Showing posts with label Windows Server 2008. Show all posts
Showing posts with label Windows Server 2008. Show all posts

Wednesday, September 2, 2009

Microsoft VDI supportability for Windows XP (XP here is either a member of an RD pool or acts as a PDD)

Hi,

I'm writing this post on Microsoft VDI - Microsoft VDI supportability for Windows XP.

There are news that its not clear from Microsoft whether Windows XP would work in a RP Pool & PDD scenario. But I spoke with Virtualization support person who confirmed me that it does.

And yes! It does!

There is a beautiful document to make Windows 7 work in RD Pool or PDD, which holds good for Vista as well. But for Windows XP, there is no documentation &
the steps don't seem to be pretty straight forward.

Following are the configuration settings that need to be done on the VM:

1. External network created is to be added to the network adapter of the VMs.
2. The name of the VM in the Hyper-V Manager tool matches the FQDN of the guest OS on that VM (this is mandated only for VMs being used in PDD scenarios)
3. Integration Components should be installed on the Virtual Machine (present by default on a Win7 client).
4. Remote Desktop must be enabled on that VM.
5. The RD Virtualization Host server hosting this VM should be added to the VM’s RDP-Tcp listener permissions group.
6. The registry entry ‘AllowRemoteRPC’ must be set to 1.
7. Firewall exception needs to be enabled for Remote Desktop and Remote Service Management
8. Users who need access to VM should members of the Remote Desktop Users group.

They work fine on Vista & Windows 7. As far as Windows XP is concerned, there is not much clarity.

Refer to Step no. 5 - The RD Virtualization Host server hosting this VM should be added to the VM’s RDP-Tcp listener permissions group.

Does this group "RDP-Tcp listener permissions group" exist as a security group? I can't find it that easily said.

The proccess includes to grant the RDVH-SRV computer account permissions to the RDP protocol on the client and then restart the Remote Desktop Services service on the client. The RDVH-SRV computer account needs the WINSTATION_QUERY, WINSTATION_LOGOFF, and WINSTATION_DISCONNECT permissions on client.

Here client is either a member of an RD pool or acts a PDD & RDVH-SRV is Remote Desktop Virtualization Host (RD Virtualization Host) server

To add RDP protocol permissions to a virtual machine:

1. Click Start, point to All Programs, and then click Accessories.
2. Right-click Command Prompt, and then click Run as administrator.
3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
4. At the command prompt, type the following commands:
> wmic /node:localhost RDPERMISSIONS where TerminalName="RDP-Tcp" CALL AddAccount "contoso\rdvh-srv$",1
> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 0,1
> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 2,1
> wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 9,1
> Net stop termservice
> Net start termservice

5. Log off the client computer. This is required in order for Morgan Skinner to log on to the personal virtual desktop successfully.

Now the whole purpose this discussion here is: How to grant RDP-Tcp listener permissions on an XP machine which either resides in an RP pool or acts as a PDD.

Solution:

This script works & resolves this: "How to grant RDP-Tcp listener permissions on an XP machine which either resides in an RP pool or acts as a PDD"

#####

function Grant RDPPermissions ([String]$RDVHost)
{
$tsAccounts = @(Get-WMIObject -Namespace "root\cimv2" -Query "SELECT * FROM Win32_TSAccount WHERE (TerminalName = 'RDP-TCP' OR TerminalName = 'Console') AND AccountName = '$($RDVHost.replace("\", "\\"))'")
if ($tsAccounts -eq $NULL -or $tsaccounts.count -eq 0)
{
Write-Host " $RDVHost is being added as a member of RDP-TCP permissions list"
$permissionSettings = @(Get-WmiObject -Namespace $nameSpace -Query "SELECT * FROM Win32_TSPermissionsSetting WHERE TerminalName = 'RDP-TCP'")
foreach($setting in $permissionSettings)
{
$setting.addaccount("$RDVHost", 1) | Out-Null
}
}
$tsAccounts = @(Get-WMIObject -Namespace $nameSpace -Query "SELECT * FROM Win32_TSAccount WHERE (TerminalName = 'RDP-TCP' OR TerminalName = 'Console') AND AccountName = '$($RDVHost.replace("\", "\\"))'")
foreach($account in $tsAccounts)
{
if (($account.PermissionsAllowed -band 517) -ne 517)
{
Write-Host " Granting permissions : $RDVHost"
$account.ModifyPermissions(0,1) | Out-Null
$account.ModifyPermissions(2,1) | Out-Null
$account.ModifyPermissions(9,1) | Out-Null
}
}
}
#####
----------------------------------------------------------------------------------------
Posted by at 1 comment:
Labels: , , ,

Wednesday, August 19, 2009

Exchange Server 2007 SP2 and VSS Backups support in Windows Server 2008

Exchange Server 2007 SP2 includes a VSS plug-in for Windows Server Backup to support Exchange backups. Once SP2 is installed, you can use Windows Server Backup to back up and restore your Exchange 2007 SP2 databases.

The new plug-in is delivered in the form of a single executable called WSBExchange.exe. This plug-in is automatically installed by SP2 on all Exchange 2007 Mailbox servers. The plug-in enables Windows Server Backup to be able to make Exchange-aware VSS backups as described below:

  • Backups are VSS-based only. You cannot perform streaming ESE backups using Windows Server Backup with or without the plug-in.
  • Backups taken with Windows Server Backup occur at volume level. To back up a storage group and database, you must back up the entire volume containing the storage group and database. You cannot back up any data without backing up the entire volume containing the data.
  • The backup must be run locally on the server being backed up, and you cannot use the plug-in to take remote VSS backups. There is no remote administration of Windows Server Backup or the plug-in. You can, however, use Remote Desktop or Terminal Services to remotely manage Windows Server Backup and your backup jobs.
  • The backup can be created on a local drive, or on a remote network share.
  • Only Full backups can be taken. Log truncation will occur only after a successful completion of a full backup of a volume containing an Exchange storage group and database.
  • The plug-in does not support the Exchange Replication VSS Writer; as a result, you cannot perform backups of passive copies of databases in a continuous replication environment.
  • When restoring data, it is possible to restore only Exchange data. This data can be restored to its original location, or to an alternate location. If you restore the data to its original location, Windows Server Backup and the plug-in will automatically handle the recovery process, including dismounting any existing databases and replaying logs into the recovered database.
  • The restore process does not directly support the Recovery Storage Group (RSG). However, if you restore the data to an alternate location, then you can manually move the restored data from the alternate location into an RSG, if needed.
  • When restoring Exchange data, all backed up storage groups must be restored together. You cannot restore a single storage group or database.
----------------------------------------------------------------------------------------

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)