I'm going to use windows server 2012 to install all our accounting softwares required for our company and make a separate and customized desktop for each user in windows server 2012, but from my first attempt all users connected via remote will get a same desktop as administrator and all the server administration tools are also there eventhough not available for them. i would like to know is it possible to make the users profile just like a normal windows 8 and not so much like a server?
How to customize desktops for remote users in windows server 2012
remote desktopwindows-server-2012
Related Solutions
It turns out that much of the configuration data for RDSH is stored in the Win32_TSGeneralSetting
class in WMI in the root\cimv2\TerminalServices
namespace. The configured certificate for a given connection is referenced by the Thumbprint value of that certificate on a property called SSLCertificateSHA1Hash
.
UPDATE: Here's a generalized Powershell solution that grabs and sets the thumbprint of the first SSL cert in the computer's personal store. If your system has multiple certs, you should add a -Filter
option to the gci
command to make sure you reference the correct cert. I've left my original answer intact below this for reference.
# get a reference to the config instance
$tsgs = gwmi -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'"
# grab the thumbprint of the first SSL cert in the computer store
$thumb = (gci -path cert:/LocalMachine/My | select -first 1).Thumbprint
# set the new thumbprint value
swmi -path $tsgs.__path -argument @{SSLCertificateSHA1Hash="$thumb"}
In order to get the thumbprint value
- Open the properties dialog for your certificate and select the Details tab
- Scroll down to the Thumbprint field and copy the space delimited hex string into something like Notepad
- Remove all the spaces from the string. You'll also want to watch out for and remove a non-ascii character that sometimes gets copied just before the first character in the string. It's not visible in Notepad.
- This is the value you need to set in WMI. It should look something like this: 1ea1fd5b25b8c327be2c4e4852263efdb4d16af4.
Now that you have the thumbprint value, here's a one-liner you can use to set the value using wmic:
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"
Or if PowerShell is your thing, you can use this instead:
$path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="THUMBPRINT"}
Note: the certificate must be in the 'Personal' Certificate Store for the Computer account.
Remote Desktop Services actually have a pretty rich WMI object library you can take advantage of to query and manipulate the configuration. As of Vista/2008, it's located in the root\cimv2\TerminalServices namespace. Here's a good place to start on browsing what's available: Remote Desktop Services Configuration classes
In regards to your specific question, I'd just like to clarify that RDP can only be bound to a network adapter, not a specific IP. I know you said "network interface". I just wanted to clarify for others who might stumble onto this question. It's a somewhat common request on machines that only have one adapter and multiple IPs. If that's what you're looking for, there are other ServerFault questions with answers more detailed. But if I recall correctly, your best bet is to just limit the connections using the built-in firewall.
The specific class that has what you need is called Win32_TSNetworkAdapterSetting. There are 3 methods associated with the class that you can use:
In my experience, SetNetworkAdapterLanaID is more reliable than SelectNetworkAdapterIP because of the "All network adapters" option. It seems like if it's currently configured to "All network adapters" it won't change to the specific adapter with the IP you specify, it will just keep it on "All network adapters" which is technically still correct.
So you're left with using SetNetworkAdapterLanaID and which requires an integer ID value as an argument to the method. So here's how you find the ID to use. First get a reference to the instance of the class. My example here will use the default terminal name called "RDP-Tcp", but it's possible (though unlikely) your systems have additional or different terminal names.
You can check the current status of what network adapter is configured with the following PowerShell:
gwmi Win32_TSNetworkAdapterSetting -filter "TerminalName='RDP-Tcp'" -namespace "root/cimv2/TerminalServices" | Select NetworkAdapterLanaID,NetworkAdapterName
In order to call a method, it's nice to have the instance of the class assigned to a variable, so let's do that:
$ts = gwmi Win32_TSNetworkAdapterSetting -filter "TerminalName='RDP-Tcp'" -namespace "root/cimv2/TerminalServices"
A handy feature of this class is that a couple of the properties it returns are lists of the possible network adapters you can use.
$ts | select -expand DeviceIDList
$ts | select -expand NetworkAdapterList
This should return two lists. The first is a 0-based list of IDs and the second is the friendly name of the adapters associated with the first list. So on my test machine, it returned:
0
1
and
All network adapters configured with this protocol
Intel(R) PRO/1000 MT Network Connection
If you want to correlate the IDs in the DeviceID
property to their names in the NetworkAdapterList
, you can do so like this:
$adapters = $ts | select -expand NetworkAdapterList
$device_ids = $ts | select -expand DeviceIDList
$adapter_list = @()
foreach ($device_id in $device_ids) {
$adapter_list += @{$device_id = $adapters[$device_id]}
}
$adapter_list # Mapping of device IDs to adapter names
By default, it's set to use ID 0 which is "All network adapters configured with this protocol". So if we wanted to change it to use the Intel NIC explicitly, we just have to call the method using our existing object and the associated ID.
$ts.SetNetworkAdapterLanaID(1)
You can then verify the change by re-querying the object:
gwmi Win32_TSNetworkAdapterSetting -filter "TerminalName='RDP-Tcp'" -namespace "root/cimv2/TerminalServices" | Select NetworkAdapterLanaID,NetworkAdapterName
Related Topic
- Auto-Start Virtual Machines from Hyper-V Manager (Windows Server 2012)
- Windows Server 2012 – How to Enable 2 Concurrent (+1 Console) Sessions
- Server 2012 Remote Desktop User Profile Disks and User Profiles on Server 2008
- Windows Server 2012 Essentials – Trying to setup “Anywhere Access” but the “Computer Access” list for users is blank
- Multiple users in a single session of Remote Desktop
Best Answer
If you log on to a server, you will get a server desktop.
Basically you shouldn't be RDPing to a server, ever, except for administrative purposes.
What you should do is set up Remote Desktop Services and either set up RemoteApp and publish your apps to your users so that they can access them remotely, or build a Virtual Desktop Infrastructure so that your users can RDP to VMs with client operating systems on them, with a personalized load of the apps that only they use on them, etc.