In this part ofThe document shows how to install Terminal Services and/or a related component, since in the other documents it will be assumed that these services are already installed.

To install Terminal Server roles or roles, We need to go to the server management console and add the following function “Terminal Services”,

It gives us a brief overview of what terminal services are, Continue, “Following”,

And here we have to mark the function that we are interested in our server having, whether it will be a TS server or a license server, or a Session Broker, or a gateway server or Web Access service. We mark the option that interests us. Eye! it is very important that if we are going to install a Terminal Services server, let's install the first of all after the S.O. This function, before installing any other app, since applications on terminal servers need to be installed with terminal mode enabled, because if we can't have some kind of compatibility problems, and of course that these applications are compatible with TS. Well, we mark the roles that interest us and “Following”,

Open some features that have their requirements, how Web Access needs IIS and if it is not installed it will install it or the RCP Gateway over HTTP function… Click on “Add required features”,

This is where it warns us that some of the applications we have installed may not work for us, “Following”, and that if we are going to install one after installing TS we must do it from the “Panel de Control”,

Terminal Server and Remote Desktop Connection 6.0 support Network Level Authentication (NLA), A new type of authentication, that authenticates the user, to the client computer and the server's credentials to each other. This means that authentication is now performed before the Terminal Services session is lifted and the user is presented with the login screen. With previous Remote Desktop Connection clients 6.0, TS sessions were initiated as soon as the user clicked on “Connect”, and this creates a window of opportunity for malicious users to perform Denial of Services attacks (Two) and steal credentials via a man-in-the-middle attack (MITM). If we want, we can enable it from now on, or later.

He asks us about the type of licensing, can be per device or per user (depending on the licenses we have) and if we don't have a license server installed or we don't know it yet, Can “Set them up later”,

Now we need to select at least one group of users who will be able to connect to this Terminal Server. Otherwise, This installation will create a group called “Remote Desktop Users”, putting them in this group will be enough, “Following”,

If we have selected the Gateway component, we can enter a certificate now to secure the connection of the clients, But this is something that we will do later, “Following”,

When you install Gateway, asks us if we have already created CAP policies (Connection Authorization Policy) and RAP (Resource Authorization Policy). We can do it now or later on the console.

We need to add a group to associate it with the authorization policies, Let's go the group that will be able to connect using Gateway, then all of this will be seen in the Gateway settings,

We give the Conection Authorization Policy a name – CAP and authentication type, whether using passwords or smart cards,

And the same for the RAP or Resource Authorization Policy, give you a name and from which computers we will let them connect to the TS servers, whether from specific ones or from any,

He tells us that now with NPS or Network Policy Server we will be able to secure the connection or configure it with some policies, this would be the replacement for IAS. NPS (Network Policy Server) Use SHVs (System Health Validators) to analyze the health status of the equipment. “Following”,

We can install it and then configure it if we are interested in any of them, for example the NPS will be interesting,

This is because you have checked to install TS Web Access (TS Web Access), You don't have to mark it, It depends on your organization, If you have servers how to separate functions, “Following”,

We mark the components we need, those required for Web Access will be marked,

We check all the previous steps to begin the installation of the component that we have marked from Terminal Server, Pressed “Install”,

… Installation Process…

OK, all perfectly installed, For certain components we will have to restart the server, we do this after clicking on “Close”,

“Yes” to restart the system,

Once the server is restarted, the configuration of certain components will be finalized…

Ok, Everything is already installed, Click on “Close”. Now you have to go function by function configuring them.

www.bujarra.com – Héctor Herrero – Nh*****@bu*****.cOm – v 1.0