Daniel's IT Blog

Where is Telnet in Vista/Longhorn beta builds?

Telnet is now made an optional component in Vista and Longhorn Servers. This means if you type telnet in command shell, you will be out of luck.

Why have microsoft done so?

As time has passed, fewer users use telnet. Thus, to decrease the foot print as well as the attack surface, they decided to make it an optional component.

Great, now how do I get telnet client/server working again?

Vista -

Use software explorer or Click Start, Control Panel, Programs, and then Turn Windows Features on or off. In the list, scroll down and select Telnet Client. Click OK to start the installation.

Longhorn -

Use RMT to install

If you want to use command line options - please use the following commands -

Command line to install telnet server:

start /w pkgmgr /iu:"TelnetServer"

Command line to install telnet server:

start /w pkgmgr /iu:"TelnetClient"

enjoy...

Hi Everyone,
            A lot of people have asked me whether Microsoft have released a version of the adminpak.msi for Windows Vista.  Unfortunately, in the current builds there is no version, and will not be until the final release.

If like me, you use the Windows Server 2003 Admin Tools very frequently this becomes a real pain, and, If you try to install the current  win server 2003 release adminpak in vista it will give you an error saying 'wrong version' which relates to the windows version check. 

However, you can create your own installer for the admin tools pak (win2k3) which WILL work on Windows Vista, and I am going to show you how!

As Mentioned above, The Windows 2003 SP 1 Admin Pack cannot be installed on a Windows Vista  machine due to a version check in the installer. Since there is also a bug with the compatibility mode for elevated processes, you must modify the MSI file to remove the version check.

Below are instructions for modifying the MSI.

Note that the same basic process may be used to correct version issues with other installers.

Download & install Windows Server 2003 SP1 Platform SDK from http://www.microsoft.com/downloads/details.aspx?FamilyId=A55B6B43-E24F-4EA3-A93E-40C0EC4F68E5&displaylang=en

Once installation has completed, install Orca.msi (Located in %Program Files%\Microsoft Platform SDK\Bin)

Unpack adminpak.exe
 
Select adminpak.msi, Right-click and choose Edit with Orca

In the ‘Tables’ view (left pane) select ‘LaunchCondition’

Select in the right pane:   ‘Condition’ = (MsiNTSuitePersonal <> 1) AND ((VersionNT = 501 AND  (ServicePackLevel >= 1 OR QFE_DSPROP = "Yes")) OR (VersionNT = 502 AND ServicePackLevel <= AdminpakServicePackLevel ) )

Select ‘Transform’ à ‘New Transform’

Edit:   ‘Condition’ = (MsiNTSuitePersonal <> 1) AND ((VersionNT = 501 AND  (ServicePackLevel >= 1 OR QFE_DSPROP = "Yes")) OR (VersionNT = 502 AND ServicePackLevel <= AdminpakServicePackLevel ) ) to ‘Condition’ = (MsiNTSuitePersonal <> 1) AND ((VersionNT = 501 AND  (ServicePackLevel >= 1 OR QFE_DSPROP = "Yes")) OR (VersionNT = 600 AND ServicePackLevel <= AdminpakServicePackLevel ) )

Select ‘File’ à ‘Save Transformed As…’ and save to AdminPak_Vista.msi

Close Orca

Install AdminPak_Vista.msi on computer running Windows Vista

Easy! hope this helps.

Hi Everyone,
in my last blog on terminal services in longhorn server, i discussed the installation and setup of remote programs. Taking it one step this further in this post, we will discuss one of the other 2 major components of Terminal Services, TS Web Access (TS Gateway to follow in the next blog).

Ok let's jump straight into it: TS Web Access

What is Terminal Services Web Access?

TS Web Access is a feature that makes Remote Programs available to users from a Web browser. With TS Web Access, a user can visit a Web site—either from the Internet or from an intranet—to access a list of available Remote Programs. When a user starts a Remote Program, a Terminal Services session is started on the terminal server that hosts the Remote Program.
TS Web Access includes a default Web page that you can use to deploy Remote Programs over the Web. The Web page consists of a frame and a customizable Web Part, where the list of Remote Programs is displayed. Alternatively, you can incorporate the Web Part into a Microsoft Windows SharePoint Services site.

Deploying TS Web Access:

You must install the TS Web Access role service on the Windows Server "Longhorn"-based server that you want users to connect to over the Web to access Remote Programs. When you install TS Web Access, Microsoft Internet Information Services (IIS) 7.0 is also installed as a required component.
After you install TS Web Access, you can specify the data source to use to populate the list of Remote Programs that appears in the Web Part. The Web server can populate the list from an external data source. Therefore, the Web server does not have to be a terminal server.
If you want users to access the Web page from the Internet, you can use TS Gateway to help secure remote connections.

TS Web Access Data Sources

TS Web Access can populate the list of Remote Programs that appear in the Web Part from either of the following data sources:
• Active Directory directory service
• A single terminal server
By default, the list of Remote Programs is populated from Active Directory.
If Active Directory is specified as the data source, the list of Remote Programs that appears in the Web Part is specific to the individual user. Only .msi packages (with an .rap.msi file name extension) that are published for that specific user by using Group Policy software distribution appear in the list.
If a single terminal server is specified as the data source, the list of available Remote Programs that appears in the Web Part is not specific to the user. Instead, all Remote Programs that are configured for Web access on that server's Allow List appear on the page.

Install the TS Web Access Role Service

Install the TS Web Access role service on the server that you want users to connect to over the Web to access Remote Programs. When you install the TS Web Access role service, Microsoft IIS 7.0 is also installed.

To install TSWeb access role service it is pretty much the same procedure you would follow to install Terminal Services and setup Remote programs.

The server where you install TS Web Access acts as the Web server. The server does not have to be a terminal server. After you install TS Web Access, you can configure TS Web Access to populate the list of Remote Programs from Active Directory or you can designate a single terminal server as the data source.

To install TS Web Access (if the Terminal Services role is already added)

First up, go to server manager (Start> Server manager or servermanager.msc)

Under Roles Summary, click Terminal Services. Under Role Services, click Add role services.

Then on the select components screen select TS Web Access, it will also prompt you to install additional supporting services (IIS7 etc) so choose 'Add Required Role Service'

then choose next.

On the Intro screen, hit next.

On the role services screen select next

On the confirm installation Options screen, hit install.

on the installation completed page, choose close.

you will now see the role in the list.

Use Active Directory as the Data Source

By default, TS Web Access populates its list of Remote Programs from Active Directory. When Active Directory is specified as the data source, the Terminal Services Remote Programs Web Part is populated by the Remote Program .rap.msi packages that are published to a user through Group Policy software distribution. The advantages to this deployment method are as follows:

• TS Web Access will only display packages that are specific to the current user.
• Remote Program .msi packages that point to different terminal servers can all be consolidated into a single list in the Terminal Services Remote Programs Web Part.

To specify Active Directory as the data source

1. Use Internet Explorer to connect to the default TS Web Access Web page. By default, the Web page is located at the following address (where server_name is the NetBIOS name or fully qualified domain name (FQDN) of your TS Web Access server): http://server_name/ts
2. Log on to the site by using an account that is a member of the local Administrators group or by using an account that is a member of the TS Web Access Administrators local group. (If you are already logged on to the computer as one of these accounts, you are not prompted for credentials.)

Note In Windows Server "Longhorn" Beta 2, the TS Web Access Administrators local group is added when you install TS Web Access. To open the Local Users and Groups snap-in, click Start, click Run, type lusrmgr.msc and then click OK.
3. In the upper-left corner, under Personalization Scope, click Shared.
4. In the Display Mode list, click Edit.
5. At the top of the Web part, click the drop-down arrow on the right side of the Terminal Services Remote Programs bar, and then click Edit.
6. Under Terminal Services Remote Programs Properties, click Active Directory.
7. Click OK to apply the changes and to close the Editor Zone dialog box.

Now as per my previous blog, web accessed applications are added/controlled via the remote programs screen.

The one field you need to worry about is the TS Web Access Column, as long as the application has a yes in there, you will see it displayed on the web access screen.

If you want to use Active Directory as the data source to populate the Terminal Services Remote Programs Web Part, you must do the following:

1. On the terminal server where you added Remote Programs, create an .msi package for each Remote Program that you want to make available through TS Web Access.
Important

If Active Directory is specified as the data source, Remote Programs must have an .rap.msi file name extension to appear in the Web Part. When you create the .msi package from a Remote Program that is enabled for TS Web Access, the package is automatically created with an .rap.msi file name extension. If the Remote Program is not enabled for TS Web Access when you create the package, the package is created with an .rdp.msi extension. If you created an .rdp.msi package and you later want to make the package available for TS Web Access, you can rename the file name extension to .rap.msi.

2. Make sure that the .rap.msi packages are saved to a shared network folder, and that users have access to the shared folder.

3. Distribute the .rap.msi package to users by using the Software installation node in Active Directory Group Policy.
Note: to locate the Software installation node in a Group Policy object (GPO), expand Software Settings under User Configuration, and then click Software installation. For more information about how to use Group Policy software distribution, see the Microsoft Knowledge Base article "How to use Group Policy to remotely install software in Windows Server 2003" (http://go.microsoft.com/fwlink/?LinkId=29166).

4. Make sure that the computer account of the server that is running TS Web Access has Read access to the Remote Programs that you make available by using .rap.msi packages. To do this, make sure that the software distribution Group Policy settings are also applied to the computer account of the TS Web Access server.

• If you applied the GPO at the domain level, and you do not use security filtering to filter the scope of the GPO, the TS Web Access server automatically has Read access.

• If you applied the GPO at the domain level, and you use security filtering, or if you applied the GPO to an organizational unit (OU) that contains both the computer account of the TS Web Access server and the users who you want the policy to apply to, you must add the computer account of the TS Web Access server to the list of users and groups on the Security tab when you view the properties of the GPO. When you add the account, make sure it has both Read and Apply Group Policy permissions.

• If you applied the GPO to an OU that contains the users who you want the policy to apply to, and the computer account of the TS Web Access server is in a separate OU, you must link the GPO to the OU that contains the computer account of the TS Web Access server. Additionally, you must add the computer account of the TS Web Access server to the list of users and groups on the Security tab when you view the properties of the GPO. When you add the account, make sure it has both Read and Apply Group Policy permissions.

Note: Before you can add a computer account to the list of users and groups on the Security tab when you view the properties of the GPO, you must click Add, click Object Types in the Select Users, Computers, or Groups dialog box, select the Computers check box, and then click OK.

Use a Single Terminal Server as the Data Source

By default, TS Web Access populates its list of Remote Programs from Active Directory. However, you can configure the Terminal Services Remote Programs Web Part to populate its list of Remote Programs from a single terminal server instead. This is known as the Simple Publishing configuration. When a single server is specified as the data source, the Web Part is populated by all Remote Programs that are configured for Web access on that server's Allow List. When a single terminal server is used as the data source, the list of programs is not customized for the user.

To specify a single terminal server as the data source

1. Use Internet Explorer to connect to the default TS Web Access Web page. By default, the Web page is located at the following address (where server_name is the NetBIOS name or FQDN of your TS Web Access server): http://server_name/ts

2. Log on to the site by using either an account that is a member of the local Administrators group or by using an account that is a member of the TS Web Access Administrators local group. (If you are already logged on to the computer as one of these accounts, you are not prompted for credentials.)

Note: In Windows Server "Longhorn" Beta 2, the TS Web Access Administrators local group is added when you install TS Web Access. To open the Local Users and Groups snap-in, click Start, click Run, type lusrmgr.msc and then click OK.

3. In the upper-left corner, under Personalization Scope, click Shared.
4. In the Display Mode list, click Edit.
5. At the top of the Web Part, click the drop-down arrow on the right side of the Terminal Services Remote Programs bar, and then click Edit.

6. Under Terminal Services Remote Programs Properties, click Terminal Server.
7. In the Terminal Server Name box, type the name of the terminal server that you want to use as the data source.
8. If you want to configure access to the Remote Programs on the terminal server through TS Gateway, select the Use TS Gateway check box. Additionally, you must do the following:

a. In the TS Gateway Name box, type the name of the TS Gateway server.
Important
The server name must match what is specified in the SSL certificate for the TS Gateway server.
b. Under Gateway Authentication Method, click either Smart Card or Password depending on your environment.
9. Click OK to apply the changes and to close the Editor Zone dialog box.
10. If the TS Web Access server and the terminal server that you specified as the data source in Step 7 are separate servers, you must add the computer account of the TS Web Access server to the Terminal Server Publishing Access group on the terminal server. To do this, follow these steps on the terminal server:

a. Open the Local Users and Groups snap-in. To do this, click Start, click Run, type lusrmgr.msc and then click OK.
b. In the left pane, click Groups.
c. In the right pane, double-click Terminal Server Publishing Access.
d. In the Terminal Server Publishing Access Properties dialog box, click Add.
e. In the Select Users, Computers, or Groups dialog box, click Object Types.
f. In the Object Types dialog box, select the Computers check box, and then click OK.
g. In the Enter the object names to select box, specify the computer account of the TS Web Access server, and then click OK.
h. Click OK to close the Terminal Server Publishing Access Properties dialog box.

To Access TS Web Access from the client

By default, you can access the TS Web Access Web page at the following location (where server_name is the NetBIOS name or FQDN of the Web server where you installed TS Web Access):
http://server_name/ts

Important:

If you specified Active Directory as the data source, and you want to test TS Web Access while logged on locally to the TS Web Access server or while connected to the server's desktop over a Remote Desktop connection, you must turn off protected mode for the local intranet zone.

To turn off protected mode
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Security tab, in the Select a zone to view or change security settings box, click Local intranet.
4. Clear the Enable Protected Mode check box, and then click OK.
5. Click the Refresh Current Page button (green button with arrows) to refresh the Internet Explorer page.

Client Requirements and Configuration

To connect to TS Web Access, the client computer must be running any one of the following operating systems:
• Microsoft Windows Server "Longhorn" Beta 2
• Microsoft Windows Server 2003 with SP1
• Microsoft Windows Vista
• Microsoft Windows XP with SP2

Additionally, the client computer must be configured as follows:

• The client computer must be running Remote Desktop Connection (RDC) client 6.0. If you are running an earlier version of the RDC client, you are prompted to upgrade the client when you visit the TS Web Access Web page.

Note: RDC client 6.0 is not yet available on the Microsoft Windows Update site. For the Windows Server "Longhorn" Beta 2 release, you can download the RDC client 6.0 installer package from the Microsoft Connect Web site (http://go.microsoft.com/fwlink/?LinkId=49779).

• The Terminal Services ActiveX Client control must be enabled. If you are prompted to run the Terminal Services ActiveX Client control when you access TS Web Access, click the message line, click Run ActiveX Control, and then click Run.

Note: If you are running Windows Server "Longhorn" Beta 2 or Windows Vista click the bubble at the lower-right corner of the screen (if it appears) to enable the ActiveX control.

• The TS Web Access server must be added to the Trusted sites zone or the Local intranet zone in Internet Explorer. To do this, use the following method:

Note: If you are running Windows Server 2003, you may be automatically prompted to add the URL of the TS Web Access server to the Trusted sites zone when you visit the TS Web Access Web site. To add the site to the Trusted sites zone, click Add, make sure that the Require server verification (https for all sites in this zone box is cleared if the site does not require server verification, click Add, and then click Close. To manually add the site to the Trusted sites zone or to the Local intranet zone, use the method described in the following procedure.

Add site to Local intranet or Trusted sites zone by using Internet Options
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. Click the Security tab.
4. If the TS Web Access server is on your intranet, click Local intranet. Otherwise, click Trusted sites.
5. Click Sites.
6. Use one of the following procedures, depending on the zone that you selected:

• If you are adding the site to the Local intranet zone, click Advanced. In the Add this website to the zone box, type the URL of the Web server (for example, type http://server_name), and then click Add. If the site does not require server verification, clear the Require server verification (https for all sites in this zone box. Click Close to apply the settings. (In Windows XP, click OK to apply the settings.)

• If you are adding the site to the Trusted sites zone, in the Add this website to the zone box, type the URL of the Web server (for example, type http://server_name), and then click Add. If the site does not require server verification, clear the Require server verification (https for all sites in this zone box. Click Close to apply the settings. (In Windows XP, click OK to apply the settings.)

If you remember from my previous example, I published Remote Calculator.

So here it is under my TS Web Access (after saying yes to activex)

Once you click on the icon, it will start your rdc to the published application and will open exactly the same as any other remote program (see previous blog)

Easy as that!

I will be covering TS gateway in my next blog, but if you have any questions at all regarding the above, shoot me an email!