PROFESSOR: Hello, everyone. We're on a Windows
2016 Server, where we will install Remote Desktop
Services, formerly known as a terminal server. We are on a Windows
2016 domain controller. But you can be on a regular domain
member server or domain controller. Doesn't really matter. Let's go ahead and click on Add
Roles and Features in our Server Manager and click Next. Now we have the option to install
role based or remote desktop services. If we do Roll Based
for RDS, then we'll have to just basically
install it piecemeal. If we install this option, then it
puts all of the different options that we need in at one time,
which I like a little better. We'll go ahead and click Next. Now, we have the option for
Standard Deployment, Quick Start, or Multipoint. So we're going to choose
the standard deployment. And the quick start does
do some shortcuts for you. But then you don't
really learn anything. And then the multipoint
services is usually for a different type of server,
such as one that a school might use. Let's go ahead and click Next so
we can start our installation. Now we have the option
for virtual desktops, which is this first option here-- Virtual Machine Based Desktop
Deployment-- or session based. So the difference is, virtual
desktop, or Virtual Machine Based Desktop Deployment, allows us to
create a different virtual machine for every user that logs in. And we've had to
install hyper-v as well. So we're not going to
show that in this video. We're going to do the session
based, and that's where everyone shares the same server. But they get their own
customized desktop. Not as secure as virtual desktops,
but definitely the less expensive and faster to deploy. Let's go ahead and click Next. Here are the three
remote desktop services that we're going to install today,
that will happen automatically. And these are the
three minimum ones. We can install additional
ones if we want. We can ignore all of them except
for the session host if we want. But these are the ones that it
wants to try to install at minimum. But we'll go ahead and
click Next, and I'll show you how each one works. So we see the Remote Desktop
Connection Broker Service, and we'll go ahead and click
that we want to add that service. And then we'll click Next. And then it's going to give us the
option for the Internet Information Services, or the Remote
Desktop Web Server. Let's go ahead and choose to install
that as well, and we'll click Next. And same thing with the Remote
Desktop Session Host Server. This is the only one
we really need, even though it shows us the three there. And that's because the
session host server basically keeps track of all
the sessions and manages them. Let's go ahead and click Next. And now, we'll go
ahead and choose Yes. You can restart the
servers if you need to. And click Deploy. Now, this could take
anywhere from a few minutes, depending on the speed of your
server, the although up to an hour. So just go ahead and watch. As long as the bars arm moving
forward, then you should be fine. It is doing the
installation process. And our server is now restarting. So it was successful. We'll wait for it to restart. And then we'll log in
and take it from there. And we've logged
back into our server, and it shows that all of our
different roles were successful. Go ahead and click Close. Now, I have remoted it into the
Server, using Remote Desktop. And one other thing that we
need to make sure that we do is go into the Control Panel in
order to allow this to happen. And go to System, and
then Remote Settings. And then make sure,
under the Remote tab, you have Allow Remote
Connection to this Computer. Now, if you're connecting
to a computer that's a member of the domain, you can
check Allow Connections Only from Computers Running This
MLA Type of Authentication. But if you're connecting from
a non-domain computer, which is what I'm doing, then you can make
sure that you have that unchecked. Otherwise, you won't
be able to log in. All right. Once you have that set correctly,
you can also click on Select Users. Now, I'm only logging
in as the administrator. But if you want to
log in as other users, you can go ahead and
search for those names now. That gives the right to log in
using Remote Desktop to a server. And you'll have to be a member of
the Remote Desktop Users group. So we'll go to Tools, Active
Directory Users and Computers. And from here, we
can go to and search for-- we'll just type in remote. And there it is, Remote
Desktop Users group. And you can just go
and click Members. And you can add anyone that
you want to that group, and they'll automatically
have the right to get in. All right, so once
that's done, now we're going to go to this new section
here that wasn't there before. It says Remote Desktop Services. So we'll go ahead and click on that. Anything that has a plus in it means
that it has not been configured. If it's grayed out, it means
it's configured and ready to use. So if we go to the Tasks menu, we
can edit our deployment properties. We've already deployed everything. But now we want to edit it. So we've got here a Remote
Desktop Gateway and Remote Desktop licensing. Let's go ahead and start by
clicking on the licensing. And we'll add our server that
we're working with right here as a licensing server. Now by default, we're
going to have about, I believe 120 days automatically
added for unlimited use-- so as many people as we want
to have connected to it. After that, we'll
need to add licenses into our licensing service. So once this is
installed, then it's going to look to this
particular server to get any remote desktop licenses,
Client Access Licenses, or CALs we call them. And we'll go ahead and click Close. And now, you see,
this is grayed out, because it has been configured. Now we have RD Gateway. So this is a little bit of a
controversial type of role to add. So if you're going to
be internet facing, then I recommend you
use the RD Gateway. And you'll have to use a
public certificate in order to keep people from
getting certificate errors, unless you deploy the certificate
using group policy, which usually isn't an easy thing
to do for computers that are already in the field. So you can't get Group Policy
applied unless you VPN in first. And if you don't have VPN turned
on, and the computers never get into the office, then you
can never get that installed. So I would definitely recommend RD
Gateway with a public certificate if you're going to be
allowing outside users in. It does-- the controversy
comes in where it adds a lot of additional security. And sometimes, it breaks things. So you can deploy this out on the
internet without the RD Gateway role if you would like, and
still use a public certificate. But I definitely recommend
you add the gateway, because it does add
additional security. But we'll just go ahead
and leave that off, because we're only going to be
accessing this from the insider, or from the LAN. So there's no need
to have that gateway additional security added in. However, I do want to go ahead and
edit the deployment properties. So let's go ahead and choose this. And you see each one of the
different roles as we go through. Now, we're not using the gateway. So once again, Do Not Use an
RD Gateway is at the bottom, because we did not
click that green plus. So let's go ahead and
choose the RD licensing. Now we're going to choose the per
user licensing, as the most common. And the server we're going to
pick is our Win 2016 Server. Now you can see, it's
already in there. So we don't have to do that. So we can just go ahead
and apply that we're going to be doing a per user license. All right. Now, let's go ahead and
go to RD web access. And you can see, there is the RD
web access server already installed, because we chose that
during the installation. And now, we have certificates. Now, there's-- you see, there's
no certificates configured there. In order to get this to work
properly, we need our certificates. So I've gone ahead and
created some commands that we can use to add certificates. So they're right in the
root of our C drive. So now, what we want to do is
pull up a PowerShell command. And we're going to
copy and paste that in. So we'll right click here,
choose Command Prompt, and we'll type PowerShell, so it
turns into a PowerShell prompt. And now, we're going to copy
and paste in this first command to start with. And now it's in there. We'll go ahead and hit Enter. And it's creating a self signed
certificate, which is great. Now we need to put the next command
that you see in here as well, so we can add a password to it. So by adding a
password, it allows us to export the certificate in the
future, using the key export. So without a password,
that doesn't work. You can see that the
password is just password. Obviously, you're not
going to want to do that. You're going to want to have
something stronger than that. OK, so that certificate
is all set up. Now we want to go into NMC,
Microsoft Management Console, just to confirm that
there's certificates there. You can see it by going
to Add Remove Snap-In. And from here, we'll go
in and choose Certificate. There we go. Click Add. We want to choose
the computer account. Click Next, Local
Computer, and click Finish. Now we'll click OK. And we should see our
RDP certificate here. And there it is, RDP certificate. Fantastic. Now we're going to go ahead
and right click and export our certificate. So we'll choose All Tasks, Export. That's why I needed
that password in there. And we'll choose Yes,
Export the Private Key. And we'll just go ahead
and choose a password. And we'll put in the same password
that we used when we created it. And we'll click Next. File name-- we'll put it right on
the desktop and call it RDPcert. Save, Next, and Finish. And the export was successful. So now it's sitting on our Desktop. So if you're unsure of that,
we'll click on Desktop. And there's our RDPcert,
successfully exported with the keys. Minimize that. Now we can go ahead and select
that certificate by choosing Select Existing Certificate. We'll browse to our desktop,
choose our certificate, and put in our password, just to
make sure that it's all secure. Allow Certificate to be Added
to the Trusted Root Authorities? Yep. Go ahead and click OK. And you see, it's ready to apply. Go ahead and hit Apply. Don't click OK. Click Apply. And now it's going to apply. We're going to do the
same thing to everything else that says Level here. Is this successful. Fantastic. Let's do the same thing again. And we'll choose our
certificate, put in our password, check the box once again, and Apply. And let's just go ahead and
do that each one of these, until it's all done. All three of our roll services
have had the certificate added. And you can see the RD
gateway set to unknown. And that's because
we're not using it. So it's grayed out. And that's perfectly fine. All right. We've finished editing
our deployments. We'll go ahead and click OK. So now we want to go in
and go to Tools, and then DNS, the DNS Manager. Now if DNS isn't on the server,
make sure you go to the server where it is. And we need to add a
host record for this rdp. So we added a
certificate called RDP. So now we need to add a host
record that points to it. So the name is going to be RDP. And so it automatically
appends to rdp.widget.internal. And we'll put in the 192.168.15.251,
which is the address of our server. We don't really need a PTR record,
but you can add it if you want. And now it's been created,
and it's all done. So now from our clients, we should
only have to put in RDP at the top, and it should be able to find
the server right from there. Widget.internal, which is the name
of our active directory domain-- click Enter. Now it's going to say hey,
the connection is not secure. That's OK. It's only because we're using
a self signed certificate. And we'll go ahead and click
to confirm the exception. There we go. And so now we're in the server. But we haven't gotten into
our remote desktop yet. So let's go ahead and do
a forward slash RDweb. There we go. And now we should be taken-- there it is-- right into our
remote desktop web version. So we'll go ahead and
put in widget once again, backslash administrator. And we'll put in our password. There we go. And we're signed in. All right. So we haven't added
any applications yet, but we know the web portion works. And we know the
remote desktop portion works, because I've actually
logged into it as administrator. So let's go back into our server. And then let's set
up the application, so that when we log
back into here, we can go ahead and launch some apps. We're back in our server. Let's go ahead and go
back to Server Manager, and then once again to our
Remote Desktop Services. And now we're going to
click on Collections. Clicking on Collections
allows us to add applications into our remote desktop web. Let's go to the top right, where
it says Tasks, under Collections, and choose to Create
a Session Collection. Click there. Click Next. And we'll just call it test for now. Click next. Add our server. Next. And we'll just go ahead and allow
the domain users to have access. Click Next. And we can enable the profile disks
if we want to have the profile settings in a centralized location. Don't really need that for this. We'll just go ahead and click Next. And we'll click Create. And we were successful. Go ahead and hit Close. And there is our collection. Click on test. And now we can add
some applications. So we can publish
remote app programs. That's good and that. And it's going to the
list of all the programs we can add for our web desktop. And take a look at all that. There's a lot of different things. Let's go ahead and
add the calculator. And we'll go ahead and choose
Remote Desktop Connection as well. So we can click Next and Publish. And we're all set. Click Close. And now we have our two applications
listed under a remote app programs. Let's go back to our web version. Log back in, and we should see
those new apps ready to be used. I've refreshed our log in. And we can see our calculator and
our remote desktop connection. That's perfect. Let's go ahead and
launch the calculator. Make sure it works OK. And it's prompting us to open with
remote desktop connection default. If we check this box, we won't
get prompted again the next time around. Go ahead and click OK. Now once again, we'll check that
box so we don't get prompted again. Click Connect. And now we're being
prompted to log in. That's OK. We'll go ahead and check
the box to remember us. So a lot of extra prompting
the first time we log in. But it shouldn't happen
as much on the next time. And now we're waiting for
the calculator to launch. And there we have it. Our calculator has launched. And if we want, we can
go ahead and use it. Go ahead and click Connect. And now we're connecting, using
our remote desktop connection. There we are. So we can see that
both the calculator works and the remote
desktop connection works. And you can certainly go ahead and
add in some additional remote app programs in our test collection. And when we're all done, we can
go ahead and click Sign Out. So that is how we set up the remote
desktop server and the web server, adding applications, all
in Windows Server 2016. Now this also works in Windows
Server 2012, as well as the new Windows Server 2019.
