You don't have to scrap your existing NT 4.0 network to benefit from Win2K's Terminal Services
A great deal of Microsoft documentation seems to assume that one Windows 2000 server in a domain means that all servers in the domain are Win2K computers. But unsurprisingly, not everyone running Win2K Server Terminal Services is running it in a completely Win2K environment. As the news editor and a columnist for Application Service Provider UPDATE (formerly Terminal Services UPDATE), I receive a lot of email from people who are considering adding a Win2K Application Server (which includes Terminal Services) to a Windows NT 4.0 domain. To address some of those frequent questions, let's discuss two common headaches: managing user accounts and configuring a license server to function in an NT 4.0 domain. (For more information about how to set up a license server, how to use Terminal Services in Remote Administration mode, and various configuration options' effects, see "Related Articles in Previous Issues.") First, though, I'll answer a few basic Terminal Services questions.
The Basics
Users often ask me four fundamental questions about Terminal Services. Let's look at the answers to those questions before discussing common problems running Terminal Services in an NT 4.0 domain.
Should I upgrade to Terminal Services? The answer to whether you should upgrade from NT Server 4.0, Terminal Server Edition (WTS) to Terminal Services depends on your needs. Terminal Services includes some of the basic functionality that WTS lacks, including support for client-side printer mapping and clipboard mapping between local applications and applications on the Terminal Services system. In addition, Terminal Services uses memory more efficiently by reserving a smaller range of addresses for each terminal session. Microsoft also provides add-ons that extend Terminal Services' functionality. You can use the Microsoft Windows 2000 Server Resource Kit File Copy (rdpclip.exe) and Drive Share (drmapsrv.exe) tools to gain support for copying files between terminal sessions and applications running on the client and for client-side drive mapping. With the Terminal Services Advanced Client (TSAC, which is available for download from Microsoft's Web site and on the Service Pack 1—SP1—CD-ROM), you can run a terminal session within Microsoft Internet Explorer (IE) 5.0.
However, WTS supports DOSKBD, a tool that lets you prevent DOS applications from polling the keyboard for input, which slows the terminal server. Terminal Services doesn't currently support this functionality.
Most WTS users run the software with Citrix MetaFrame. If you're using WTS and the bare-bones features of MetaFrame 1.8, perhaps you can replace WTS and MetaFrame with Terminal Services. However, if you're using MetaFrame for Web-based publishing, a server farm that contains both Windows and UNIX applications, printer-driver management, stress-based load balancing (rather than the location-based load balancing that Win2K Advanced Server supports), or support for non-Windows clients, you'll need to continue using MetaFrame. Although the latest version of MetaFrame, MetaFrame XP, will work with WTS, Citrix recommends that you upgrade to Terminal Services because the company has developed MetaFrame XP for Win2K.
Can Terminal Services exist in an NT 4.0 domain? Win2K servers of any stripe can exist in an NT 4.0 domain. The only catch is that any functionality that depends on Active Directory (AD) won't be present in the NT 4.0 domain because AD is available only if you're using Win2K domain controllers (DCs).
Does Win2K need SP1 or Win2K AS to support Terminal Services? A few people have asked me whether Terminal Services is truly part of Win2K Server. (I suspect all the hype about TSAC might have caused some confusion.) You have the option to install Terminal Services as part of the core OS. You can install Terminal Services as part of an unattended installation, or you can manually install the service after the initial Win2K installation. To perform a manual installation, go to the Control Panel Add/Remove Programs applet and click Add/Remove Windows Components. Win2K will display a list of the available services. Terminal Services and the Terminal Services licensing service will be in this list. You don't need SP1 or Win2K AS to install the service, although using SP1 is still a good idea.
Do you have to install Terminal Services on a DC? You don't have to install Terminal Services on a DC; in fact, if you're using the service in Application Server mode, don't install it on a DC if you can avoid it. A terminal server is busy running applications, so it doesn't need to spend CPU cycles or memory authenticating users. Maintaining user accounts on an NT 4.0 DC raises complications in a terminal server environment, which leads us to the problem of making NT 4.0 user accounts work with Terminal Services sessions.
User Account Management
Terminal Services has account properties (e.g., session timeout settings, whether to disconnect inactive sessions, shadowing settings) that are specific to terminal sessions. NT 4.0 predates Windows terminal services, so terminal-session—specific settings aren't visible in NT 4.0's User Manager for Domains. To configure these settings, you can maintain per-server accounts on the Terminal Services systems or edit NT 4.0 domain accounts to accept terminal-session—specific settings.
You can set up accounts for Terminal Services sessions on the terminal server (i.e., don't make the terminal server a DC, but make the accounts server-specific). Then, if users want to use the terminal server, they can log on to their terminal server account and use that account's session settings and environment variables.
This solution is OK as long as you don't mind maintaining two sets of user accounts—one for regular domain logons and one for terminal sessions; however, this maintenance might become cumbersome. Terminal servers can't share per-server settings, so if you have more than one terminal server, you'll need to duplicate those accounts on each server or assign all users a particular terminal server to use. Both of these options require a lot of administrative work.
Previous
Register
