none
Where is the Remote Desktop Session Host Configuration tool in Server 2012 ?

    Question

  • Where is the Remote Desktop Session Host Configuration tool in Server 2012 ?

    This is an MMC snap-in found on earlier servers, even if RDS is not installed.  In Server 2012, even if the Remote Desktop Session Host role is installed, this tool is still not available.

    I'm looking for the Server 2012 tool to adjust security settings like TLS authentication, High encryption level, choice of TLS certificate, NLA, etc.

    Thanks!

    Tuesday, June 19, 2012 4:01 PM

Answers

All replies

  • Hi Martin,

    I hate to disappoint you, but the Remote Desktop Session Host Configuration tool in no longer exists in Windows Server 2012. :-)
    You need to configure this with the new server manager console.

    You can find these settings on the Session Collection Properties. Assuming that you already created a Session Collection of course.

    Some more info:

    Here's a guide to configure the quick deployment:
    http://social.technet.microsoft.com/wiki/contents/articles/10421.deploying-the-rds-quick-start-deployment-type-in-windows-server-2012-for-session-virtualization.aspx

    And some testlab guides:

    Test Lab Guide: Remote Desktop Services Session Virtualization Quick Start

    Test Lab Guide: Remote Desktop Services Session Virtualization Standard Deployment


    Kind regards,

    Freek Berson
    The Microsoft Platform
    Twitter
    Linked-in
    Wortell company website

    Tuesday, June 19, 2012 5:37 PM
  • Thank you Martin.  It is disappointing because when RDS is not installed and there isn't a Session Collection, but you need to reconfigure or audit the Remote Desktop security settings for RDP, how is it done?  Is there another tool or PowerShell cmdlet?  After making the changes through Group Policy, it appears we'll have to query the registry directly to confirm proper settings.  And if the certificate selected for TLS authentication is not correct, this will be a real pain to reconfigure by direct registry edits...  Didn't Microsoft think of this?? 

    Tuesday, June 19, 2012 7:09 PM
  • Hi,

    Thanks for your question.

    For best practice, I would suggest that we post this issue at Windows Server 8 forum. You can start a discussion there, and give a feedback of server 2012 RDS component, which can get attention with experts who interested with it. Your understanding is highly appreciated.

    Windows Server "8" Beta General

    http://social.technet.microsoft.com/Forums/en-US/winserver8gen/threads

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    Thursday, June 21, 2012 3:34 AM
  • I thought this was the windows server forum.  Isn't windows 2012 server a "windows server" any more? The top of the page lists it.  I have questions also as to managing a Remote Desktop server and it seems that workgroup instances have been completely left out.  Management requires a session collection... but you get this when you open server manager - Remote Desktop Services - Overview - "You are currently logged on as a local administrator on the computer. You must be logged on as a domain user to manange servers and collections."  Where is any information for configuring a RDP server to host sessions and RDP client licensing in a stand alone 'Workgroup' environment? Do we have to look at other OS options for hosting our applications other than Windows?

    Thanks, Dale

    Tuesday, November 06, 2012 6:46 PM
  • This change in the Remote Desktop configuration scheme renders Windows Server 2012 useless in our environment. Here's my scenario: We have hundreds of standalone servers in service in stores across the country. The counter stations are all ThinClient terminals connecting through RDP. The servers, for the sake of simplicity, are all configured as "workgroup" as we have no need of a domain in a single server environment. Along comes Windows "Server" 2012. In order to access the Remote Desktop configuration, the server has to be on a domain. As it is a single server environment, the server also has to be the domain controller. Remote Desktop roles such as the RD Connection Broker can't be installed on the domain controller, so you have to demote the DC in order to install other integral parts of RD. In order to demote the DC you have to have another DC to maintain access to the domain. Now we're forced to either install two servers per store so that one can be DC and the other can host the RD options, or set up a virtual machine running on the server just to be a DC for a domain we don't even need. This is ridiculous! There needs to be a way to utilize Remote Desktop configuration tools in a workgroup environment.
    • Edited by Rlo8761 Friday, November 16, 2012 10:10 PM
    Friday, November 16, 2012 10:04 PM
  • This is crazy, I am also trying to configure this on a template server therefore it's not part of a domain. MICROSOFT, what are you thinking with this craziness !

    Niamh

    • Proposed as answer by Azzuroo Monday, January 07, 2013 6:59 PM
    • Unproposed as answer by Azzuroo Monday, January 07, 2013 6:59 PM
    Monday, November 26, 2012 2:42 PM
  • That's exactly the problem i have! any solutions? because i have A LOT of standalone rds servers with windows server 2008 r2. now i'd like to create new projects with windows server 2012, but it doesn't work. and i wouldn't install always an active directory just for the remote desktop server.

    • Proposed as answer by JD-11 Friday, May 24, 2013 3:01 PM
    Monday, January 07, 2013 7:02 PM
  • You can install just the Session Host role service and manage it entirely with PowerShell:

    http://blogs.msdn.com/b/rds/archive/2012/06/28/introduction-to-windows-powershell-scripting-in-windows-server-2012-remote-desktop-services.aspx

    You will eventually also need a License Server, which can be installed on the same Session Host or a separate sever entirely.

    The RDS GUI management plug-in for Server Manager does require a domain in order to install. 


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

    Monday, January 07, 2013 7:41 PM
  • What, exactly, is the logic behind making the GUI unavailable unless your server is on a domain?

    I really don't want to have to train a few hundred store managers and warehouse IT staff on the various usages of PowerShell, just sayin'.

    Monday, January 07, 2013 7:45 PM
  • hey dgedes

    thank you!

    well than, but now i know what i have to do.

    so i think for some project's i can use the RDSH in a workgroup, and i think it is supported.

    the thing is, i thought i can outsource all my servers to azure, but now with a server for the active directory and one for the rds it is more expensive :(

    or do you know can i use the azure active directory service for this szenario? http://www.windowsazure.com/en-us/home/features/identity/


    thank you for your fast answer! 

    Monday, January 07, 2013 8:07 PM
  • How can i configure the RDSH and de Licence Server.

    There is always the failure i have to configure the Licence Mode (Device or User). How can i fix that?

    • Proposed as answer by Flagstream Sunday, September 15, 2013 6:59 PM
    Thursday, February 21, 2013 12:09 PM
  • Azzuroo, the License Mode can be set using the Group Policy Editor/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Licensing/Set the remote desktop licensing mode.

    There are other RDS settings that can be changed through Group Policy as well. It's not as simple and straight forward as it used to be, but it can be done. Hope this helps!

    • Proposed as answer by vashekcz Friday, March 29, 2013 9:34 AM
    Thursday, February 21, 2013 3:09 PM
  • Regedit.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

    • Proposed as answer by Robert Harrold Thursday, February 13, 2014 10:37 PM
    Tuesday, April 30, 2013 7:20 AM
  • So it appears for all the customers that use RDP in a workgroup environment it has become virtually impossible to host a remote application without also having the overhead of active directory. If there is a way to configure a remote app in a workgroup setting I need to know. If power shell and hacking the registry is the only way to manage a workgroup RDP server and you can't publish a remote app, most of our clients will be forced to abandon MS for their small business needs or pay someone else to manage it for them. Please advise.
    Friday, May 24, 2013 5:38 PM
  • Same problem here.It's time for us to make friends with some penguin and maybe (just maybe) sip some Wine from time to time.

    Friday, September 06, 2013 7:41 AM
  • Me too
    Tuesday, February 11, 2014 1:15 PM
  • I've managed to enable TSConfig in Windows 2012 from older Windows 2008R2 TSConfig. From a Windows 2008R2 server, copy tsconfig.msc and tsconfig.dll (from and to system32 folder) and load this into registry (also exported from 2008R2):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{80aaa290-abd9-9239-7a2d-cf4f67e42128}]
    "ApplicationBase"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
      73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,00,00
    "About"="{00000000-0000-0000-0000-000000000000}"
    "VersionStringIndirect"="@C:\\Windows\\System32\\umcRes.dll,-107"
    "ProviderStringIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,\
      00,6f,00,77,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
      5c,00,75,00,6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
      00,31,00,30,00,32,00,00,00
    "SmallFolderBitmapIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,\
      64,00,6f,00,77,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
      00,5c,00,75,00,6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\
      2d,00,31,00,32,00,30,00,00,00
    "NameString"="Remote Desktop Session Host Configuration"
    "HelpTopic"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
      74,00,25,00,5c,00,68,00,65,00,6c,00,70,00,5c,00,74,00,73,00,63,00,63,00,2e,\
      00,63,00,68,00,6d,00,00,00
    "AssemblyName"="tsconfig"
    "RuntimeVersion"="v2.0.50215"
    "Description"="Configure Remote Desktop Session Host settings"
    "DescriptionStringIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,\
      64,00,6f,00,77,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
      00,5c,00,75,00,6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\
      2d,00,31,00,30,00,31,00,00,00
    "LinkedHelpTopics"="%systemroot%\\help\\tscc.chm"
    "NameStringIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,\
      00,77,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      75,00,6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,\
      00,30,00,30,00,00,00
    "IconIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
      00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,\
      6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,\
      00,30,00,00,00
    "FxVersion"="2.0.1.7"
    "Type"="Microsoft.TerminalServices.Configuration.SnapIn.TSConfigSnapIn, tsconfig, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
    "FolderBitmapsColorMask"=dword:00000000
    "ModuleName"="tsconfig.dll"
    "Provider"="Microsoft Corporation"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{80aaa290-abd9-9239-7a2d-cf4f67e42128}\NodeTypes]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{80aaa290-abd9-9239-7a2d-cf4f67e42128}\NodeTypes\{f86e6446-aaff-11d0-b944-00c04fd8d5b9}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{80aaa290-abd9-9239-7a2d-cf4f67e42128}\Standalone]

    This Works for my Windows 2012 server, including remote configuration for other Windows 2012 servers, but maybe with some limits (reading tsconfig.msc contents it seems that other snap-in extensions are included, but I've have not exported them). Be careful, maybe Microsoft doesn't support it ;-)

    Regards

     

    • Proposed as answer by Rlo8761 Wednesday, February 19, 2014 5:47 PM
    Wednesday, February 19, 2014 11:47 AM
  • I tried this on one of my 2012 R2 boxes and it appears to be working fine. So far. I've also done the same thing with tsadmin.msc so most of my RDS headaches are solved. Here's how to make the 2008 R2 tsadmin work on 2012:

    Copy tsadmin.dll, tsadmin.msc, and wts.dll from a 2008 R2 server's \Windows\System32 folder to the same folder on the 2012 server. Create the following .reg file (or export the registry key from the 2008 R2 server's registry):

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{3FCE72B6-A31B-43ac-ADDA-120E1E56EB0F}]
    "ApplicationBase"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
      73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,00,00
    "About"="{00000000-0000-0000-0000-000000000000}"
    "VersionStringIndirect"="@C:\\Windows\\System32\\umcRes.dll,-106"
    "ProviderStringIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,\
      00,6f,00,77,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
      5c,00,75,00,6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
      00,31,00,30,00,32,00,00,00
    "NameString"="Remote Desktop Services Manager"
    "HelpTopic"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
      74,00,25,00,5c,00,68,00,65,00,6c,00,70,00,5c,00,74,00,73,00,5f,00,6d,00,61,\
      00,6e,00,61,00,67,00,65,00,72,00,2e,00,63,00,68,00,6d,00,00,00
    "AssemblyName"="tsadmin"
    "RuntimeVersion"="v2.0.50215"
    "Description"="Manage Remote Desktop Services sessions"
    "DescriptionStringIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,\
      64,00,6f,00,77,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
      00,5c,00,75,00,6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\
      2d,00,31,00,30,00,34,00,00,00
    "LinkedHelpTopics"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
      00,6f,00,74,00,25,00,5c,00,68,00,65,00,6c,00,70,00,5c,00,74,00,73,00,5f,00,\
      6d,00,61,00,6e,00,61,00,67,00,65,00,72,00,2e,00,63,00,68,00,6d,00,00,00
    "NameStringIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,\
      00,77,00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      75,00,6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,\
      00,30,00,33,00,00,00
    "IconIndirect"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
      00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,\
      6d,00,63,00,52,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,\
      00,31,00,00,00
    "FxVersion"="2.0.1.7"
    "Type"="Microsoft.TerminalServices.Monitor.SnapIn.TSManagerSnapIn, tsadmin, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
    "FolderBitmapsColorMask"=dword:00000000
    "ModuleName"="tsadmin.dll"
    "Provider"="Microsoft Corporation"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{3FCE72B6-A31B-43ac-ADDA-120E1E56EB0F}\NodeTypes]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{3FCE72B6-A31B-43ac-ADDA-120E1E56EB0F}\Standalone]

    So far it's working great. Thanks E6Sistemes!

    • Edited by Rlo8761 Wednesday, February 19, 2014 7:37 PM
    Wednesday, February 19, 2014 5:50 PM
  • This is also useful - very simple and involves no hairy registry editing

    http://community.spiceworks.com/how_to/show/29281-setting-up-a-remote-desktop-connection-to-windows-server-2012
    Monday, April 07, 2014 1:40 AM
  • Well, last month our board of directors handed down the final word - meet the penguin. The main reason we are migrating everything away from Microsoft is this Remote Desktop Services fiasco. Every time we turn around there seems to be some new aspect of Remote Desktop that we can't utilize anymore without jumping through several new hoops and using some kind of work around to get past Microsoft's Domain Exclusivity. This will cost you (Microsoft) thousands of Server installations on our part. Oh well. I'm sure you'll make lots of money off of someone else.
    Friday, May 02, 2014 2:05 PM
  • So, after spending a lot of time looking around for a solution to RDP-TCP configuration (which was a very handy in previous versions) I gave up on these settings and just reverted to Group Policies instead. The changes you require can be set through either local group policie (LGP) or a Group Policy Object (GPO) through Active Directory, which is suitable for Workgroup and Active Directory.

    Have a look at gpedit.msc (Local Group Policy)

    Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host

    In there you will find the settings you require to set the security settings (similar to RDP-TCP) though there is no GUI. Each setting has a description which describes what they do. Very simple and can be incorporated in to templates prior to deployment so all servers receive these settings.

    I believe the link "SPMSDN" added to GUI version is very useful however, there are no settings for timeouts etc... which you can do through Group Policies.


    Wednesday, May 28, 2014 8:11 AM
  • Just found this post after looking for much the same. I do not see where in the GPO you can specify users/groups to be allowed to logoff other sessions. I was using a powershell script to do this, which worked very nicely, until I allowed a group of my support folks access. They don't have the ability to run a simple get-rdusersession without being a local admin on each of my rd hosts. I was hoping to delegate to them the ability to logoff sessions, but if they can't even list the users, well, that seems rather hopeless. :(

    mpleaf

    Friday, May 30, 2014 9:54 PM
  • DCCADMIN, I am feeling your pain.  Hopefully MS will see a signification reduction in TS client license sales and rethink their strategy.
    Thursday, June 26, 2014 9:31 PM
  • great suggestions here and i agree that this is big fail on the part of microsoft.  i am able to manage ***some**** setting of my 2012 R2 RDS session host server ( ExmplSrvA )  remotely from a 2008 r2 server (ExmplSrvB )  via the tsconfig.msc...just connect to the remote 2012 r2 server .  From ExmplSrvB open tsconfig.msc right click the root of tree in the gui on the left had side and connect to remote desktop session host server. find /browse your remote server ExmplSrvA  or type in ExmplSrvA .  Course this means that you have to keep around a server 2008R2 or win 7 machine...  perhaps the tools installed on win 8.1 would also work ?    Still testing this. 
    • Proposed as answer by mpwar 17 hours 56 minutes ago
    • Edited by mpwar 17 hours 36 minutes ago
    • Unproposed as answer by mpwar 17 hours 36 minutes ago
    18 hours 2 minutes ago