This month I’ve been trying to nudge the project of moving to Windows Server 2008 Terminal Services RemoteApp forward at the office. The goal is to get away from using a version of Citrix Presentation Server to access applications over the Internet. The needs of our office have changed and the new features with Terminal Services in Server 2008 make this something we want to adopt instead.
However, nothing is without an occasional bump in the road. Here a couple of ours:
Bump #1 – No way to filter which applications users see on the RemoteApp webpage.
I know this feature was added in Server 2008 R2. Unfortunately, we have to stick with the Server 2008 “classic” due to an important 32-bit application that does not install or run properly under WoW. We debated the importance of filtering the application list and decided it wasn’t a deal breaker. Or we can look at some third-party workarounds.
Bump #2 – Users with passwords set to “enforce change at next logon” can’t get past the TS Gateway.
We have to remember to handle first time password changes for users who only be using RemoteApp by NOT checking the enforcement box and instructing them on how to change there password after they launch an application. (CNTL + ALT + END does the trick from any launched application.)
Bump #3 – No support for Macs with the Mac version of the RDC client.
Ouch. We only have a few employees that use a Mac at home and we’ll have to continue offering GoToMyPC to meet their needs. Not what I’d like to do, but hopefully support for the Mac will come along soon.
Bump #4 – Limitations with multi-monitor support.
Microsoft KB925876 gives some of the details of what type of multi-monitor support is available with Server 2008 Terminal Services and should automatically support spanning if your monitors meeting the configuration requirements. Those rules are: the total resolution on all monitors must be under 4096 x 2048 pixels; the monitors must have the same resolution; the monitors must be aligned side-by-side; and the far left screen has to be the primary one.
This is pretty limiting, especially if you have a laptop connected to an external monitor and want to take advantage of both screens. Or have monitors set up in configuration where one is turned vertically. Or any other number of possible configurations. Windows 2008 R2 improves on this as well, but as noted in #1, we just can’t quite use that yet.
So yes, we’ve got a few bumps, but nothing that would keep us moving forward with the project at this point. Our remote access isn’t supposed to be used by someone as a long-term way to work, nor is used with a frequency that demands extra capital expenditures to overcome a few relatively minor issues.
When you first load a fresh install of Windows 7 or Server 2008 (original or R2) the desktop is empty of icons except for the Recycle Bin. Personally, I really like it that way. The search mechanism is so easy to use I have little need for icons cluttering up my desktop background.
However, some people like the look of the familiar. In Windows 7, you can use the “Personalization” control panel applet to add back the icons for Computer, Network and Documents. Windows 2008 has no such option in the control panel for restoring those icons by default. Instead you must type “desktop icons” into the search window and select the hidden control panel feature to “Show or hide common icons on the desktop.”
You can right click “Computer” in the start menu and there is an option for that component to show on the desktop, but the same feature is not available for “Network.” The other option is to install the “Desktop Experience” onto the server, which will add several of the customizing features that one might be wishing for. I also noticed that I have access to the Personalization control panel applet on a server that has Terminal Services (aka Remote Desktop Services) installed.
I suspect there are some registry keys that can reveal some of these interface tweaks. Or maybe this is just a Trivial Pursuit question in the making.
Wondering where to get started with Windows 7 and Server 2008 R2?
If you are looking for some fresh reading material, don’t miss out on two free eBooks by Microsoft Press. Get more information about the “Deploying Windows 7” eBook at the TechNet Flash Blog and “Introducing Windows Server 2008 R2” at the Windows Server Division Blog.
Yesterday, I attended Microsoft’s “The New Efficiency” technical series, as part of the Windows 7/Server 2008 R2/Exchange 2010 product launch. I was a little disappointed at the turn out, since registration had been closed so early. I expected more people and generally “more” from Microsoft with all these new products coming out in just days. But I guess not every event can be hit out of the park.
That being said, there were several sponsor-led sessions that were interesting and then tracks for Windows 7, Server 2008 R2 and Exchange 2010. My original plan was to hit something from every track, but that proved difficult as the presenters from each track didn’t always keep to the scheduled break times. Thus I stuck with the server track, which was presented by Chris Henley.
Here are a few of the features that were touched on during the sessions:
- The integrated Best Practice Analyzer covers more areas, such as Active Directory Domain Services and DNS. The BPA was mostly known for it’s use with Exchange, so it’s nice to see it expanded to other critical areas.
- The Recycle Bin for AD. This feature makes it easier to restore deleted objects in Active Directory without having to resort to an authoritative restore, effectively extending your recoverablity of objects to nearly a year. While possible, its not recommended to reduce the lifetimes for deleted object and tombstone object below the 180 days each. Also, it’s important to note that the recycle bin feature is a schema change and it can’t be turned off once implemented. Finally, while item in the recycle bin can’t have their UPN used again until it moves out to a tombstoned object, but you can manually force items to be moved earlier.
- In Server 2008 R2 there were changes in the core architecture which affected the networking stack to support IPv6 and IPv4 native to same Windows core protocols.
- The Server Core installation option supports an additional role for WoW64 and IIS 7.5 also supports ASP on Server Core. Server Core has also gained a text menu environment called “S-config” to make it easier to configure basic server settings.
- New features in Remote Desktop Services, such as virtual desktops via Hyper-V, improvements in RemoteApp, multimedia support and bi-directional audio.
- DirectAccess as an alternative to VPNs for corporate network access. DirectAccess requires at least 4 servers and includes a setup wizard that details out how it all hooks together.
- Improvements in Hyper-V, such as Live Migration and the ability to add some “hardware” (like Hard Drives)to virtual machines without powering them off. Don’t forget the Microsoft Assessment & Planning Toolkit, which can help minimize capital costs and reduce operating costs in your data center.
At the end of the day, the software giveaway was a copy of Windows 7 (32-bit) and the swag bag had the ever-popular XL t-shirt. Hidden among the product pamphlets in the bag was a cool gift from NetApp – a free copy of the book “Windows Server 2008 Hyper-V: Insider’s Guide to Microsoft’s Hypervisor”. Request your copy by November 20th. I’m sure the request will get you on a mailing list of some kind, but I’ll live with that for a free book.
This week I continued with disaster recovery testing in our lab, the first machine restored from tape being one of our domain controllers. While checking over the health of the restored Windows 2003 active directory, I remembered that we are using a third-party tool in production to aid in the recovery of deleted items – Quest’s Active Directory Recovery Manager. To be honest, we haven’t had a reason to use the software since we installed it, which I suppose is a good thing. But it is a stress reliever to know that it’s there for us.
Restoring this product in our test lab isn’t part of the scope of this project, but it does have me looking forward to planning our active directory migration to Server 2008 R2, which includes a new, native “recycle bin” feature for deleted active directory objects. You can find more details about how this feature works in Ned Pyle’s post on the Ask the Directory Services Team blog, The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting.
While the native feature doesn’t have the ease of a GUI and requires your entire forest to be at the 2008 R2 functional level, it’s certainly worth becoming familiar with. Once I’m done with all this disaster testing, you can be sure this feature will on the top of my list to test out when I’m planning that upgrade.
Today I enjoyed a morning at the Microsoft office in SF attending an event in the current series of TechNet Events. Through the months of September and October, the TechNet Events team is traveling around the US providing tips, solutions and discussion about using Windows 7 and Server 2008 R2.
Today’s presentation was given by Chris Henley, who led some lively and informative discussions on three topics – Tools for migration from Windows XP to Windows 7, Securing Windows 7 in a Server 2008 R2 Environment (with Bitlocker, NAP and Direct Access) and new features in Directory Services.
I was excited to see specific information on Active Directory. If you missed the blogs about Active Directory Administrative Center back in January like I did, you’ll like some of the new features in this 2008 R2 tool, including the ability to connect to multiple domains and improved navigation views.
If there isn’t an event near you this time around, check back after the holidays when they’ll head out again for another series.
The disaster recovery testing is touching more areas then I even though possible related to what options we can consider in our production and emergency environments. It’s bringing to light how interconnected software has become, and how those connections can sneak up on you, even when one is dealing with them everyday.
A basic premise of our recovery plan is to provide access to our recovered systems remotely, until we can make office space and desktop systems accessible to everyone. In order to keep things “simple” and provide the quickest possible up time, the plan calls for using Windows Terminal Services (aka “Remote Desktop Services” in 2008 R2) technology.
Due to the improvements in the offerings available directly by Microsoft related to remote access and the relatively small number of applications we need to make available, we determined that bringing terminal services up initially would be faster than recreating our Citrix environment during an emergency.
In conjunction with this (and the fact that we have only a small amount of remote use in production) we are currently planning to reduce licensing costs by only providing access using Microsoft products. Windows Server 2008 (and now R2) has many of the features we were looking to Citrix for in the past. While it’s possible for us to meet most of our needs with Server 2008, we’d much prefer to use 2008 R2.
While I was at the Vertafore Conference, one of my goals was to find out their schedule for 64-bit support. As one of our main enterprise applications, its important that it’s available on our remote access solution. Since I was unable to run the software on my 64-bit Windows 7 computer, I wanted know how far they were from addressing that.
Turns out, it all comes down to third-party drivers for peripherals. ImageRight works with several popular hardware vendors when it comes to scanners, including Kodak, Canon and Fujitsu. This allows customers to take advantage of more of the built-in scanner features that come with the hardware, instead of writing a generic scanner driver that could reduce the functionality native to the device. They also use the drivers to provide desktop features that allow end users to import documents directly from their PC.
Because of this, 64-bit support for the ImageRight software is directly related to how quickly scanner vendors make 64-bit drivers available. ImageRight claims that the makers of these key peripheral devices are complaining that Microsoft didn’t give them enough warning between Windows Server 2008 and the release of Server 2008 R2 regarding the official “death” of the 32-bit version of the OS to provide 64-bit drivers for all their devices.
ImageRight is planning to have support for 64-bit operating systems by the end of this year. We aren’t planning on a widespread upgrading of desktop hardware to 64-bit any time soon and will be able to wait without too much suffering. However, it does alter our plans for our remote access changes in the next 3-6 months. A disappointment for sure.
Also, the delay doesn’t help existing ImageRight clients or upcoming new ones that hope to run (or at least begin to test) an important software product on the most current hardware and operating systems available. An interesting domino effect that ends in needing to reconsider what I’ll be using for remote access during my recovery testing this month.
Mark your calenders, Microsoft has two upcoming Windows 7 and Windows 2008 R2 events planned in San Francisco.
TechNet Presents: Windows 7 and Windows Server 2008 R2 – September 9th.
Topics include: Migrating Windows XP to Windows 7, Securing Windows 7 in a Windows Server 2008 R2 Environment, and New Features in Windows Server 2008 R2 Directory Services
The New Efficiency – Windows 7/Server 2008 R2/Exchange Server 2010 Launch – October 20th.
Several lectures in 3 different tracks, include topics such as: Introducing Windows 7 and the Windows Optimized Desktop, Windows Server 2008 R2 Virtualization Technologies– Saving IT Costs, and Exchange 2010 Archiving and Retention.
Other dates and cities are available as well. See you there!