Saturday, August 9, 2008

Terminal Services and Application/Administrative Mode

Something's Broken

The other day I was in the midst of a troubleshoot and needed to Remote Desktop into some machine. I ended up getting the angry message:

To log onto this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User group does not have this right, you must be granted this right manually.

This was a little odd as I was actually an Administrator on the box. I checked the rights on the machine and sure enough had the privileges I needed to get in, so what now?

Punch Line

I'll jump right to the problem. As it turns out someone had put Terminal Services into Application mode, but not installed any Client Access Licenses. After you do this you get a fixed amount of time (30 days maybe) before Terminal Services locks down all connections (except the console connection).

Terminal Services

When you first install Windows 2003, Terminal Services is installed in Remote Administration mode. This mode allows 2 concurrent connections from anyone as long as they have sufficient credentials. You can opt to install the "Terminal Server" component in Add/Remove Windows Components which will effectively puts Terminal Services into Remote Application mode. This allows a large number of concurrent connections so long as the users all have Client Access Licenses (CALs) (per User) or you install a bunch of CALs on the users machines (per Device).

Should you put Terminal Services in Remote Application mode and opt not to install any CALs you have a finite amount of time before Terminal Services locks down and no one's able to get in (besides the console login).

How to Discern the Terminal Services Licensing Mode (Windows 2003)

To check to see if a Terminal Services is in Administrative mode or Application mode perform the following steps on the machine.

  1. Open the Control Panel. Open up Administrative Tools.
  2. Open up Terminal Services Configuration.
  3. Click on the Server Settings folder and look at the Licensing setting.
  4. If the Licensing key says Remote Desktop for Administration you're in Administration mode. If it says Per User or Per Device, you're in Application mode.Terminal Services in Administration mode.

To change the mode simply double click on the Licensing key. There'll be a link to Add/Remove Windows components where you can install the Terminal Server component which will put Terminal Services in Application mode, or remove the component to put Terminal Services back in Administration mode.

HTH Someone,
Tyler

1 comment:

Toby O'Donnell said...

Every businessman knows how important it is to find smart IT professionals. Therefore, in matters of remote administration, I resorted to outsourcing php developer http://www.nixsolutions.com/services/custom-software-development/ . I have long been cooperating with this company and you know, I`m very pleased with the work that guys perform for me.