Tarantella Administration Guide > Before you begin > Configuring Microsoft Windows Terminal Services for use with Tarantella

Configuring Microsoft Windows Terminal Services for use with Tarantella

• Windows 2000/2003 Server authentication settings;
• Session resumability;
• Application server encryption levels;
• Windows 2003 session restrictions;
• Windows 2003 remote desktop users; and
• Windows 2003 time zone redirection.

Note For detailed information on configuring Terminal Services, see the Microsoft sites for Windows 2000 and Windows 2003.

Microsoft Windows 2000/2003 Server authentication settings

By default, a Windows 2000 Server application server always prompts for a password when users log in, whether or not Tarantella supplies the password for the application server from its password cache. By default, a Windows 2003 Server does not prompt for passwords.

To configure Windows 2000/2003 to stop prompting for passwords for Tarantella users:

1. Log in to Windows 2000/2003 as a Server Administrator.
2. Click the Start menu, click Programs, click Administrative Tools and then click Terminal Services Configuration.
3. In the list of connection types, double-click RDP-Tcp.
4. Click the Logon Settings tab.
5. Clear the Always Prompt for Password box.

Changes to this setting only apply to new Windows Terminal Server sessions.

Session resumability

Microsoft Windows NT 4 Terminal Server Edition and Windows 2000 Server application servers allow users' sessions to continue running following a connection loss. We recommend that you disable this feature on the application server, and let Tarantella handle session resumability. This prevents unnecessary use of resources on the application server, and ensures that if users share accounts on the application server, they do not resume each other's Windows sessions.

For example, with session resumability enabled on Windows, an application configured in Tarantella to be Tarantella Webtop Session resumable does not end when the user logs out of Tarantella. Windows preserves the session so that it may be resumed later.

Resources may be consumed unnecessarily on more than one application server if the application is configured to run on multiple application servers.

To illustrate how shared accounts may lead to "stolen" sessions, consider this example. The Windows resume mechanism is enabled on the application server rome. Tarantella user Bill Orange starts the Write-o-Win application on rome with the Windows username "guest". Bill then logs out of Tarantella without closing Write-o-Win. Tarantella user Rusty Spanner then starts Write-o-Win as "guest" on the same application server. Rusty resumes the copy of Write-o-Win running in Bill's Windows session because of the Windows resume mechanism.

To let Tarantella alone handle session resumability, change the default action for "broken" connections on the application server.

On Microsoft Windows NT 4 Terminal Server Edition:

1. Log in to Windows as a Windows NT Administrator.
2. Click the Start menu, click Programs, click Administrative Tools and then click Terminal Server Connection Configuration.
3. In the list of connection types, double-click rdp-tcp.
4. Click Advanced.
5. In the Advanced Connection Settings dialog box, choose Reset in the On Broken Or Timed-Out Connection box. (If necessary, clear the Inherit User Config box to do this.)

On Windows 2000 Servers:

1. Log in to Windows as a Windows 2000 Server Administrator.
2. Click the Start menu, click Programs, click Administrative Tools and then click Terminal Services Configuration.
3. In the list of connection types, double-click RDP-Tcp.
4. Click the Sessions tab.
5. For the When Session Limit Is Reached Or Connection Is Broken option, choose End Session. (If necessary, clear the Override User Settings box to do this.)

On Windows 2003 Servers:

1. Log in to Windows as a Windows 2003 Server Administrator.
2. Click the Start menu, click Programs, click Administrative Tools and then click Terminal Services Configuration.
3. In the list of connection types, double-click RDP-Tcp.
4. Click the Sessions tab.
5. For the When Session Limit Is Reached Or Connection Is Broken option, choose End Session. (If necessary, check the Override User Settings box to do this.)

Changes to these settings only apply to new Windows Terminal Server sessions.

Application server encryption levels

Because of the performance penalties associated with the higher encryption levels, we recommend the Low encryption level for use with Windows Terminal Services applications.

Note Windows 2003 Servers have a FIPS (Federal Information Processing Standards) encryption level. Tarantella does not support this encryption level.

This encryption only occurs between the Tarantella server and the application server. For secure connections from client devices to Tarantella servers, you need to use the Tarantella Security Pack.

To change Windows NT 4 Terminal Server Edition to the recommended encryption level:

1. Log in to Windows as a Windows NT Administrator.
2. Click the Start menu, click Programs, click Administrative Tools and then click Terminal Server Connection Configuration.
3. In the list of connection types, double-click rdp-tcp.
4. Click Advanced.
5. In the Advanced Connection Settings dialog box, choose Low in the Required Encryption list.

To change Windows 2000/2003 Servers to the recommended encryption level:

1. Log in to Windows as a Windows 2000/2003 Server Administrator.
2. Click the Start menu, click Programs, click Administrative Tools and then click Terminal Services Configuration.
3. In the list of connection types, double-click RDP-Tcp.
4. In the Encryption Level list, choose Low.

Changes to these settings only apply to new Windows Terminal Server sessions.

Windows 2003 session restrictions

By default, a Windows 2003 Server only allows users one Terminal Services session each. If a user starts another desktop session or another instance of an application (with the same arguments), the second Terminal Services session "grabs" the first session and disconnects it. This means from the webtop it is not possible to launch two desktops or two instances of the same application on the same Windows 2003 Server.

To change this behavior:

1. Log in to Windows as a Windows 2003 Server Administrator.
2. Click the Start menu, click Programs, click Administrative Tools and then click Terminal Services Configuration.
3. Click Server Settings.
4. Double-click Restrict each user to one session.
5. Clear the Restrict each user to one session box.

Changes to this setting only apply to new Windows Terminal Server sessions.

Windows 2003 remote desktop users

For Windows 2003 Servers, users can only use Terminal Services if they are members of the Remote Desktop Users group.

Windows 2003 time zone redirection

Windows 2003 servers allow client computers to redirect their time zone settings to the terminal server so that users see the correct time for their time zone in their desktop/application sessions. Terminal Services uses the server base time on the terminal server and the client time zone information to calculate the time in the session. This feature may be useful if you have clients in different time zones.

By default, this feature is disabled. To enable the feature:

1. Either:
   • start the Microsoft Group Policy Management Console; or
   • start an empty Microsoft Management Console (by running mmc.exe from the Start, Run menu) and add the Group Policy Object Editor snap-in.
2. Select the group policy object you want to edit.
3. Click Computer configuration, Administrative Templates, Windows Components, Terminal Services, Client Server Data Redirection.
4. Open Allow Time Zone Redirection.
5. Click Enabled.
6. Click OK.

Changes to this setting only apply to new Windows Terminal Server sessions.

Note Only Tarantella version 3.4+ clients are capable of time zone redirection.