none
Remote Desktop Services without Domain? RRS feed

  • Question

  • Hello early adopters ;-)

    Does someone have information if a domain is required for remote desktop services under WS2012?

    We have tried to install the services. With role based setup it works, but the management tools are missing. It says that you have to be logged in as a domain user to configure RDS.

    Then we have promoted the server as DC. Now the installation of the role is failing.

    - Is a domain really a requirement for RDS? This would be bad, as we have many customers with a single W2k8R2 server with RDS.

    - Isn't it possible to install RDS on a DC? (I know that it may not be supported, but shouldn't it work?)

    Thank you very much for your help!

    Tuesday, September 18, 2012 1:34 PM

Answers

  • Hi,

    Thanks for your post.

    - Is a domain really a requirement for RDS?

    Yes. In Windows 2012, RDS infrastructure requires all servers joined to a domain.

    - Isn't it possible to install RDS on a DC?

    It’s possible, but not recommended. Allow multiple users to establish sessions and run programs on a Domain Controller could create security risks and cause performance issues. In addition, if the RD Session Host role service is installed on a domain controller, the security settings of the domain controller will need to be adjusted to allow users to have remote access to the server. This remote access is controlled by the Allow logon through Remote Desktop Services user rights assignment, which can be configured by using the Group Policy Management Console (GPMC).

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    Thursday, September 20, 2012 2:28 AM
    Moderator

All replies

  • Hi,

    Thanks for your post.

    - Is a domain really a requirement for RDS?

    Yes. In Windows 2012, RDS infrastructure requires all servers joined to a domain.

    - Isn't it possible to install RDS on a DC?

    It’s possible, but not recommended. Allow multiple users to establish sessions and run programs on a Domain Controller could create security risks and cause performance issues. In addition, if the RD Session Host role service is installed on a domain controller, the security settings of the domain controller will need to be adjusted to allow users to have remote access to the server. This remote access is controlled by the Allow logon through Remote Desktop Services user rights assignment, which can be configured by using the Group Policy Management Console (GPMC).

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    Thursday, September 20, 2012 2:28 AM
    Moderator
  • Hi Aiden,

    Thank you very much for your answer!

    I have tried to install RDS on a Domain Controller, but got several problems: The installer failed. The Remote Desktop Management Service did not start. I had to change all RD Services to run unter the Administrator-Account. But then it gave me problems because the user does not have access to the Windows Internal Database required for Session Broker. It may be possible to change the permissions using SQL Server Management Console, but this would be kind of a "hack" and not ideal for production environments. Is there a step-by-step Tutorial how to install RDS on a DC?

    We are a hosting company. We provide our customers with a "cloud workspace". Every customer has to have a separate server because they have to install their own software. Most of them are small companies with about 5-10 users. With W2k8R2 we provided them with a single server without a domain. What does Microsoft recommend for this scenario with Windows Server 2012? It would be too expensive to install a separate DC for every customer. (If we get RDS to work on a DC this would help, but it's not a solution for all customers. Some of them have software which is not installable on a DC.)

    I would be very happy to know what Microsoft would recommend for this situation.

    Thanks again!

    Best regards,

    Manuel

    Thursday, September 20, 2012 6:08 AM
  • hi manuel,

    did you got it working?

    i'm facing the same problem, i want to set up a remote app server to demo our software and i'm now facing the fact that i have to make the rdp server a member of a domain, so in fact you need 2 servers to make this possible.

    isn't there a way to have the 2008 behaviour back?

    thx,

    marc

    Thursday, October 4, 2012 7:21 AM
  • I agree with the other posters that we should be able to run RDS without having a domain requirement. What exactly is the reasoning behind this new limitation? It seems ridiculous IMO.

    Friday, October 5, 2012 3:47 AM
  • I agree too. I only have one standalone server. I dont need a domain controller. But i need to be able to configure the remote desktop settings. I lost the ability to enable users or disable users to have more than one session per user. This configuration was in the old snap in that dont exist anymore. And this option is not present in the group policies as some of the basic rdp settings are. I dont know what to do...
    Sunday, October 7, 2012 4:47 AM
  • did you got it working?

    Unfortunately not. The only way I've got it working was with a seperate domain controller. No RDS without a domain and no RDS on a domain controller. Would be glad to have the 2008 behaviour back...
    Monday, October 8, 2012 6:57 AM
  • If you are asking about remote desktop, just for the single server (which is what I was looking for, and most others in the thread appeared to be looking for), this is a single service for a single device, and not the larger Domain based service....

    In older versions of windows server there was a greater distinction between "Remote Desktop" vs "Terminal Services" -->even though at the heart of it "Remote Desktop" was a BASIC version of "Terminal Services" used for a home user or Administrator to have access for a single session to access their pc..... "Remote Desktop Services" IS the new name for "Terminal Services"....

    Hope that helps.... here is a link to a site showing how to set up the service on a single server without a Domain:

    It does involve installing a bunch more services than just the old way that "Remote Desktop" was for the "single use" purpose --> BUT THINK POSITIVE NOW: the advantage here is that if you haven't added this service, it isn't there to be "hacked" --> "Minimizing the surface area vulnerable to attack" is a big concept in security circles -- goes right along with the other posters being concerned about not being able to "remote in" to a domain controler. 

    http://www.wackytechtips.com/installing-and-configuring-remote-desktop-services-rds-on-windows-server-2012/

    Monday, February 18, 2013 8:46 PM
  • In case anyone finds this via Google like I did.

    Microsoft now supports installing RDS without a domain.
    http://support.microsoft.com/kb/2833839/en-us

    • Proposed as answer by JasonDWilson77 Wednesday, January 11, 2017 2:32 PM
    Saturday, July 13, 2013 3:37 PM
  • Thank you. I seldom login on to reply a message before. I don't know if can help, but Thank You.
    Wednesday, July 8, 2015 2:14 AM
  • Great !! Thanks a lot
    Saturday, June 10, 2017 8:34 PM
  • why don't you people understand that it is just a big messy marketing sh*t and go to a serious operating system?

    Why do you keep struggling with stuff that is not even supposed to work

    Here https://debian.org

    Friday, July 21, 2017 3:23 PM
  • I agree that we should use free software.

    --------------

    Spam over for today.

    Friday, July 21, 2017 3:23 PM