Terminal Services is a very useful service in a Windows network environment. But if used improperly, it can cause a lot of trouble to users. For example, it may lead to the loss of user data and bring security risks to the network. During the configuration process of Terminal Services, there are still some contents worthy of everyone's attention. 1. Let the server operate in unblock mode if necessary.
Although Terminal Services has existed in Microsoft operating systems for a long time. However, some improvements have been made to it in 2008R2. Among them, the unblocking mode is a big highlight. Sometimes administrators may need to take the terminal server offline for some reason. In previous versions, this could result in loss of user data. Because at that time the administrator could only use the change logon /disable command to disconnect the user. However, although using this command can prevent new users from logging in, this command will also prevent users who have disconnected from the session from reconnecting to the terminal server. When the terminal server goes down, users lose their session and the data associated with that session. For this reason, in previous versions, administrators needed to be very cautious if they wanted to take the terminal server offline. If you need to choose to go offline when the user is off work, etc. This will bring unnecessary trouble to daily maintenance work.
But this situation has been greatly improved in 2008R2. Because unblock mode was introduced in this version of Terminal Services. When setting the server to this working mode, the administrator can block new users' connections after taking the server offline. But the server will allow users with existing sessions to reconnect to the terminal server. Of course, there will be relevant prompts after the user reconnects, allowing the user to submit relevant jobs in time. Obviously, the working method in dredging mode is much more humane. It is also very simple to change this working mode. It can be done with one command: change logon /drain. Note that after running this command, no other new users can log in to the terminal server. If you want to allow the user to log in again, it is a little more troublesome and requires two steps. The first is to run the command change logon /drainumtilrestart. Secondly, the terminal service will be restarted. The user can then log in. It can be seen that this unblocking mode is of great help to administrators in maintaining terminal servers.
2. Allocate resources to users of terminal services through WSRM.
When using Terminal Services as a server, there will be many users connected to it. The question that follows is how to allocate these resources? If no measures are taken, the system will allocate evenly by default. At this time, when there are more users, the performance of the terminal service will drop sharply. For this reason, in the 2008 terminal service, Microsoft also drew on the relevant experience of other products and used WSRM to manage the use of resources for each user of the terminal server.
WSRM (System Resource Manager) is also a newly implemented content in win2008. And some repairs were made to it in the R2 patch. This component allows system administrators to allocate server resources. That is, how to allocate key resources such as memory and CPU among applications, services, and processes. If WSRM System Resource Manager is used in conjunction with Terminal Services, administrators can more precisely control the maximum resource limit allowed for each user or session. By limiting the resources that a user or session can use, system administrators can reduce the opportunity for users to maximize the use of terminal server resources.
In actual work, we often set relatively high resource usage for some special accounts. There will be restrictions for ordinary users. This is mainly because during terminal service maintenance, such as upgrading the terminal service, it will consume a lot of system resources. Otherwise, the upgrade may fail or the upgrade time may be extended. For this reason, the needs of the administrator account need to be prioritized. Secondly, if multiple services are running on the same server. If in addition to terminal services there are also mailbox services, etc., you need to limit the total resource consumption of terminal services. In order to prevent the terminal service from occupying too many resources and adversely affecting the operation of other application services.
In short, in the 2008 environment, if the number of users accessed by the terminal is relatively large or multiple application services are deployed on a server at the same time, the author will recommend that users use the WSRM system resource manager to reasonably allocate the use of each user and each service. the maximum amount of resources. At the same time, different users and different services need to be treated differently according to the actual situation. That is, resource usage restrictions for key users and key services should be relaxed. Other minor or occasional services that occupy a large amount of resources need to be restricted. This reduces competition for resources among various services and users.
3. Be cautious when upgrading terminal servers.
If you want to upgrade the terminal server, the author recommends a new installation. However, if there are other application services on the server in addition to terminal services, this approach is not very reasonable. If the database service and terminal service are both on the same server, you will need to redeploy the database service if you reinstall. This job will be very big in two days. In this case, only Terminal Services can be upgraded. However, special caution is required when upgrading. Although Microsoft has done a very good job in upgrading. However, in actual work, we often encounter situations where the terminal service cannot run normally after upgrade. There are many reasons why this happens. Such as upgrade failure, compatibility issues after upgrade, etc.
For this reason, I recommend that any operating system or application updates (and patches as well) be tested on a separate server before being applied to the terminal server. In other words, first clone a terminal server (with the same services and applications as the original terminal server), and then upgrade the cloned terminal server first. To determine whether the upgrade will conflict with existing applications and services. During this process, administrators can also discover some content that is not mentioned in relevant materials. Such as the preparation work required before the upgrade, whether related application services need to be reconfigured after the upgrade, etc. For example, after a service upgrade, sometimes it may be necessary to reinstall the printer driver, etc. These are difficult to predict. Problems can only be discovered after testing.
Based on the unpredictable reasons that may occur during the upgrade process, the author recommends that you be cautious before upgrading and back up relevant data. Of course, as a best practice, the author still recommends using the latest terminal server instead of the original server. That is, the latest version of Terminal Services is now deployed on a server and the original server is directly replaced. Although this will require a larger workload, such as re-creating each file share and printing device, and reinstalling the latest drivers to support each client. But compared to the problems caused by the upgrade, it is still worth it. In actual work, the biggest problem is not the increase in workload. Instead, an additional server needs to be added as a backup. Secondly, data still needs to be transplanted, such as user databases and so on.
In short, many improvements have been made to terminal services in Win2008R2, and many new features have been added. System administrators need to use these features flexibly to improve their work. However, you still need to be cautious when upgrading from an earlier version of Terminal Services to the 2008R2 version of Terminal Services. My suggestion here is to redeploy rather than upgrade.
-