Article ID: 186566
NoticeThis article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center
(http://support.microsoft.com/win2000)is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy
This article discusses the Terminal Server Administration tool, Connection Configuration.
When you open this tool, you see that one connection is created by default, the RDP-TCP connection. Typically, this is the only connection that needs to be defined. Nothing needs to be done to enable this connection.
The RDP-TCP connection is a socket connection over TCP port 3389. In this tool, you can specify how long clients can remain connected, if a specific application should run when the client connects, choose the level of encryption, and so on.
You can have one connection defined per transport per type per adapter. So, in a normal Terminal Server with one adapter, you can define exactly one connection since there is only one connection type available. Terminal Server 4.0 by itself with no additional services supports ONLY RDP over TCP connections. If you add a second adapter, you can define a second RDP-TCP connection for that adapter.
Citrix's Metaframe product may be installed on the Terminal Server so Citrix's ICA clients rather than Microsoft's RDP client can be used to connect to Terminal Server. In this tool and in User Manager, you will find options that do not apply unless Metaframe is installed on the Terminal Server.
On a Citrix Winframe Server (based on Windows NT 3.51) or on a Terminal Server with Metaframe installed, customers have the option of creating different connection types for different ICA clients (for example, Macintosh clients, asynch clients, SPX clients).
Right-clicking a defined connection brings up a menu that allows you to edit the connection configuration
Notice that the connection Name, Type, and Transport are unavailable. The name can be changed under Connection/Rename. But the Type and Transport cannot be changed.
The Lan Adapter drop down list shows "All Lan Adapters..." and any installed adapters. Notice that the connection by default applies to all installed adapters, so just because you have multiple adapters does not mean you must define new connections. You can, but it is not a requirement.
Maximum Connection Count means what it says. Do not confuse this with licensing. This setting governs how many socket connections are allowed. The default is Unlimited.
If you select Client Settings on the Edit Connection screen, you will see a list of options intended primarily for the Citrix ICA client. These settings do not apply to the RDP client. Because the RDP client establishes only a single data channel between the client and the server, mapping to local devices is not possible. Inside an RDP client session, all "local" resources are the Terminal Server's resources.
However, Citrix's ICA clients have been modified to create multiple data channels between client and server. These settings are included for customers who load Metaframe on Terminal Server and use the ICA clients.
Clicking Advanced on the Edit Configuration screen opens many options, although, again, some apply only to the Citrix ICA client.
Note the selections "Inherit user config," "Inherit client config," and "Inherit client/user config." User config selections are also available in Terminal Server User Manager as options for specific users. Client config options can be set at the client using Client Configuration Manager (installed with the Client software) or in the client's registry (for 32- bit) or .ini file (for 16-bit) settings.
Any values set on this screen apply to all connections at this Terminal Server (and no others, regardless of domain relationship -- these settings are specific to the Terminal Server).
Note also that any values set here will override settings for users in User Manager.
Below is a description of the various advanced options:
LogonIf you disable Logon, you are disabling client connections. This does not keep non-client users from connecting to the server (for that you would have to pause or stop the Server or Netlogon services). If you want to keep Clients from connecting and establishing terminal sessions, this is where you do it.
NOTE: If you are used to pausing or stopping the Server or Netlogon services to keep users from connecting to the server, you will be tempted to try to stop the Terminal Server service. This service cannot be stopped. You can change it to manual or disabled, but when you restart the server, this service will return to automatic and will start. This is by design. This service is integral to Terminal Server's operation.
NOTE: Stopping the Server or Netlogon services does not keep Terminal Server clients from connecting. These connections use a completely different connection path. Again, disabling logon here in Connection Configuration is the way to deny client connections. Of course, it is also possible to deny connections based on permissions (more detail below).
Timeout Settings (in Minutes)Here you can choose how long a connection should be maintained, how long a disconnected session should be maintained in memory, and how long a session should be allowed to be idle before disconnecting it.
The Connection Timeout determines how long the client can stay connected, regardless of whether the session is idle or not.
The Disconnected Session Timeout determines how long a disconnected session should be held in memory. If a client disconnects (rather than logging off), the session is not terminated. Rather, it is held in memory so that the client can reconnect and re-establish the session. Applications that were running previously should still be available.
The Idle Session Timeout determines how long a session with no activity should remain connected. Note that turning on the Menu Bar clock will generate enough continuous traffic to keep a session from being idle.
If you uncheck No Timeout, the default for Connection is 120 minutes, for Disconnection is 10 minutes, and for Idle is 30 minutes.
Setting these values here affects every Client that uses this connection. If you want to modify the values for a specific user, you can do so in User Manager. However, keep in mind that Connection Configuration values override values in User Manager. If you need both advanced options set in Connection Configuration AND separate options set for individual users in User Manager, you will need to add multiple network adapters to your Terminal Server and define a different connection for each adapter.
SecurityLow encryption = Microsoft 40-bit encryption from client to server only. Medium encryption = Same as low but applies in both directions. High encryption (Non-export) = 128-bit standard RC4 encryption High encryption (Export) = 40-bit standard RC4 encryption
Use Default NT Authentication: This forces any Client on this connection to use Windows NT's MSGINA. Otherwise, a 3rd party GINA might be used.
AutologonIf a correct user name, domain, and password are entered here, clients will automatically log on as this user after connection. There are obvious drawbacks to this approach (for example, profiles, home directories). However, note that, because clients are identified to the system by their unique SessionIDs, not their logon names, it is possible for all client users to use the same logon name.
Initial ProgramHere you can specify a program that will run for every Client user after connecting and logging on.
If a program is specified here, it is the ONLY application that runs on this connection. The user will connect, log on, and run this application (provided security is not an issue) but will get no desktop. When the user closes the application, the session is terminated. This can be a very useful feature in a single application environment.
User Profile Overrides: Disable WallpaperDisabling wallpaper can significantly decrease screen redraw times. This is especially useful for clients connecting over RAS.
On a Broken or Timed out Connection...If a connection is lost or times out, you have the options of disconnecting the session, which leaves the session intact so the user can reconnect and keep working, or you can reset the connection, which terminates the session.
Reconnect Sessions Disconnected...This option is used for Citrix direct-serial-port connecting devices only.
From Any Client: If your session is disconnected at one device, you can reconnect from any Client device.
From This Client Only: If you session is disconnected, you cannot reconnect from another Client device.
ShadowingThis feature is only available with the Citrix ICA client.
Another feature of Connection Configuration is the Security/Permissions menu.
Users or groups can be assigned permissions to the connection. Permissions are cumulative except for No Access, so a user who normally has guest access but who is a member of a group with full access will receive full access.
No AccessAs you might expect, this means you have no access to the connection.
Guest AccessThis permits logging on and logging off only. Guests cannot disconnect sessions or reconnect to disconnected sessions.
User AccessThis allows users to:
Full AccessThis allows all of the above plus permission to:
Article ID: 186566 - Last Review: June 22, 2014 - Revision: 5.0