoft Terminal Services and Citrix XenApp formerly Citrix MetaFrame and Citrix Presentation Server In this arrangement Citrix has access to key source code for the Windows platform enabling its developers to improve the security and performance of the Terminal Services platform In late December 2004 the two companies announced a five year renewal of this arrangement to cover Windows Vista 12 Server components editThe key server component of RDS is Terminal Server termdd sys which listens on TCP port 3389 When a Remote Desktop Protocol RDP client connects to this port it is tagged with a unique SessionID and associated with a freshly spawned console session Session 0 keyboard mouse and character mode UI only The login subsystem winlogon exe and the GDI graphics subsystem is then initiated which handles the job of authenticating the user and presenting the GUI These executables are loaded in a new session rather than the console session When creating the new session the graphics and keyboard mouse device drivers are replaced with RDP specific drivers RdpDD sys and RdpWD sys The RdpDD sys is the device driver and it captures the UI rendering calls into a format that is transmittable over RDP RdpWD sys acts as keyboard and mouse driver it receives keyboard and mouse input over the TCP connection and presents them as keyboard or mouse inputs It also allows creation of virtual channels which allow other devices such as disc audio printers and COM ports to be redirected i e the channels act as replacement for these devices The channels connect to the client over the TCP connection as the channels are accessed for data the client is informed of the request which is then transferred over the TCP connection to the application This entire procedure is done by the terminal server and the client with the RDP mediating the correct transfer and is entirely transparent to the applications 13 RDP communications are encrypted using 128 bit RC4 encryption Windows Server 2003 onwards it can use a FIPS 140 compliant encryption schemes 6 Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server it loads up the device as well as the keyboard mouse drivers The UI data received over RDP is decoded and rendered as UI whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers and transmitted over RDP to the server It also creates the other virtual channels and sets up the redirection RDP communication can be encrypted using either low medium or high encryption With low encryption user input outgoing data is encrypted using a weak 40 bit RC4 cipher With medium encryption UI packets incoming data are encrypted using this weak cipher as well The setting High encryption Non export uses 128 bit RC4 encryption and High encryption Export uses 40 bit RC4 encryption 14 Terminal Server edit Terminal Server is the server component of Terminal services It handles the job of authenticating clients as well as making the applications available remotely It is also entrusted with the job of restricting the clients according to the level of access they have The Terminal Server respects the configured software restriction policies so as to restrict the availability of certain software to only a certain group of users The remote session information is stored in specialized directories called Session Directory which is stored at the server Session directories are used to store state information about a session and can be used to resume interrupted sessions The terminal server also has to manage these directories Terminal Servers can be used in a cluster as well 6 In Windows Server 2008 it has been significantly overhauled While logging in if the user logged on to the local system using a Windows Server Domain account the credentials from the same sign on can be used to authenticate the remote session However this requires Windows Server 2008 to be the terminal server OS while the client OS is limited to Windows Server 2008 Windows Vista and Windows 7 In addition the terminal server may be configured to allow connection to individual programs rather than the entire desktop by means of a feature named RemoteApp Terminal Services Web Access TS Web Access makes a RemoteApp session invocable from the web browser It includes the TS Web Access Web Part control which maintains the list of RemoteApps deployed on the server and keeps the list up to date Terminal Server can also integrate with Windows System Resource Manager to throttle resource usage of remote applications 4 Terminal Server is managed by the Terminal Server Manager Microsoft Management Console snap in It can be used to configure the sign in requirements as well as to enforce a single instance of remote session It can also be configured by using Group Policy or Windows Management Instrumentation It is however not available in client versions of Windows OS where the server is pre configured to allow only one session and enforce the rights of the user account on the remote session without any customization 6 Remote Desktop Gateway edit The Remote Desktop Gateway service component also known as RD Gateway can tunnel the RDP session using a HTTPS channel 15 This increases the security of RDS by encapsulating the session with Transport Layer Security TLS 16 This also allows the option to use Internet Explorer as the RDP client The official MS RDP client for macOS supports RD Gateway as of version 8 This is also available for iOS and Android This feature was introduced in the Windows Server 2008 and Windows Home Server products In October 2021 Thincast the main contributor of the FreeRDP project published the first Remote Desktop Gateway solution running natively on Linux 17 Remote Desktop HTML5 Web Client edit In late 2018 Microsoft released the Remote Desktop HTML5 Web Client The client allows users to connect to their remote apps or to their remote desktops without using an installed remote desktop client 18 19 The web client uses the TLS secured port 443 and does not use the RD Gateway to transport traffic instead relying solely on the remote desktop session host aspect of remote desktop services 20 21 Roles edit Remote Desktop Gateway Enables authorized users to connect to virtual desktops Remote App programs and session based desktops over a private network or the Internet Remote Desktop Connection Broker Role Allows users to reconnect to their existing virtual desktop RemoteApp programs and session based desktops It enables even load distribution across RD Session Host servers in a session collection or across pooled virtual desktops in a pooled virtual desktop collection and provides access to virtual desktops in a virtual desktop collection Remote Desktop Session Host Enables a server to host RemoteApp programs as session based desktops Users can connect to RD Session Host servers in a session collection to run programs save files and use resources on those servers Users can access Remote Desktop Session Host server by using the Remote Desktop Connection client or by using RemoteApp programs Remote Desktop Virtualization Host Enables users to connect to virtual desktops by using RemoteApp and Desktop Connection Remote Desktop Web Access Enables users to access RemoteApp and Desktop Connection through the Start Menu or through a web browser RemoteApp and Desktop Connection provides users with a customized view of RemoteApp programs session based desktops and virtual desktops Remote Desktop Licensing Enables a server to manage RDS client access licenses RDS CALs that are required for each device or user to connect to a Remote Desktop Session Host server RDS CALs are managed using the Remote Desktop Licensing Manager application 22 RemoteApp edit RemoteApp or TS RemoteApp is a special mode of RDS available in Windows Server 2008 R2 and later where remote session configuration is integrated into the client operating system The RDP 6 1 client ships with Windows XP SP3 KB952155 for Windows XP SP2 users 23 Windows Vista SP1 and Windows Server 2008 The UI for the RemoteApp is rendered in a window over the local desktop and is managed like any other window for local applications The end result of this is that remote applications behave largely like local applications The task of establishing the remote session as well as redirecting local resources to the remote application is transparent to the end user 24 Multiple applications can be started in a single RemoteApp session each with their own windows 25 A RemoteApp can be packaged either as a rdp file or distributed via an msi Windows Installer package When packaged as an rdp file which contains the address of the RemoteApp server authentication schemes to be used and other settings a RemoteApp can be launched by double clicking the file It will invoke the Remote Desktop Connection client which will connect to the server and render the UI The RemoteApp can also be packaged in a Windows Installer database installing which can register the RemoteApp in the Start menu as well as create shortcuts to launch it A RemoteApp can also be registered as handler for file types or URIs Opening a file registered with RemoteApp will first invoke Remote Desktop Connection which will connect to the terminal server and then open the file Any application which can be accessed over Remote Desktop can be served as a RemoteApp 24 Windows 7 includes built in support for RemoteApp publishing but it has to be enabled manually in registry since there is no RemoteApp management console in client versions of Microsoft Windows 26 Windows Desktop Sharing edit In Windows Vista onwards Terminal Services also includes a multi party desktop sharing capability known as Windows Desktop Sharing Unlike Terminal Services which creates a new user session for every RDP connection Windows Desktop Sharing can host the remote session in the context of the currently logged in user without creating a new session and make the Desktop or a subset of it available over RDP 27 Windows Desktop Sharing can be used to share the entire desktop a specific region or a particular application 28 Windows Desktop Sharing can also be used to share multi monitor desktops When sharing applications individually rather than the entire desktop the windows are managed whether they are minimized or maximized independently at the server and the client side 28 The functionality is only provided via a public API which can be used by any application to provide screen sharing functionality Windows Desktop Sharing API exposes two objects RDPSession for the sharing session and RDPViewer for the viewer Multiple viewer objects can be instantiated for one Session object A viewer can either be a passive viewer who is just able to watch the application like a screencast or an interactive viewer who is able to interact in real time with the remote application 27 The RDPSession object contains all the shared applications represented as Application objects each with Window objects representing their on screen windows Per application filters capture the application Windows and package them as Window objects 29 A viewer must authenticate itself before it can connect to a sharing session This is done by generating an Invitation using the RDPSession It contains an authentication ticket and password The object is serialized and sent to the viewers who need to present the Invitation when connecting 27 29 Windows Desktop Sharing API is used by Windows Meeting Space and Windows Remote Assistance for providing application sharing functionality among network peers 28 Network Level Authentication editNetwork Level Authentication NLA is a feature of RDP Server or Remote Desktop Connection RDP Client that requires the connecting user to authenticate themselves before a session is established with the server Originally if a user opened an RDP remote desktop session to a server it would load the login screen from the server for the user This would use up resources on the server and was a potential area for denial of service attacks as well as remote code execution attacks see BlueKeep Network Level Authentication delegates the user s credentials from the client through a client side Security Support Provider and prompts the user to authenticate before establishing a session on the server Network Level Authentication was introduced in RDP 6 0 and supported initially in Windows Vista It uses the new Security Support Provider CredSSP which is available through SSPI in Windows Vista With Windows XP Service Pack 3 CredSSP was introduced on that platform and the included RDP 6 1 Client supports NLA however CredSSP must be enabled in the registry first 30 31 Advantages edit The advantages of Network Level Authentication are It requires fewer remote computer resources initially by preventing the initiation of a full remote desktop connection until the user is authenticated reducing the risk of denial of service attacks It allows NT Single sign on SSO to extend to RDP Services It can help mitigate Remote Desktop vulnerabilities that can only be exploited prior to authentication 32 Disadvantages edit No support for other credential providers To use Network Level Authentication in Remote Desktop Services the client must be running Windows XP SP3 or later and the host must be running Windows Vista or later 33 or Windows Server 2008 or later Support for RDP Servers requiring Network Level Authentication needs to be configured via registry keys for use on Windows XP SP3 Not possible to change password via CredSSP This is a problem when User must change password at next logon is enabled or if an account s password expires Requires Access this computer from the network privilege which may be restricted for other reasons The IP addresses of the clients trying to log in will not be stored in the security audit logs making it harder to block brute force or dictionary attacks by means of a firewall Smart card authentication from one domain to another using a remote desktop gateway is not supported with NLA enabled on the end client Client software editRemote Desktop Connection edit nbsp Remote Desktop Connection client on macOSRemote Desktop Connection RDC also called Remote Desktop or just RD 34 35 formerly known as Microsoft Terminal Services Client mstsc or tsclient in Windows 2000 and prior 36 37 is the client application for RDS It allows a user to remotely log into a networked computer running the terminal services server RDC presents the desktop interface or application GUI of the remote system as if it were accessed locally 6 In addition to regular username password for authorizing for the remote session RDC also supports using smart cards for authorization 6 RDC 6 0 was released as part of Windows Vista With RDC 6 0 the resolution of a remote session can be set independently of the settings at the remote computer If the Desktop Experience component is plugged into the remote server remote application user interface elements e g application windows borders Maximize Minimize and Close buttons etc will take on the same appearance of local applications In this scenario the remote applications will use the Aero theme if the user connects to the server from a Windows Vista machine running Aero 4 Later versions of the protocol also support rendering the UI in full 32 bit color as well as resource redirection for printers COM ports disk drives mice and keyboards With resource redirection remote applications can use the resources of the local computer Audio is also redirected so that any sounds generated by a remote application are played back at the client system 6 4 Moreover a remote session can also span multiple monitors at the client system independent of the multi monitor settings at the server RDC can also be used to connect to Windows Media Center WMC remote sessions however since WMC does not stream video using RDP only the applications can be viewed this way not any media RDC prioritizes UI data as well as keyboard and mouse inputs as opposed to print jobs or file transfers so as to make the applications more responsive It redirects plug and play devices such as cameras portable music players and scanners so that input from these devices can be used by the remote applications as well 4 RDC can also be used to connect to computers which are exposed via Windows Home Server RDP Gateway over the Internet 38 Finally few shortcuts that will be handy To achieve Ctrl Alt Del effect on remote desktop you can use the Ctrl Alt End key combination To alternate between the full screen and window mode of remote desktop you can use Ctrl Alt Break Ctrl Fn Alt Shift on certain HP laptops Other clients edit Microsoft produces an official client for a variety of non Windows platforms Windows Mobile 39 40 MacOS Microsoft Remote Desktop for Mac Android Microsoft Remote Desktop iOS and iPadOS Microsoft Remote DesktopThere have been numerous non Microsoft implementations of clients that implement subsets of the Microsoft functionality for a range of platforms The most common are FreeRDP Open Source under Apache license rdesktop for Linux Unix and Microsoft Windows Remmina for Linux based on FreeRDP CoRD for macOS Discontinued in April 2020 Thincast Client for Linux macOS and WindowsSee also editBlueKeep security vulnerability Windows MultiPoint Server Microsoft NetMeeting a discontinued Microsoft product also provides Shared desktop feature in the similar time frame of Windows NT Terminal Services Edition Virtual Network ComputingReferences edit Windows Remote Desktop Services spotlight Retrieved 2010 11 18 QuinnRadich Remote Desktop Sessions Win32 apps docs microsoft com Retrieved 2022 07 09 a b Remote Desktop Connection PC World IDG 17 August 2011 a b c d e Whats new in Terminal Services in Windows Server 2008 Retrieved 2007 07 23 a b Russel Charlie Zacker Craig 2009 4 Remote Desktop Services and VDI Centralizing Desktop and Application Management PDF Introducing Windows Server 2008 R2 Redmond WA Microsoft Press Archived from the original PDF on 29 August 2017 Retrieved 11 January 2014 a b c d e f g h Technical Overview of Terminal Services in Windows Server 2003 Microsoft Archived from the original on 2003 01 26 Retrieved 2007 07 23 How to change the listening port for Remote Desktop Retrieved 2010 11 18 Frequently Asked Questions about Remote Desktop Microsoft Retrieved 2007 07 23 a b Russinovich Mark Solomon David A Ionescu Alex 2012 Windows Internals 6th ed Redmond WA Microsoft Press pp 20 21 ISBN 978 0 7356 4873 9 Architecture of Fast User Switching Support Microsoft 15 January 2006 Retrieved 11 January 2014 Remote Services Log me in 123 Citrix and Microsoft Sign Technology Collaboration and Licensing Agreement Citrix 2004 12 21 Archived from the original on 2011 07 05 Retrieved 2012 04 13 How Terminal Services Works Microsoft 2003 03 28 Retrieved 2007 07 23 Connection Configuration in Terminal Server Support 5 0 ed Microsoft 22 June 2014 Terminal Services Gateway TS Gateway Microsoft TechNet Retrieved 2009 09 10 Remote Desktop Protocol Microsoft Developer Network MSDN Retrieved 2009 09 10 RD Gateway Documentation Thincast Retrieved 2021 10 17 Waggoner Rob Microsoft Has Released the HTML5 Based RDP Web Client blog mycloudit com Retrieved 2020 05 10 Remote Desktop HTML5 client on Windows Server 2019 msfreaks 2018 10 06 Retrieved 2020 05 10 RD Web Client HTML5 New Features In 1 0 11 www rdsgurus com Retrieved 2020 05 10 Berson Freek 2018 01 12 The Microsoft Platform HTML5 client for Microsoft Remote Desktop Services 2016 Remote Desktop Web Client The Microsoft Platform Retrieved 2020 05 10 TechNet Remote Desktop Licensing Description of the Remote Desktop Connection 6 1 client update for Terminal Services in Windows XP Service Pack 2 Retrieved 2010 11 18 a b Terminal Services RemoteApp TS RemoteApp Retrieved 2007 07 23 Terminal Services RemoteApp Session Termination Logic Retrieved 2007 10 02 How to enable RemoteApp via RDP 7 0 within VirtualBox or VMWare running Windows 7 Vista SP1 or Windows XP SP3 Retrieved 2010 11 18 a b c Windows Desktop Sharing Retrieved 2007 10 11 a b c Windows Desktop Sharing API Retrieved 2007 10 11 a b About Windows Desktop Sharing Retrieved 2007 10 11 Description of the Credential Security Support Provider CredSSP in Windows XP Service Pack 3 Archived from the original on 2017 09 18 Description of the Remote Desktop Connection 6 1 client update for Terminal Services Microsoft 2011 09 23 Retrieved 2020 05 07 Simon Pope 2019 05 14 Prevent a worm by updating Remote Desktop Services CVE 2019 0708 Microsoft Security Response Center Retrieved 2020 05 07 Configure Network Level Authentication for Remote Desktop Services Connections Microsoft TechNet 2009 11 17 Retrieved 2020 05 07 Remote Desktop Services Access from anywhere Microsoft Get started with the Android client Microsoft Why doesn t the New Folder command work in the root of a redirected drive resource in a Remote Desktop session The Old New Thing Microsoft 17 December 2013 Retrieved 18 December 2013 Savill John 1 October 2008 The Complete Guide to Windows Server 2008 Pearson Education p 1752 ISBN 978 0 13 279758 0 Retrieved 1 June 2012 Windows XP Windows Server 2003 Windows Vista and Windows Server 2008 all contain the RDC tool mstsc exe MSTSC in the filename mstsc exe stands for Microsoft Terminal Services Client Remote Desktop Connection Remote Support Drager Dave 27 March 2008 How to Remotely Control your Mobile Phone from Desktop MakeUseOf Retrieved 27 January 2022 Miniman Brandon 2009 03 16 Tutorial Setting up Remote Desktop in Windows Mobile PocketNow Archived from the original on 2009 08 01 Retrieved 27 January 2022 External links editWelcome to Remote Desktop Services Configure Network Level Authentication for Remote Desktop Services Connections Microsoft TechNet 17 November 2009 What types of Remote Desktop connections should I allow Microsoft Corporation Archived from the original on 2016 06 08 Retrieved from https en wikipedia org w index php title Remote Desktop Services amp oldid 1199185077, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.