How do I find TCP properties in Remote Desktop?

Where is RDP-tcp properties?

Archived Forums

>

Windows Server 2012 General

• Question

• 1

  Sign in to vote

  We limit who can access RDP on Server 2003 and Server 2008 through active directory groups. We apply these groups in 2008 through start -> administration tools -> remote desktop services -> remote desktop session host configuration. Then you would right click -> properties on the RDP-tcp connection. From there you would choose the security tab and enter the AD groups you wanted to have access rights.

  For the life of me, I cannot find this anywhere in Server 2012. Any help would be greatly appreciated.

  Wednesday, February 27, 2013 8:43 PM

Answers

• 3

  Sign in to vote

  RDS Controls access using thethe Local Group "Remote Desktop Users" by default.

  You can add active directory security groups to this group with the local users and groups mmc (lusrmgr.msc) or by changing/adding user groups to the collectíon inserver manager as in the screenshot below.

  Hope this helps you out!

  ---

  MCT MCSE: Private Cloud/Server, Desktop Infrastructure

  
  
  • Edited by Johan DahlbomMVP Sunday, March 3, 2013 7:21 PM
  • Proposed as answer by Johan DahlbomMVP Sunday, March 3, 2013 7:31 PM
  • Marked as answer by Aiden_Cao Monday, March 4, 2013 5:59 AM

  Sunday, March 3, 2013 7:18 PM

All replies

• 3

  Sign in to vote

  RDS Controls access using thethe Local Group "Remote Desktop Users" by default.

  You can add active directory security groups to this group with the local users and groups mmc (lusrmgr.msc) or by changing/adding user groups to the collectíon inserver manager as in the screenshot below.

  Hope this helps you out!

  ---

  MCT MCSE: Private Cloud/Server, Desktop Infrastructure

  
  
  • Edited by Johan DahlbomMVP Sunday, March 3, 2013 7:21 PM
  • Proposed as answer by Johan DahlbomMVP Sunday, March 3, 2013 7:31 PM
  • Marked as answer by Aiden_Cao Monday, March 4, 2013 5:59 AM

  Sunday, March 3, 2013 7:18 PM

• 0

  Sign in to vote

  Well hidden ! Many Thanks - And where can we find RDP remote session control (to share sessionscreen with the user ?)

  
  
  • Edited by technique-ab Thursday, June 13, 2013 12:35 PM
  • Proposed as answer by IS_Support-cross-check.com Monday, July 20, 2015 2:24 PM

  Thursday, June 13, 2013 12:33 PM

• 0

  Sign in to vote

  I use "remote desktop session host configuration" on the win7 / server 2008r2 and then connect to ... (server 2012 / 2012R2)

  after that I can set upRDP-tcp 8.0

  Big question where this tool in windows 2012 / 2012R2...
  • Edited by Alex_KV Sunday, December 15, 2013 5:07 PM

  Sunday, December 15, 2013 5:06 PM

• 0

  Sign in to vote

  I tried logging into the 2008R2 server, then as you mentioned, it is not allowing me to remote into 2012R2 server.

  Thursday, February 4, 2016 8:22 PM

• 0

  Sign in to vote

  You posted to a stream that was answered almost three years ago and you do not describe your problem. Please open a new post and provide a detailed description of your environment, how you have configured your system, and what sort of errors you are seeing.

  ---

  . : | : . : | : . tim

  Thursday, February 4, 2016 11:02 PM

• 0

  Sign in to vote

  Hello,

  I have the same problem on Windows 2012 - no "remote desktop session host configuration" tool. Adding security groups to local "Remote Desktop Users" group does not solve the issue.

  Imagine you have 2 RDS Services - listener protocols:

  RDP-tcp listener - a Microsoft one

  ICA-tcp listener - a Citrx one

  Both listeners use the same RDS services. In some situations we want some users to use only ICA listener and not RDP listener. This was possible to setup such security on RDP or ICA listener security Tab in "remote desktop session host configuration" tool - not anymore. If you add anyone to The question is where we can change such security on Windows 2012 ?

  Wednesday, June 28, 2017 11:36 AM

• 0

  Sign in to vote

  Have the same problem. With Citrix this is quite important.

  Where I can modify ICA-tcp listener ?

  previouslythere was tsconfig.mcs console (Windows 2008) and tscc.msc (Windows 2003), now I can see only option is edit registry manually, which is moving us to medieval ages. We need Gui for that.

  Friday, March 9, 2018 10:54 AM

Editing RDPTcp Connection Settings

Last Updated on Fri, 07 Jan 2022 | Learning Windows Server

Although the default connection name is RDP-Tcp, you can use any name for this connection. When you see the term RDP-Tcp connection properties in technical documents, it often means the properties of the default Terminal Services connection. The connection properties dialog box has the following tabs:

■ General By editing the properties of this tab, you can configure the connection's encryption and authentication properties.

■ Log On Settings Use this tab to configure information about accounts used for sessions.

■ Sessions Use this tab to set session time limits and configure whether the server allows reconnection.

■ Environment Use this tab to configure which applications launch when a user initiates a session.

■ Remote Control Use this tab to specify whether administrators have remote control access to client sessions.

■ Client Settings By editing the settings on this tab, you can limit the depth of colors displayed and the local resources clients can use in the Terminal Services session.

■ Network Adapter Use this tab to specify the maximum number of sessions supported and which network adapter the connection uses. You can select either all network adapters or one specific adapter.

■ Security By editing the properties on this tab, you can specify which users or groups can connect to Terminal Services sessions and have access to functions such as remote control.

In the next few pages, you learn how to configure specific settings that are relevant to the 70-649 upgrade exam.

You set the authentication and encryption of the session through the General tab shown in Figure 12-2. The security layer can be set to RDP, SSL (TLS 1.0), or Negotiate. Microsoft Windows XP clients prior to Service Pack 3 do not support RDP security. SSL provides stronger encryption than RDP, supports earlier clients, but requires an SSL certificate. You can create a self-signed certificate on the Terminal Services server, but unless you take further steps, clients will not trust this certificate. Consider deploying an enterprise certification authority (CA) in your environment and using it to issue the Terminal Services server with a Secure Sockets Layer (SSL) certificate. If Terminal Services is to be used by third parties, consider obtaining an SSL certificate from a commercial CA.

FIGURE 12-2 Connection security and encryption.

After Terminal Services authenticates a session, using RDP or SSL, the encryption level determines the encryption strength of the connection. The FIPS Compliant level uses Federal Information Process Standard (FIPS) 140-1 validated encryption methods. If you specify this level, clients that do not support these methods cannot connect. The High encryption level uses 128-bit encryption. Some older RDP clients do not support this level of encryption. The Client Compatible setting allows encryption at the maximum key length supported by the client. The Low encryption level uses 56-bit encryption. When Low encryption is used, the client encrypts data sent to the server, but the server does not encrypt data sent to the client.

If the Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication Setting is enabled, user authentication occurs before the Terminal Services session is initiated. Although Windows XP with Service Pack 3 supports Network Level Authentication, not all RDP client software supports this feature. You cannot enable the Network Level Authentication option if the RDP Security Layer is in use.

The Log On Settings tab, shown in Figure 12-3, enables you to specify whether a client's account information or Terminal Services uses a specific general user account. General user accounts are useful in kiosk scenarios. You can also configure the Terminal Services server so that it prompts connecting users for passwords.

On the Sessions tab, you can configure how the Terminal Services server treats disconnected sessions as well as specify active and idle session limits. You can use an idle session limit to terminate a session when the user has been inactive within the session for a certain amount of time. This stops users from taking up resources on a Terminal Services server when they are not actually doing anything with their session. You use active session limits to specify the maximum length of time a user's session may stay connected. Use the End A Disconnected Session limit to allow users to reconnect for a certain amount of time if they are accidentally disconnected. If they do not reconnect within the specified time, Terminal Services ends their session. In Figure 12-4, you can see settings that will allow users to reconnect to disconnected sessions after 30 minutes, will terminate idle sessions after an hour, and will limit the length of any single session to eight hours.

FIGURE 12-3 Log-on settings.FIGURE 12-4 Session settings.

You can use the Remote Control tab of the RDP-Tcp Properties dialog box, shown in Figure 12-5, to set the level of assistance that support staff can provide to those connected to Terminal Services sessions. The default setting uses the settings configured on the Remote Control tab of the user's account Properties in Active Directory Users and Computers. The default settings for Remote Control in Active Directory are to allow remote control and interaction if the user grants permission. By configuring this setting, you can block the use of remote control, allow it with the user's permission, or allow it without prompting the user.

You can configure remote control so that a helper can interact with the session or simply view the session without interacting. When you configure the Do Not Allow Remote Control or Use Remote Control With the Following Settings options, you override the settings applied through the user's account properties.

figure 12-5 Remote control settings.

You can block client attempts to redirect resources through the Client Settings tab of a connection's properties in Terminal Services configuration, as shown in Figure 12-6. You can limit the maximum color depth displayed to 8, 15, 16, 24, or 32 bits per pixel, and you can disable the redirection of local volumes, printers, LPT and COM ports, Clipboard, Audio, and Plug and Play devices.

figure 12-6 Limiting client resources.

On the Security tab, you can configure which groups and users have User Access, Guest Access, and Full Control over the Terminal Services service. User Access allows you to connect and log on locally. Guest Access allows logon but not connections to existing sessions. If Terminal Services has been deployed on a domain controller, it will be necessary also to modify the Allow Log On Through Terminal Services policy to allow remote desktop access. As you can see in Figure 12-7, the default settings allow members of the local Remote Desktop Users group User Access and Guest Access. The local Administrators group is assigned Full Control permission.

figure 12-7 RDP-Tcp Security.

You can set specific permissions by clicking Advanced on the Security tab of the RDP-Tcp Properties dialog box. Rather than just setting Full Control, User Access, or Guest Access, the Advanced permissions enable you to set more granular rights. As Figure 12-8 shows, you can give security principals the right to use Remote Control to view an active session, forcibly disconnect a user from a session, configure connection properties, and obtain information about Terminal Services servers and sessions. You can use these permissions to allow Help Desk staff access to Remote Control functionality over user sessions without having to grant them local Administrator access on the Terminal Services server.

II Permission Entry for RDP-Tcp

Apply to: J This object only

Apply to: J This object only

'emissions:	A||o„	Deny
Query Information	□	□
Set Information	□	□
Remote Control	□	□
Logon	□	□
Logoff	□	□
Message	□	□
Connect	□	□
Disconnect	□	□
Virtual Channels	□	□

|— Apply these permissions: to objects and/or Managing permissions

|— Apply these permissions: to objects and/or Managing permissions

FIGURE 12-8 Advanced RDP-Tcp permissions.

Continue reading here: Terminal Services Manager

Was this article helpful?

+1 0

Terminal Services Configuration

Once you have installed the TS role and the Terminal Server role service, you can configure TS using TS Configuration. TS Configuration allows you to determine the TS connections that are on the computer and their properties, as well as the server settings. There can be only one connection for each network interface card (NIC) or network adapter in the computer, and all connections use RDP with TCP/IP. Therefore, if you have only one NIC or network adapter, the default connection is all that you need. There are, though, some important settings in the connection's Properties dialog box. Look at both the connection's settings and the server settings that are available in TS Configuration with these steps:

1. Open TS Configuration by clicking Start | Administrative Tools | Terminal Services | Terminal Services Configuration.
   Or, in the Server Manager window, open Roles and Terminal Services, and click Terminal Services Configuration.
   In either case, Terminal Services Configuration will open, either within the Server Manager or within its own window.
2. Add additional connections if you have more than one NIC or network adapter, by clicking Create New Connection in the Actions pane on the right. The Terminal Services Connection Wizard will open. Click Next, enter the connection name and comments, and click Next. Select the network adapter to use and the number of connections. Click Next, review your settings, and click Finish.
3. To change the properties of an existing connection, right-click the connection, such as the default RDP-TCP connection, and click Properties. The RDP-TCP Properties dialog box will open.
4. Go through each of the tabs. The settings you can change are as follows:
   • General Add a comment to the connection's description and switch to High encryption.
   • Log On Settings Provide automatic logon by specifying the logon information to always use and whether a password will be requested.
   • Sessions Determine when to end a terminal session and how to reconnect if disconnected.
   • Environment Specify which, if any, program should be started when the user logs on, and what folder it should point to.
   • Remote Control Determine whether to allow the remote control or observation of a user's terminal session and set the conditions under which it is allowed.
   • Client Settings Specify which of the client devices and capabilities will be available during a terminal session.
   • Network Adapter Specify the NIC or network adapter that will be used for this connection and the maximum number of connections to be allowed.
   • Security Determine the permissions to be allowed for a particular group or user and add groups and users as desired.
5. When you have completed any changes you want to make, click OK to close the connection's Properties dialog box and return to Terminal Services Configuration.
6. Click Server Settings. The settings will appear on the right of the windows. These settings are self-explanatory. The settings are changed by right-clicking one of them, clicking Properties, and choosing the desired settings as shown next.
7. When you have completed making your changes, click OK to close the Properties dialog box.

[Previous] [Contents] [Next]

How to Modify ICA-TCP Listener with Remote Desktop Session Host Configuration for XenApp

Article | Configuration | {{likeCount}} found this helpful | Created: {{articleFormattedCreatedDate}} | Modified: {{articleFormattedModifiedDate}}

download Why can't I download this file? Log in to Verify Download Permissions