Another change in the way the Terminal Services operate is the way permissions to run Remote Desktop sessions are set. In previous versions of Windows, ability to connect to Terminal Server (in Application Server mode) was granted to anyone who had the right to
login locally to the server (in Administration mode, the right to use Terminal Services session was limited by default only to members of the local Administrators group). Windows
Server 2003 servers include a built-in group called Remote Desktop Users. In order to allow a user or members of a global/universal group to access full
Terminal Server, you simply need to add the user or group account to this group.
Microsoft greatly improved manageability of Terminal Services. This include the following features:
- new Group Policy settings specific to Terminal Services
- WMI Provider for Terminal Services, which allows configuring and querying Terminal Services via
- ADSI provider for Terminal Service specific properties of user accounts (such as Remote Assistance permissions, home and profile directory, resource redirection settings,
- the ability to specify an individual server in the Terminal Services
Manager; in previous version of Windows, you had to wait until all Windows Terminal Servers for the domain were
- printer driver mapping between server and client has been improved to provide more accurate matches. In addition, when
a match can not be found, an administrator can specify the Trusted Driver Path to be used when searching for other printer drivers allowed on the Terminal
- single session policy allows limiting user access to one or more Terminal Servers to a single session.
In the area of scalability, Microsoft is introducing support for Session Directory. This improves manageability of Terminal Server Network Load Balancing clusters. Session Directory, which operates as a service on a Windows
Server 2003 Enterprise or Datacenter server (typically a member of the cluster) keeps track of existing sessions and if one of them gets disconnected, it ensures that the reconnection attempt is redirected to the server where original session is still running. In the previous version of Windows, this was not the case, so there was a chance that reconnection attempt would result in creation of a new session on a different server.
Finally, there are also significant differences in Terminal Services licensing mechanism:
- it is possible to limit the Terminal Servers that are able to obtain Client Access Licenses for clients connecting to them. This is done by adding computer accounts of these servers to the local group called Terminal Services Licensing which exists on the Terminal Services Licensing server (server which has Terminal Services Licensing component
- in addition to previously available per-device Client Access Licenses, per-user Client Access Licenses are also
- External Connector Licensing replaces Internet Connector Licensing available in Windows
- The Operating System Equivalency Provision is removed.
The last item requires some additional explanation. In the previous versions of Windows Terminal Services, Client Access Licenses were not required for client devices running the same (or newer) version of the operating system as the server. This meant that if your clients had installed Windows 2000 or Windows XP Professional and were connecting to Windows 2000 or Windows NT 4.0 Terminal Servers, you did not have to purchase any Terminal Server Client Access Licenses. Starting with the release date of Windows 2003 server platform (i.e. April 24, 2003), all newly purchased Windows client devices (regardless of the operating system) will require a separate TS Client Access License in order to connect to Windows 2003 Terminal Server.
Note that this means that the new licensing requirement does not apply to all purchases of Windows XP prior to April 24. In addition, companies
that have signed with Microsoft Software Assurance program are also not subjected to this new rule.