Windows Server 2016 RDS Options

DWreck

DWreck

Senior Member
Hi,

I have a business wanting to change their server setup. Right now I have it so they each use RDP to connect to the server with their own user login. Which works fine by the way. They about 25 employees (25 workstations). What they don't like about it is one user installs a program and it is applied to all other users on the server. Another being the UI difference from a standard Windows 10 installation (e.g. they see the server tools in the start menu etc...). So they want me to "fix it".

My thoughts are running Virtual Machines with standard Windows 10 for each user on the server instead. Then they can each install whatever they want without effecting one another, and won't tell the difference from their own workstation. But still be running off the server. What I'm stuck on is the best way to implement this. So if anyone here has experience doing it I'd appreciate any feedback on the methods you used. We are trying to keep it simple, and cost effective. So if it could be achieved on the one server they already have that would be ideal.

Thanks,
Derek R.
 
Well the users shouldn't be able to install software on servers. If they are local admins then that is why they see the server admin console.

There are a bunch of different ways you could do this. If you wanted truly separate environments I would say you'd want to install Hyper-v and build out client VMs for each user. That would be a lot of work and more to manage.

You could also deploy RDS VDI and have a easier to manage virtual desktop experience, or you can do RDS session based hosts and either have them RDP into the server and remove their admin access, or public the applications and configure the RD gateway so they just access a web site to access applications which you can control who see's what by AD groups.
 
Neemobeer said:
Well the users shouldn't be able to install software on servers. If they are local admins then that is why they see the server admin console.

There are a bunch of different ways you could do this. If you wanted truly separate environments I would say you'd want to install Hyper-v and build out client VMs for each user. That would be a lot of work and more to manage.

You could also deploy RDS VDI and have a easier to manage virtual desktop experience, or you can do RDS session based hosts and either have them RDP into the server and remove their admin access, or public the applications and configure the RD gateway so they just access a web site to access applications which you can control who see's what by AD groups.
Click to expand...

I'm sorry I worded that incorrectly. They can't install programs, I do that for them under the Admin account. But they don't like the shared functionality of programs. The accountants don't like seeing Adobe products being on there, and the graphic designers don't like seeing Quickbooks on there, etc... I don't know why they are so picky about it.

I'm not to sure why they can see the server tools. The users are standard local users, not admins. They also can't change any settings, but can see the tools just the same as when I'm logged in as Admin.

In your opinion what is the easiest option to deploy? I believe VDI is the answer based on the information I've read on it. However I'd be moving into waters I have not touched before.

From my understanding here, I'd need multiple servers to accomplish a "Standard Deployment", which is what I believe you were referencing in your above post?
 
Honestly I'd suggest published applications. Then all they see is the applications assigned to them by AD groups. If you have a file share you can redirect those profiles to the share if you're dealing with a RDS server farm, just make sure you install the applications on all the session host servers.
 
Neemobeer said:
Honestly I'd suggest published applications. Then all they see is the applications assigned to them by AD groups. If you have a file share you can redirect those profiles to the share if you're dealing with a RDS server farm, just make sure you install the applications on all the session host servers.
Click to expand...
If by AD groups you mean Active Directory groups right now they are in a Workgroup setup right now. Would I have to migrate them to Active Directory?
 
I just assumed you have an active directory environment since you have at least 1 server
 
Neemobeer said:
I just assumed you have an active directory environment since you have at least 1 server
Click to expand...
They wanted it as simple as possible. So we stayed with a Workgroup. At the time they would get no advantage from AD. However I can migrate them to AD if that's a better option?
 
I would say AD is simpler than a workgroup. Central account management, more secure and coupled with group policy easier for you to make uniform changes for everyone. That combined with published apps you only need to add that user to a group and they have the new application whatever that may be. On top of that with the published apps, you could deploy a RDS feed to the users and those same published apps could be streamed off the server to the user devices. The applications would appear to be installed locally.
 
You must log in or register to reply here.

Similar threads

E
How to prevent "Microsoft defender SmartScreen prevented an unrecognised app" warning for my own python based app
Replies
3
Views
185
ussnorway
ussnorway
R
Window Server 2012 Login/Password Issues (But our workstations are still connected and we did not change the password)
Replies
3
Views
1K
Mike
Mike
S
GPT To MBR
Replies
3
Views
319
ChatGPT
ChatGPT
D
Need full Administrator authorization not local
Replies
2
Views
382
Neemobeer
Neemobeer
K
Windows 10 installation. Dozens of Driver errors
Replies
3
Views
429
ka1gt
K
Back
Top