Monthly Archives: May 2011

LAB: Server 2008 R2 Remote Desktop–SSO between RDWA & RDSH

by

0

 

 

The quest for Remote Desktop Services Web Access Single Signon

Introducing Web Single Sign-On for RemoteApp and DesktopConnections (Terminal MSDN)

Enable RDC Client Single Sign-On for Remote Desktop Services (only for RDC)

 

Single sign-on between RD Session Host and RD Web Access

Single sign-on allows customers the ability to enter their user name and password only once when connecting to a RemoteApp program by using RD Web Access.

Why is this change important?

Prior to Windows Server 2008 R2, when a user connected to a RemoteApp program by using RD Web Access, the user was prompted for credentials twice. One set of credentials was used to authenticate the user to the RD Web Access server and the other set was used to authenticate the user to the RD Session Host server hosting the RemoteApp program. Asking for the same user credentials twice led to a bad user experience. In Windows Server 2008 R2, you are only prompted once.

ImportantImportant

Single sign-on requires that your RDP files are digitally signed by a trusted publisher. The certificate used to sign the RemoteApp programs must be present in the Trusted Root Certification Authorities store on the client computer.

Are there any dependencies?

To take advantage of the new single sign-on features, the client must be running Remote Desktop Connection (RDC) 7.0.

Ticket: RDP An Error occurred in the Licensing Protocol

by

0

 

Vista Home or other version can’t connect BQT-TS01 (TS 2000),
But can connect to BQT-TS03 (server 2008 R2 Remote Desktop)

"遠端電腦中斷的工作階段的連線,
因為授權通訊協定發生錯誤,
請試著在連線到遠端電腦一次"

http://support.microsoft.com/kb/187614/en-us

Backup then delete below key
Thirty-two bit RDP clients store their license under the key
HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing.

After delete whole MSLicensing , can connect BQT-TS01, but BQT-TS03 can’t.

After reboot, TS 2000 worked.

Remote Desktop Service on Server 2008 R2 – Part4

by

0

RD Gateway

Technology review

RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to help establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.

To function correctly, RD Gateway requires several role services and features to be installed and running. When you use Server Manager to install the RD Gateway role service, the following additional roles, role services, and features are automatically installed and started, if they are not already installed:

  • Remote procedure call (RPC) over HTTP Proxy
  • Web Server (IIS) [Internet Information Services]
    IIS must be installed and running for the RPC over HTTP Proxy feature to function.
  • Network Policy and Access Services

 

Step 2: Installing RD Gateway

Updated: June 24, 2009

Applies To: Windows 7, Windows Server 2008 R2

To install and configure an RD Gateway server, you must add the RD Gateway role service. Windows Server 2008 R2 includes the option to install the RD Gateway role service by using Server Manager. This topic covers the installation and configuration of the RD Gateway role service on the RDG-SRV computer in the CONTOSO domain.

Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

To install the RD Gateway role service

  1. Log on to RDG-SRV as CONTOSO\Administrator.

  2. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  3. Under the Roles Summary heading, click Add Roles.

  4. In the Add Roles Wizard, if the Before You Begin page appears, click Next.

  5. On the Select Server Roles page, under roles, select the Remote Desktop Services check box, and then click Next.
    image

  6. On the Remote Desktop Services page, click Next.

  7. On the Select Role Services page, select the Remote Desktop Gateway check box.

  8. If prompted to specify whether you want to install the additional role services required for Remote Desktop Gateway, click Add Required Role Services.

  9. On the Select Role Services page, click Next.
    image

  10. On the Choose a Server Authentication Certificate for SSL Encryption page, select Create a self-signed certificate for SSL encryption, and then click Next.
    image

  11. On the Create Authorization Policies for RD Gateway page, select Now, and then click Next.
    image

    1. On the Select User Groups That Can Connect Through RD Gateway page, click Add. In the Select Groups dialog box, specify Domain Users, and then click OK to close the Select Groups dialog box. Click Next.
      image
    2. On the Create an RD CAP for RD Gateway page, enter the name RD_CAP_01 for the Remote Desktop connection authorization policy (RD CAP), select Password, and then click Next.
      image
    3. On the Create an RD RAP for RD Gateway page, enter the name RD_RAP_01 for the Remote Desktop resource authorization policy (RD RAP), and then select Allow users to connect to any computer on the network. Click Next.
      image

  12. On the Network Policy and Access Services page (which appears if this role service is not already installed), review the summary information, and then click Next.
    image

  13. On the Select Role Services page, verify that Network Policy Server is selected, and then click Next.
    image

  14. On the Web Server (IIS) page (which appears if this role service is not already installed), review the summary information, and then click Next.
    image

  15. On the Select Role Services page, accept the default selections for Web Server (IIS), and then click Next.
    image

  16. On the Confirm Installation Selections page, verify that the following role services will be installed:

    • Remote Desktop Services\RD Gateway
    • Network Policy and Access Services\Network Policy Server
    • Web Server (IIS)
    • RPC over HTTP Proxy

  17. Click Install.
    image

  18. On the Installation Progress page, installation progress will be noted.

  19. On the Installation Results page, confirm that installation for these roles, role services, and features was successful, and then clickClose.

To export the SSL certificate for the RD Gateway server and copy it to the CONTOSO-CLNT computer

  1. On the RD Gateway server, open the Certificates snap-in console. If you have not already added the Certificates snap-in console, you can do so by doing the following:

    1. Click Start, click Run, type mmc and then click OK.
    2. On the File menu, click Add/Remove Snap-in.
    3. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.
    4. In the Certificates snap-in dialog box, click Computer account, and then click Next.
    5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
    6. In the Add or Remove snap-ins dialog box, click OK.

  2. In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), expand Personal, and then clickCertificates.

  3. Right-click the certificate RDG-SRV.contoso.com, point to All Tasks, and then click Export.

  4. On the Welcome to the Certificate Export Wizard page, click Next.

  5. On the Export Private Key page, click No, do not export private key, and then click Next.

  6. On the Export File Format page, ensure that DER encoded binary X.509 (.CER) is selected, and then click Next.

  7. On the File to Export page, in the File name box, click Browse.

  8. In the Save As dialog box, in the File name box, enter RDG-SRV, and then click Save.

  9. On the File to Export page, click Next.

  10. On the Completing the Certificate Export Wizard page, confirm that the correct certificate is specified, that Export Keys is set toNo, and that Include all certificates in the certification path is set to No, and then click Finish.

  11. After the certificate export has successfully completed, a message appears confirming that the export was successful. Click OK.

  12. Close the Certificates snap-in.

  13. Copy the RD Gateway server certificate c:\users\administrator.CONTOSO\Documents\RDG-SRV.cer, to the CONTOSO-CLNT computer.

To verify the functionality of the RD Gateway deployment, complete the following:

  • Install the SSL certificate for the RD Gateway server on the CONTOSO-CLNT computer.
  • Enable certificate revocation checking on the CONTOSO-CLNT computer. (Optional)
  • Log on to CONTOSO-CLNT as Morgan Skinner and use Remote Desktop Connection (RDC) to connect to the RD Session Host server (RDSH-SRV) by using the RD Gateway server (RDG-SRV).
To install the SSL certificate for the RD Gateway server on the CONTOSO-CLNT computer

  1. Log on to CONTOSO-CLNT as CONTOSO\Administrator.

  2. Open the Certificates snap-in console by doing the following:

    1. Click Start, click Run, type mmc and then click OK.
    2. On the File menu, click Add/Remove Snap-in.
    3. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.
    4. In the Certificates snap-in dialog box, click Computer account, and then click Next.
    5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
    6. In the Add or Remove snap-ins dialog box, click OK.

  3. In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), and then click Trusted Root Certification Authorities.

  4. Right-click the Trusted Root Certification Authorities folder, point to All Tasks, and then click Import.

  5. On the Welcome to the Certificate Import Wizard page, click Next.

  6. On the File to Import page, in the File name box, click Browse, and then browse to the location where you copied the SSL certificate for the RD Gateway server. From the file type drop-down list, select All Files (*.*). Select the certificate RDG-SRV.cer, click Open, and then click Next.

  7. On the Certificate Store page, accept the default option (Place all certificates in the following store – Trusted Root Certification Authorities), and then click Next.

  8. On the Completing the Certificate Import Wizard page, confirm that the correct certificate has been selected and that the following certificate settings appear:

    • Certificate Store Selected by User: Trusted Root Certification Authorities
    • Content: Certificate
    • File Name: FilePath\RDG-SRV.cer

  9. Click Finish.

  10. After the certificate import has successfully completed, a message appears confirming that the import was successful. Click OK.

  11. With Certificates selected in the console tree, in the details pane, verify that the correct certificate appears in the list of certificates on the CONTOSO-CLNT computer.

  12. Log off from the CONTOSO-CLNT computer.

To enable certificate revocation checking on the CONTOSO-CLNT computer (Optional)

  1. Log on to CONTOSO-CLNT as CONTOSO\Administrator.

  2. Click Start, point to All Programs, and then click Accessories.

  3. Right-click Command Prompt, and then click Run as administrator.

  4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  5. At the command prompt, type reg add "HKCU\Software\Microsoft\Terminal Server Gateway\Transports\Rpc" /v CheckForRevocation /t REG_DWORD /d 1 .

    WarningWarning

    The publishing and maintenance of the certificate revocation list is an integral part of the public key infrastructure (PKI) and is external to RD Gateway. Please do not enable certificate revocation checking on RD Gateway clients until you have confirmed that your deployment can support this; otherwise, even the basic connection to an end resource through the RD Gateway server will not work. This is the reason why certificate revocation checking is disabled by default on the RD Gateway client, and the recommendation is to turn it on as a security best practice only after ensuring that the certificate revocation list is accessible from the Internet.

  6. Log off the computer.

To connect to RDSH-SRV with RDC by using RDG-SRV

  1. Log on to CONTOSO-CLNT as Morgan Skinner.

  2. Click Start, point to All Programs, point to Accessories, and then click Remote Desktop Connection.

  3. In the Remote Desktop Connection dialog box, click Options.

  4. On the Advanced tab, click Settings.

  5. On the RD Gateway Server Settings page, click Use these RD Gateway server settings, enter the following settings, and then click OK.

    • Server name: RDG-SRV.contoso.com
    • Logon method: Allow me to select later
    • Bypass RD Gateway server for local addresses: Clear check box
      image

  6. On the General tab, in the Computer box, type rdsh-srv, and then click Connect.

  7. In the Windows Security dialog box, type the password for contoso\mskinner, and then click OK.

  8. If the connection is successful, a Windows desktop will appear on the screen for RDSH-SRV.

You have successfully deployed and demonstrated the functionality of RD Gateway on Remote Desktop Services by using the simple scenario of connecting to an RD Session Host server by using RD Gateway with an authorized remote user account by using Remote Desktop Connection. You can also use this deployment to explore some of the additional capabilities of Remote Desktop Services through additional configuration and testing.

 

image

Remote Desktop Service on Server 2008 R2 – Part3

by

0

 

RD Web Access

eploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide

Updated: October 12, 2010

Applies To: Windows 7, Windows Server 2008 R2

About this guide

RemoteApp and Desktop Connection allows administrators to provide a set of resources, such as RemoteApp programs and virtual desktops, to their users. Users can connect to RemoteApp and Desktop Connection in two ways:

  • From a computer running Windows® 7. When set up, resources that are part of RemoteApp and Desktop Connection appear in the Start menu under All Programs in a folder called RemoteApp and Desktop Connections.
  • From a Web browser by signing in to the website that is provided by RD Web Access. In this case, a computer that is running Windows 7 is not required.

This step-by-step guide walks you through the process of setting up a working RemoteApp source that is accessible by using Remote Desktop Web Access (RD Web Access). During this process, you will deploy the following components in a test environment:

  • A Remote Desktop Connection Broker (RD Connection Broker) server
  • A Remote Desktop Web Access (RD Web Access) server

This guide also explains how to configure Single Sign On so that users are only prompted once for credentials. When you deploy Single Sign On, consider the following certificate requirements:

  • The certificate must be trusted explicitly or from a trusted root certificate.
  • The certificate name or the Subject Alternative Name must match the fully-qualified domain name of the server.
  • The certificate must support Server Authentication or Remote Desktop Authentication Extended Key Usage.
  • Indirect certificate revocation lists are not supported.
  • Certificate revocation checks are performed by default.
  • When you use CredSSP, you can turn off certificate revocation checks by configuring the following registry entry to a value of 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors
  • When you use Transport Layer Security (TLS), you can turn off certificate revocation checks by configuring the following registry entries to a value of 0: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\ CertChainRevocationCheck and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Terminal Server Client\ CertChainRevocationCheck

==============================================================
==============================================================

 

Configure the RD Session Host server (RDSH-SRV)

To configure the server RDSH-SRV, you must:

  • Configure a certificate used to digitally sign the RDP file.
  • Add the thumbprint of the certificate used to digitally sign the RDP file to the Default Domain Group Policy setting by using the Group Policy Management Console (GPMC).

First, configure a certificate used to digitally sign the RDP file by using RemoteApp Manager. This procedure assumes that you have already imported a certificate into the Personal certificate store of the computer account.

To configure a certificate used to digitally sign the RDP file

  1. Log on to RDSH-SRV as CONTOSO\Administrator.

  2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then click RemoteApp Manager.

  3. Under the Overview section, click Change next to Digital Signature Settings.
    image

  4. Select the Sign with a digital certificate check box.

  5. Click Change.

  6. On the Confirm Certificate page, select the appropriate certificate, and then click OK.
    image

  7. Click OK to close the RemoteApp Deployment Settings dialog box.

Finally, you must add the thumbprint of the certificate used to digitally sign the RDP file to the Default Domain Group Policy setting. This is required so that the trusted publisher warning dialog box is not shown to the user each time the RemoteApp program is started.

To add the certificate thumbprint to the Default Domain Group Policy setting

  1. Log on to CONTOSO-DC as CONTOSO\Administrator.

  2. Open the GPMC. To open the GPMC, click Start, point to Administrative Tools, and then click Group Policy Management.

  3. Expand Forest: contoso.com, expand Domains, and then expand contoso.com.

  4. Right-click Default Domain Policy, and then click Edit.

  5. Navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.
    image

  6. Double-click Specify SHA1 thumbprints of certificates representing trusted .rdp publishers.
    image

  7. Select the Enabled option.

  8. In the Comma-separated list of SHA1 trusted certificate thumbprints box, type the certificate thumbprint used to digitally sign the RDP file, and then click OK.

Configure the client computer (CONTOSO-CLNT)

To configure the client computer CONTOSO-CLNT, you must:

  • Import the digital certificate used by RDSH-SRV to the Trusted Root Certification Authorities certificate store of the computer account.

Import the digital certificate used by RDSH-SRV to the Trusted Root Certification Authorities certificate store of the computer account on CONTOSO-CLNT.

To import a digital certificate to the Trusted Root Certification Authorities certificate store

  1. Log on to CONTOSO-CLNT as CONTOSO\Administrator.

  2. Click Start, and then click Run.

  3. Type mmc and then click OK.

  4. Click File, and then click Add/Remove Snap-in.

  5. In the Available snap-ins box, click Certificates, and then click Add.

  6. Select the Computer account option, click Next, and then click Finish.

  7. Click OK.

  8. Expand Certificates (Local Computer).

  9. Right-click Trusted Root Certification Authorities, point to All Tasks, and then click Import.

  10. On the Welcome to the Certificate Import Wizard page, click Next.

  11. Click Browse.

  12. Click Personal Information Exchange (*.pfx, *.p12) to filter the file results to show only PFX and P12 files.

    ImportantImportant

    You must import a PFX certificate file that includes the private key.

  13. Navigate to the folder where the certificate is located, click the certificate, and the click Open.

  14. Click Next.

  15. In the Password box, type the password for the PFX file, and then click Next.

  16. Click Next, and then click Finish.

 

Configure the RD Web Access server (RDWA-SRV)

To configure the RD Web Access server by using Windows Server 2008 R2, you must:

  • Install Windows Server 2008 R2.
  • Configure TCP/IP properties.
  • Join RDWA-SRV to the contoso.com domain.
  • Install the RD Web Access role service.
  • Add the thumbprint of the certificate used for the RD Web Access server to the Default Domain Group Policy setting by using the GPMC.

Next, install the RD Web Access role service by using Server Manager.

To install the RD Web Access role service

  1. Log on to RDWA-SRV as CONTOSO\Administrator.

  2. Click Start, point to Administrative Tools, and then click Server Manager.

  3. Under the Roles Summary heading, click Add Roles.

  4. On the Before You Begin page, click Next.

  5. On the Select Server Roles page, select the Remote Desktop Services check box, and then click Next.
    image

  6. On the Remote Desktop Services page, click Next.

  7. On the Select Role Services page, select the Remote Desktop Web Access check box.

  8. Review the information about adding Web Server (IIS) and the Remote Server Administration Tools, click Add Required Role Services, and then click Next.
    image

  9. On the Web Server (IIS) page, click Next.
    image

  10. On the Select Role Services page, click Next.
    image

  11. On the Confirm Installation Selections page, click Install.
    image

  12. After installation is complete, click Close.
    image

Finally, you must add the thumbprint of the RD Web Access server certificate to the Default Domain Group Policy setting. This is required so that the trusted publisher warning dialog box is not shown to the user each time the RemoteApp program is started.

To add the certificate thumbprint to the Default Domain Group Policy setting

  1. Log on to CONTOSO-DC as CONTOSO\Administrator.

  2. Open GPMC. To open GPMC, click Start, point to Administrative Tools, and then click Group Policy Management.

  3. Expand Forest: contoso.com, expand Domains, and then expand contoso.com.

  4. Right-click Default Domain Policy, and then click Edit.

  5. Navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.

  6. Double-click Specify SHA1 thumbprints of certificates representing trusted .rdp publishers.

  7. Select the Enabled option.

  8. In the Comma-separated list of SHA1 trusted certificate thumbprints box, type the certificate thumbprint used to digitally sign the RDP file, and then click OK.

You have set up the CONTOSO domain. Now you can proceed to Step 2: Installing and Configuring RemoteApp.

==============================================================
==============================================================

Next, assign a RemoteApp source on the RD Web Access server (RDWA-SRV).

To assign a RemoteApp source on RDWA-SRV

  1. Log on to RDWA-SRV as CONTOSO\Administrator.

  2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Web Access Configuration.

  3. Click Continue to this website (not recommended).
    image

    ImportantImportant

    This guide uses a self-signed certificate for the RD Web Access server. Self-signed certificates are not recommended in a production environment. You should use a certificate that is trusted from a certification provider when deploying RD Web Access in a production environment.

  4. In the Domain\user name box, type CONTOSO\Administrator.

  5. In the Password box, type the password that you specified for CONTOSO\Administrator, and then click Sign in.

  6. On the Configuration page, click An RD Connection Broker server.
    image

  7. In the Source name box, type rdcb-srv and then click OK.
    image

Finally, you must add a RemoteApp source on the RDCB-SRV computer by using Remote Desktop Connection Manager.

To add a RemoteApp source by using Remote Desktop Connection Manager

  1. Log on to RDCB-SRV as CONTOSO\Administrator.

  2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Connection Manager.

  3. Click RemoteApp Sources, and then in the Actions pane, click Add RemoteApp Source.

  4. In the RemoteApp source name box, type rdsh-srv and then click Add.

==============================================================
==============================================================

Step 3: Verifying RemoteApp Functionality

Updated: October 12, 2010

Applies To: Windows 7, Windows Server 2008 R2

To verify the functionality of a RemoteApp program deployment, log on as Morgan Skinner and connect to the RemoteApp program by using Remote Desktop Web Access (RD Web Access).

To connect to the RemoteApp program

  1. Log on to CONTOSO-CLNT as Morgan Skinner (CONTOSO\mskinner).

  2. Click Start, point to All Programs, and then click Internet Explorer.

  3. In the Address bar, type https://rdwa-srv.contoso.com/RDWeb and then press ENTER.

  4. Click Continue to this website (not recommended).

    ImportantImportant

    This guide uses a self-signed certificate for the RD Web Access server. Self-signed certificates are not recommended in a production environment. You should use a certificate that is trusted from a certification provider when deploying RD Web Access in a production environment.

  5. In the Domain\user name box, type CONTOSO\mskinner.

  6. In the Password box, type the password that you specified for Morgan Skinner, and then click Sign in.

    noteNote

    In you receive a prompt asking you to install the Microsoft Remote Desktop Services Web Access Control, clickRun Add-on, and then click Run.

  7. Click Calculator, and then click Connect.

  8. When prompted, enter the credentials for Morgan Skinner, and then click OK.

You have successfully deployed and demonstrated the functionality of a RemoteApp program by using the simple scenario of connecting to Calculator by using RD Web Access. You can also use this deployment to explore some of the additional capabilities of personal virtual desktops through additional configuration and testing.

Remote Desktop Service on Server 2008 R2 – Part2

by

0

 

Install Desktop Experience on an RD Session Host Server

 

 

Install Desktop Experience

<?XML:NAMESPACE PREFIX = [default] http://ddue.schemas.microsoft.com/authoring/2003/5 NS = "http://ddue.schemas.microsoft.com/authoring/2003/5&quot; />

Use the following procedure to install Desktop Experience on the server.

Membership in the local Administrators group, or equivalent, on the RD Session Host server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.


Important

The installation of Desktop Experience requires the computer to be restarted.


To install Desktop Experience

  1. Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.

  2. In the left pane, click Features, and then in the Features Summary section, click Add Features.
    image

  3. On the Select Features page, select the Desktop Experience check box.
    image

  4. Review the information about the required features that need to be installed with the Desktop Experience feature, and then click Add Required Features.

  5. Click Next.

  6. On the Confirm Installation Selections page, verify that the Desktop Experience feature will be installed, and then click Install.
    image

  7. On the Installation Progress page, installation progress will be noted.

  8. On the Installation Results page, you are prompted to restart the server to finish the installation process. Click Close, and then click Yes to restart the server.

  9. After the server restarts and you log on to the computer with the same user account, the remaining steps of the installation will finish. When the Installation Results page appears, confirm that the installation of Desktop Experience succeeded, and then click Close.

    image

    You can also confirm that Desktop Experience is installed by following these steps:

    1. Start Server Manager.
    2. In the left pane, click Features, and then in the Features Summary section, confirm that Desktop Experience is listed as installed.

      image

After you install Desktop Experience, the Windows 7 components and features, such as Windows Media Player, will appear under All Programs on the Start menu.

image

Uninstall (Remove) Desktop Experience

Use the following procedure to uninstall (remove) Desktop Experience from the server.

Membership in the local Administrators group, or equivalent, on the RD Session Host server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.


Important

The removal of Desktop Experience from the server requires the computer to be restarted.


To uninstall (remove) Desktop Experience

  1. Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.

  2. In the left pane, click Features, and then in the Features Summary section, click Remove Features.

  3. On the Select Features page, clear the Desktop Experience check box, and then click Next.

  4. On the Confirm Removal Selections page, verify that the Desktop Experience feature will be removed, and then click Remove.

  5. On the Removal Progress page, removal progress will be noted.

  6. On the Removal Results page, you are prompted to restart the server to finish the removal process. Click Close, and then click Yes to restart the server.

  7. After the server restarts and you log on to the computer with the same user account, the remaining steps of the removal process will finish. When the Removal Results page appears, confirm that the removal of Desktop Experience succeeded, and then click Close.

    You can also confirm that Desktop Experience is removed by following these steps:

    1. Start Server Manager.
    2. In the left pane, click Features, and then in the Features Summary section, confirm that Desktop Experience is no longer listed as installed.

image