Bilgi Bankası
Yerinde Bilgisayar > Yardım Masası > Bilgi Bankası



Deploying a RDSH Server in a Workgroup – RDS 2012 R2

23 Votes


This Post will show you how to deploy a Remote desktop session server (RDSH) in a workgroup (non Domain).

This deployment is Session based and will allow the use of desktop sessions. The down side to having a none domain joined Session host is that you will need to create users on the host and configure local Group policy’s to restrict user access.

I have deployed a single server (non domain Joined) with Server 2012 R2.


Configuring the FQDN

As this is a workgroup server (non Domain) you will need to configure the Fully Qualified Domain name.

This can be done under system Properites





We are going to deploy the RDS 2012 Session Host Role and the RDS licencing role




Deployment 6

Deployment 7

This image shows the roles and features that have been installed, as you can see the session host and remote desktop roles are shown as installed.

Adding the RDSH Certificate

Firstly you will need to import your certificate to the Local Computer , Personal Folder as shown in the screen shot.



Add certificate

Before configuring RDSH Servers you will see a warning stating that the certificate is untrusted.

This is because the configuration data for RDSH is stored in the WMI, Win32_TSGeneralSetting class in WMI in the rootcimv2TerminalServices namespace. You will need to change the certificate from default using the following commands.

Firstly, You will need to find the certificate thumbprint.

RDSH Certifcate

You can also use PowerShell to find the Thumbprint:

Get-Childitem Cert:\LocalMachine\My


Run one of the following cmds to apply the new certificate to the  Win32_TSGeneralSetting:

Command Prompt:

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="Thumbprint"

PowerShell Cmd:

$path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace rootcimv2terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="THUMBPRINT"}


You will need to configure the licencing to allow multiple users to connect via sessions.

Deployment 8

Adding Users

Add the users under Computer Management, Local Users and groups

Deployment 9

Deployment 10

Add the users to the remote desktop group.

Deployment 11

you can also do this in the server manager under local Computer

Deployment 12

As you are connecting to the RDSH host locally, use  local\username

Applying Security

Deployment 13

Deployment 15

As you can see from the screen shots, users cannot install roles and features or modify Group Policy’s with out Administrator permissions, I would recommend configuring local group policy’s to lock down remote users, as you would in a Domain. You can access the local group policy editor via MMC and add the snapin for the Group policy editor.



Administering sessions

In the Group Policy editor, I have set the idle limit on the sessions so that if users are inactive for over a hour their session will be terminated.

Deployment 14.

You can also manage your users from the task menu

Deployment 18

Deployment 19

by right clicking on the user, you get a number of options including disconnecting the user, Sign them off, sending messages, and Connect which allows you to connect to a user session. You will need to be the user in question to do this.

When users are finished with their sessions they simply sign out, or they can disconnect. There is no option to shut down the server for remote session users.

Deployment 17

Bu içerik sorununuzu çözmenizde yardımcı oldu mu? evet / hayır
İlgili Makaleler Karmaşık Şifre
İçerik Detayları
İçerik Numarası: 12
Kategori: Server & İşletim Sistemleri
Eklenme Tarihi: 2017-02-01 22:06:32
Gösterim Sayısı: 516
Verilen Puan (Oylar): İçerik Puanı 5.0/5.0 (2)

« Geri Dön

Powered by Help Desk Software HESK, brought to you by SysAid