What’s new with Remote Desktop?

As of this past month, Microsoft released a new version of their Remote Desktop Connection (RDC) client with new features and enhancements. Also known as Terminal Services Client 6.0, the Remote Desktop Connection (RDC) – usually shortened to just ‘Remote Desktop’ – is a Microsoft based service that allows you to administer other Remote Desktop capable systems on your network. You have to enable it within your System properties and once you do, you can now ‘control’ that system remotely.

Although you can run Remote Desktop on just about any Microsoft Operating System dating back to Windows 95, this new client was developed to also help you utilize new Terminal Services features when using Windows Vista or Microsoft Windows Server 2008. There are many new enhancements in Windows Server 2008 such as the Terminal Services (TS) Gateway, new RemoteApp and Easy Print functions; a Session Broker enhanced Web Access and so on. If you administer Microsoft servers using this tool (or plan to), then you will appreciate any updates given to you to make your experience better. If you upgrade to 2008, then you will need this client to ensure you can use all the new features available. In this article, we will cover how to use Remote Desktop as well as what new features and updates the Remote Desktop Connection 6.0 client update contains.

Installation and Management

To install or upgrade RDC, use the links section at the end of this article to download the client from Microsoft.com that is appropriate for your current operating system. To enable and manage Remote Desktop, follow these steps:

1. Since you must first enable your computer to accept remote connections, open the System applet in the Control Panel as seen in Figure 1. If you are using Windows XP then select the Remote tab and then select the Allow users to connect remotely to this computer check box. If you are using Windows Server 2003 it will be slightly different. Select the Remote tab and then select the Enable Remote Desktop on this computer check box. Click OK.

Figure 1: Enabling Remote Desktop Connection in Windows XP

2. To use RDC for the first time, open Remote Desktop Connection by clicking Start => Programs (or All Programs) => Accessories => Remote Desktop Connection as seen in Figure 2. Now that the client is open, select any server on your network by DNS name or IP address and try to connect to it. By clicking on the arrow next to Computer, and select Browse for more, you will find any sessions that you have used before.  

Figure 2: Connecting to a Remote Computer using the Remote Desktop Connection Client  

New Features

Now that you have downloaded, upgraded or maybe just tried the client out for the first time, let us look at the enhancements released this month to make RDC a better client. Microsoft has made many updates in the new Remote Desktop Connection (Terminal Services Client 6.0) client such as Server Authentication, Network Level Authentication (NLA) and other Visual updates and enhancements. The new Terminal Services features in Windows Server 2008 Release Candidate (RC) will allow for more functionality and flexibility when working with Microsoft Terminal Services which has not always been the easiest to understand and configure or license.

Other newly developed enterprise features for updated Windows OS’s and NOS’s include the ability to now use applications with Terminal Services without the need to use the whole Remote Desktop which increases performance, enhanced application deployment features to give users a better look and feel when using centralized applications, more security enhancements such as HTTPS and new load balancing features to provide for more up-time and redundancy to keep key applications in use when disaster strikes.

Note – You can download and install the new version of the Remote Desktop client on systems other than Vista, but without Vista, you cannot use all of the newly developed functionality.

Server Authentication

Security is intertwined into all that we do in Information Technology. When working with Microsoft based systems (or any systems for that matter), its imperative that you think about security when working with your critical production systems. Microsoft has taken the time to integrate security functionality into just about every part of their product library. When using RDC, Server Authentication adds a layer of security into your daily routine.

Server Authentication updates ensure that there is an added layer of security applied to your ‘remote access’ solution. Server Authentication is a feature that ensures that when you use remote access services such as Remote Desktop, you are ‘authenticated’ by a security system to ensure that you are connecting to an appropriately secured Terminal Server. This feature is enabled by default. If you need to change server authentication settings, follow these steps:

1. Open Remote Desktop Connection by clicking Start => Programs (or All Programs) => Accessories => Remote Desktop Connection.
2. Click Options => Advanced tab as seen in Figure 3.

Figure 3: Selecting Authentication Options with Remote Desktop

There are 3 authentication options available for you to select:

• Always connect, even if authentication fails: When you use this option (the default), then you have the option to bypass security if security fails. You will not be prompted and the identity of the system you want to remotely connect to cannot be verified.
• Warn me if authentication fails: When you use this option, and Remote Desktop Connection is unable to verify the identity of the remote computer, you will be ‘warned’ and given the option if you want to proceed using the potentially unsecure connection.
• Don’t connect if authentication fails: When you use this option, you will not be able to connect to a remote system if the Remote Desktop Connection cannot properly verify the identity of the remote computer. The connection will be terminated.

Note – You will need to save your settings in order to use them again next time. Whenever you save a Remote Desktop Connection, it creates a new ‘profile’ and it’s saved in a *.rdp file. You can save your connections easily by opening the Remote Desktop client, selecting the General tab => select Save or Save As to save your settings to an *.rdp file and close the client. To connect to a system using the new savings, you can open and double-click the *.rdp file you saved. For future use, remember that by default, *.rdp files are generally saved by default in the My Documents folder.

Network Level Authentication (NLA)

NLA is a more secure authentication method that can help protect the remote computer from hackers and malicious software. NLA is a new authentication method in which user authentication is verified before you are allowed to connect with a full Remote Desktop connection. NLA provides advantages such as keeping system processing usage down on the remote host you are attempting to connect to until a full Remote Desktop connection is established. It can also add a layer of security into your defense in depth by reducing the ability for attackers to use a myriad of attacks such as Denial of Service (DoS) attacks as an example.

NLA is not available on previous forms of Windows operating systems as of yet. Although Microsoft may add the functionality later, as of right now NLA is only supported on Vista clients and above. Windows XP does not support NLA as seen in figure 4. Although as of the writing of this article, XP is not supported, to find out if a computer you are using is running a version of Remote Desktop with NLA enabled, you can view the About dialog box found within the Remote Desktop client.

1. Open Remote Desktop Connection by clicking Start => Programs (or All Programs) => Accessories => Remote Desktop Connection.
2. Select the Remote Desktop icon in the top upper left corner of the Remote Desktop Connection dialog box => select About.

You can see if your Remote Desktop client is supported on the lower part of the dialog box where you will see “Network Level Authentication supported” (or not supported) on the About Remote Desktop Connection dialog box. As you can see in figure 4, this version is unsupported.

Figure 4: Verifying NLA Usage with Remote Desktop

To configure NLA, you need to be running Microsoft Windows Vista desktop operating system. In Vista, you can follow the same exact steps as mentioned before when using Windows XP, except you will see that it is in fact support. If it is, then you can configure NLA within the Remote tab of the System Properties dialog box which can be invoked from the System applet found within the Control Panel. Once opened, you can then select from the following options:

1. First, you can select ‘Don’t allow connections to this computer’. This will prevent anyone unwanted from trying to connect to any system using Remote Desktop.
2. Second, you can select ‘Allow connections from computers running any version of Remote Desktop’. This will allow anyone using any version of Remote Desktop to connect to the system you are configuring.
3. Third, you can select ‘Allow connections only from computers running Remote Desktop with Network Level Authentication’. This will give anyone with computers running versions of Remote Desktop with the Network Level Authentication (NLA) option to connect to the configured system. Although this is by far the most secure option, you will need to run newer versions of Windows in order to take advantage of the new features.

TS Gateway Servers

With Remote Desktop, you now have the option to work with and connect to Terminal Services (abbreviated to ‘TS’) based Gateway servers. A TS Gateway server is a server that functions as a ‘gateway’ for authorizing appropriate users trying to connect to computer systems on your network. The connection is not only authorized, but it is also easier to connect to with more options available. You can connect via an Internet connection (using HTTPS, which is a secure form of the HTTP protocol) in conjunction with the Remote Desktop Protocol (RDP). Using RDP and HTTPS together offer a secure and encrypted session. The main advantages of a TS Gateway server are as follows.

• A TS Gateway server will make connections easier by eliminating the need to use a Virtual Private Network (VPN) connection to create a security boundary over the unsecure Internet.
• A TS Gateway server will ensure that translation issues are never a problem. When Terminal Services was used in previous older forms, there would be issues trying to use TS over a firewall. Now with a TS Gateway server, you can create a less problematic way to connect to a production or corporate network.
• A TS Gateway server will also help you share your network connection with other programs running on your system.

When using Remote Desktop, you can specify a TS Gateway server by following these steps:

1. First, open Remote Desktop Connection by clicking Start => Programs (or All Programs) => Accessories => Remote Desktop Connection.
2. Then, select Options => Advanced tab => Settings. You will see the option to ‘Connect from anywhere’. Click on Settings… as seen in Figure 5.

Figure 5: Configuring TS Gateway Server Settings with Remote Desktop

3. Next, select the option to ‘Use these TS Gateway server settings’, as seen in Figure 6. You can also choose to ‘Automatically detect TS server settings’, or have them preconfigured as seen in the next step.

Figure 6: Configuring Advanced TS Gateway Options

4. Next, you can type a server name in the Server name box, and then select one of the following logon methods from the Logon method field which will produce a list of options such as:
5. Allow me to select later. Using this option lets you choose a logon method when you attempt to connect.

   1. Ask for password. Using this option will prompt you for your password when you attempt to connect.
   2. Smart card. Using this option will prompt you to insert a smart card device when you attempt to connect.

6. You can choose to accept the default options, or you can make modifications by selecting or clearing the Bypass TS Gateway server for local addresses check box. This will ultimately speed up your network connection because when you bypass for local addresses, you reduce the amount of traffic sent to and from the TS Gateway server, thus improving your bandwidth.

Note – When working with earlier forms of Remote Desktop, its important to note that you will not be able to connect to remote computers across firewalls and/or devices using network address translation (otherwise known as NAT). Remote Desktop uses port 3389 to communicate and if blocked or tampered with, the connection will be broken. When using new versions of Vista, Windows Server 2008 and the new Remote Desktop client with a TS Gateway server, you can then use port 443 (HTTPS) which will not have any issues. This is called a Secure Socket connection and is considered secure, besides the fact that it will work with firewalls and NAT devices. SSL (Secure Socket Layer) Tunnels are used to provide for connectivity.

Resource Redirection

With the newest version of Remote Desktop, you can now configure ‘Resource Redirection’. If you have locally configured devices (such as disk drives and supported plug and play devices), then you can now use them in your Remote Desktop session. The Remote Desktop Connection 6.0 client update gives you the flexibility to redirect Plug and Play devices that support redirection. Not all devices (such as TWAIN devices) are supported. To redirect a Plug and Play device, follow these simple steps:

1. Open Remote Desktop Connection by clicking Start => Programs (or All Programs) => Accessories => Remote Desktop Connection.
2. Next, click on Options, => select the Local Resources tab => select More => then select the Supported Plug and Play devices check box as seen in Figure 7.

Figure 7: Redirect Plug and Play Devices

Note – Although there have been many enhancements to this new client, you may still have issues trying to configure Resource Redirection with some devices. You will not be able to redirect all of your configured devices. If you are trying to use a Scanner or an externally attached camera (as examples), you may not be given an option to configure them. Scanners and cameras are good examples of TWAIN devices. TWAIN is a function that will allow you to scan an image directly into a specific application. A TWAIN driver will run in between a specific application and the scanner or camera hardware.

Monitor Spanning

When working with Terminal Services and Remote Desktop Connection, you may want to increase your visual experience by using multiple monitors to view your work. Remote Desktop Connection now supports high-resolution displays spanned across multiple monitors. The monitors you use must also support and be configured to use the same resolution. To configure your desktop to span multiple monitors when using Remote Desktop, follow this simple step:

1. Go to Start => Run (or All Programs => Run) and type Mstsc /span in the Open field as seen in Figure 8. Click OK.

Figure 8: Using the MSTSC /SPAN Command

Note – The only caveat that may render your session un-viewable is that you need to configure the pixels specifically. Ensure that the total cumulative resolution is not configured above 4096 x 2048 pixels.

Visual Improvements

Remote Desktop Connection has undergone some visual improvements to make your life easier when working on Windows systems. Remote Desktop now supports 32-bit color and font smoothing when you remote a system for management purposes. You can enable higher color resolution by opening and configuring your Remote Desktop Connection (RDC) client. To enable 32-bit color, follow these steps:

1. Open Remote Desktop Connection by clicking Start => Programs (or All Programs) => Accessories => Remote Desktop Connection.
2. Select Options, select => Display tab and then select => Highest Quality (32 bit) in the Colors list as seen in Figure 9. Click OK.

Figure 9: Configuring Remote Desktop for 32 bit Color Usage

Note – When applying this change, it may not work as expected. The settings on the computer you want to remote may override the settings you make locally.

You can also enabled font smoothing for a better visual experience.

To enable font smoothing, follow these steps:

1. Open Remote Desktop Connection by clicking Start => Programs (or All Programs) => Accessories => Remote Desktop Connection.
2. Select Options, select => Experience tab, and then select the Font smoothing check box as seen in figure 10. Click OK.

Figure 10: Configuring Remote Desktop for Font Smoothing

Summary

The Terminal Services (TS)/Remote Desktop Connection (RDC) Client (version 6.0) has just been released from Microsoft this month. This was a small update to the RDP client currently running on most current Microsoft operating systems. In this article we looked at the basic functionality of the new Remote Desktop Connection (RDC) client (also known as Terminal Services Client 6.0). We examined how to download and install it as well as how to use it with Windows XP and Windows Server 2003 as well as reviewing the new features enabled with Vista and Windows Server 2008 such as Network Level Authentication (NLA). To learn more, please visit the URLs listed in the Links section of this article.

Links

The following files are available for download from the Microsoft Download Center and Microsoft Support Online:

1. Terminal Services Client 6.0 update for Windows Server 2003 (KB925876)
2. Terminal Services Client 6.0 update for Windows XP (KB925876)
3. Remote Desktop for Apple Users (Microsoft)
4. RDC Client for Windows 9x, ME, NT4, 2000 Platforms (Microsoft)
5. Remote Desktop Connection (Terminal Services Client 6.0)
6. Terminal Services Team Blog (MSDN)
7. Getting Started with XP/RDC (Microsoft)
8. Using Remote Desktop with Windows XP Professional (WindowsNetworking.coom)
9. What’s New in Terminal Server (Microsoft)
10. Technical Overview of Windows Server 2003 Terminal Services (Microsoft)