Step 2 – Remote Desktop Services Collections – Standard deployment
31 March 2020With the standard deployment type, we need to create our own collections, which is not the case with the Quick Start deployment type.
We are going to create our first remote desktop collection and explore the properties of the collection.
Go to Tasks and click on Create Session Collection.
Click Next on the page that appears.
On the Collection Name page, give a name to your collection and click Next.
On the Specify Remote Desktop Session Host Servers page, select RDSH01 and click Next.
In Specify user groups, enter Sales and remove users from the domain, then click Next.
On the User Profile Disk page, uncheck Enable User Profile Disks (we’ll see the configuration later) and click Next and Create.
When finished, click Close.
We have now created a collection, but note that we do not have any apps (RemoteApp).
We will explore the properties of the collection. Click Tasks and click Edit Properties.
General
We can change the name, description and choose if we want to see the collection in RD Web Access.
User groups
Is used to limit connections to this collection to a specific group of users.
Session
The first 3 parameters concern what happens when the sessions are connected or during the session. We need to know how users are using the server.
End a disconnected session:
If users log out of the session and do not log out, the program they were working on continues to run. We can see by default that it is set to Never.
Active session limit:
Duration during which they can be active in a session.
Inactive session limit:
Duration of inactivity of the session. In this case, we will leave this by default.
The session limit will be reached or the connection will be cut. The default option is just to log in and let everything run.
SECURITY
We can decide which layer of security and which level of encryption we will use. (Negotiate is the default option)
RDP security layer
Does not use authentication to verify the identity of a Remote Desktop session host, and does not support network-level authentication.
SSL (TLS 1.0)
More secure than the RDP security layer, SSL will be used for server authentication. Requires certificate
To negotiate
The most secure layer supported by the customer will be used.
Encryption level
By default it is compatible with the client
Low
The data sent by the server is not encrypted. Data sent by the client is encrypted using 56-bit encryption
Compatible with customer
Encrypts communication between client and server at the maximum key strength supported by the client
Student
It encrypts communication between the client and the server using 128-bit encryption. If users don’t support, they won’t be able to connect
FIPS
All client / server communications are encrypted and decrypted with FIPS encryption algorithms
Load balancing
If we have more than one remote desktop session host, we can configure the relative wait time between them.
Client settings
Specify to activate the redirection of audio and video playback, audio recording, smart card, Printers, etc.
User profile disks
They are used to store user and application data on a single virtual disk dedicated to a user’s profile. When we enable user profile disks, it creates a template called UVHD.template.vhdx file in the share. For each new user who logs on to a new VHDX file is created based on the template. We will examine it and configure the user profile disk in the User profile disk section. It is disabled by default.
In the next article we will explore the properties of Remote Desktop Services deployment.
Views: 912
