Remote Desktop Users Group

The most common way to remotely manage a Windows server is through Remote Desktop Protocol. By default, Liquid Web’s Windows servers only allow the members of the administrators’ group remote desktop access. However, the Remote Desktop Users group grants its members access to securely connect to the server through RDP (Remote Desktop Protocol) as well.

This article will go over the basics of the Remote Desktop Users group. By the end, you will be able to add users to the group, understand permissions, and basic user management.

 

Pre-flight

The information below covers methods to configure the Remote Desktop Users group for Windows Server 2012 through Windows Server 2016 on any Liquid Web Windows server. As a valued customer, if you do not feel comfortable performing these steps independently, please contact our support team for additional assistance. Liquid Web support is happy to walk you through the steps and answer any questions you may have.

 

Managing Local Users and Groups

Users and groups on Windows servers are managed in a number of different ways, but the most user-friendly way is through the Local Users and Groups interface. There are several ways to open the interface. However,  the easiest is to run “lusrmgr.msc”. Lusrmgr.msc can be launched by searching the start menu, command line, or through a run dialog. These methods allow you to find users and groups easily.

Note
To manage local users and groups, you will need to be logged in with a user that has the proper permissions to do so. This is most commonly a user that is already a member of the Administrators group.
Within a windows server type in lusrmgr.msc into the search bar to locate Users where you can find existing users and groups.

 

User Management

Once you open the Local Users and Groups interface, you will see two folders on the left, one for Users, and one for Groups. By selecting Users, you will see a full list of local users on the server. You can also see a variety of related tasks by right-clicking Users, Groups, a user’s name, or a blank area of the middle pane.

There are several ways to add a new user through the Local Users and Groups interface. These methods all result in the same “New User” dialog box opening where you can then configure a Username, Password, and other options. Choose one of the options below to create a new user:

  • With the Users folder selected in the left pane, click the Action menu, then select “New User…”.
  • With the Users folder selected in the left pane, click “More Actions” from the right- hand pane, then select “New User…”.
  • Right-click the Users folder, then select “New User…”.
  • With the Users folder selected in the left pane, right-click in a blank area of the middle page, then select “New User…”.

Once you have created a new user, or have identified the username of the existing user, you are ready to assign that user to a Group. Users assigned to a group are known as group members.

 

Group Management

As with user management, group management can also be performed in several ways. The options below cover several of the most common ways to assign a new member to the Remote Desktop Users group:

  • Select the Users folder from the left pane of the Local Users and Groups interface, open the Users Properties window by double-clicking the user, select the “Member Of” tab, then click “Add…”. Now type “Remote Desktop Users” in the text box and click OK.
  • Select the Groups folder from the left pane of the Local Users and Groups interface, double-click the “Remote Desktop Users” group, click “Add…”, enter the user’s name in the text box and click OK.
  • Open the system settings by right-clicking the start menu and selecting “System”, choose “Advanced system settings”, select the “Remote” tab, click the “Select Users…” button then click the “Add” button. Now enter the user’s name in the text box and click OK.
  • Open the “Server Manager”, select “Local Server” from the left pane, click the blue text next to “Computer Name”, select the “Remote” tab, click the “Select Users…” button then click the “Add” button. Now enter the user’s name in the text box and click OK.
    Note
    When selecting users or groups, it is recommended to click the “Check Names” button after typing in the user or group name. If the name is underlined after clicking the “Check Names” button, then the name was identified correctly.

You can also use the “Advanced…” button when selecting users or groups instead of typing its name. Clicking the “Advanced…” button followed by the “Find Now” button will result in a list of users to select.In a windows server, by right-clicking the User folder you can do a variety of tasks like adding a new user.

 

Notes on Permissions & Security

By default, there are no members of the Remote Desktop Users group and only members of the Administrators group are allowed to connect through RDP. Members added to the Remote Desktop Users group are considered non-Administrative users. These users will be unable to perform most management tasks such as installing software, managing IIS, or rebooting the server.

If a user requires management abilities, the user will need explicit access to that task or will need to be a member of the Administrators. Please use the best practice of “least privilege” when configuring your users, groups, and permissions.

 

Test/Verify Group Membership

When configuring new user and group memberships, you should always review group membership once complete.  Reviewing group membership is most commonly performed through the Local Users and Groups interface. In addition to verifying membership, we also recommend attempting a remote desktop connection with your newest Remote Desktop Users group member. If you are unable to connect with your user, please see our Remote Desktop Troubleshooting article.

Once you have logged in with your newest member of the Remote Desktop Users group, you can further verify that groups are set up correctly by running the command “whoami /groups” from a command line. The output of this command lists the username and its associated Group names.

 

Install TeamViewer on Ubuntu 16.04 LTS

VNC (Virtual Network Computing) is a method for sharing a remote desktop environment. Allowing you to remote control another computer or server over the Internet or local network as if you were sitting in front of it. Keyboard and mouse strokes from your computer are relayed to the remote computer/server. There are many different kinds of VNC softwares available today. Several are cross-platform and add additional features, such as chat or file transfers. VNC is often used for remote technical support and remotely accessing files.

Have you ever wanted to open a file manager and browse your server’s files? Have you ever wanted to open a browser on your server and use it as a VPN? TeamViewer will allow you to do that without much effort. Once TeamViewer is set up on your server, accessing your server takes only a couple of clicks. Many additional features such as chat, file transfers, and wake-on-LAN are available through TeamViewer. They also offer monitoring, asset tracking, anti-malware, and backups for an additional fee.

TeamViewer supports text-based consoles as well as a GUI (Graphic User Interface). If you want to use TeamViewer without using a GUI you can skip installing a desktop environment and window session manager and go straight to the Installing TeamViewer section. However, for this guide, we will assume that remote control of a desktop environment is needed or otherwise wanted.

Prerequisites

You will need to have a server running Ubuntu 16.04 LTS with a desktop environment and a window session manager. There are many different types of desktop environments and window session managers you could install. There is plenty of debate in the Linux community, but for this guide, we recommend going with something lightweight. For that we suggest Xfce.  Another good option is LXDE which is again known for being lightweight and used in many different operating systems as the default desktop environment. Gnome, Mate, and KDE are also noteworthy. Like desktop environments, there are many window session managers and some even come with the desktop environment! We recommend using LightDM with Xfce. LightDM is easy to install and configure and is also very lightweight. You’ll need a TeamViewer account with your login credentials handy, along with the TeamViewer client installed on your local computer, or you can use the web client which requires Flash.

Once you have your Ubuntu 16.04 LTS server up and running, install the desktop environment and window session manager. For our build, we’ve installed Xfce with our Knowledge Base article. Next, install LightDM by running:
sudo apt install lightdmOnce installed you will need to configure it to use Xfce. You can do that by creating a file called /etc/lightdm/lightdm.conf using your favorite text editor and adding the following configuration settings:
sudo vim /etc/lightdm/lightdm.conf
[SeatDefaults] allow-guest=false
user-session=xfce

 

TeamViewer prefers connections using UDP and TCP on port 5938, but if that port is not available, it falls back to ports 80 (HTTP) or 443 (SSL). Port 80 is used only as a last resort and is not recommended due to the additional overhead.  Making connections over this port results in a laggy experience. If you are running firewalld use these commands to open port 5938:
sudo firewall-cmd --zone=public --add-port=5938/tcp
sudo firewall-cmd --zone=public --add-port=5938/udp
If you are using ConfigServer Security & Firewall (CSF) you will need to edit the configuration file. Open the file with your favorite text editor and add the port number to the lines that start with TCP_IN and UDP_IN. Remember to separate your port numbers with commas and then restart the firewall.
sudo vim /etc/csf/csf.conf
sudo csf -r

TeamViewer communicates on port 5938, if you use ConfigServer Security & Firewall (CSF) its necessary to add this port to the configuration file.

The firewall ports are open now that you’ve installed the desktop environment and window session manager. You can now reboot the server. Upon boot, the server will startup Xfce and LightDM.
shutdown -r now

 

To install TeamViewer, you first need to download the package:
wget https://download.teamviewer.com/download/linux/teamviewer-host_amd64.debThen use apt to install the package:
sudo apt install ./teamviewer-host_amd64.deb
During installation, TeamViewer adds the file /etc/apt/sources.list.d/teamviewer.list (DEB), which contains information about the repository. Apt update & upgrade allows you to keep the software up-to-date by simply running:
sudo apt update
sudo apt upgrade
Once TeamViewer is installed you will need to configure it for first time use.
sudo teamviewer setup

TeamViewer will prompt you to accept the license agreement and then ask you for your username and password for your TeamViewer account. The first time that you login TeamViewer will most likely send you an email to verify that you are trying to login to your account from a new location (i.e., your server). Until verified through email it will not allow you to log in until you confirm the new location. Check your inbox and spam folder for their email and click the link to approve the new login location. Afterward, go back to your server and re-enter the username and password to log in.

TeamViewer asks if you would like to add the server to “My computers” on your account. If you get a connection error make sure your server is connected to the Internet and that the proper ports are open in the firewall. Run:

sudo teamviewer setup

If everything goes as planned you should see something like this:The TeamViewer setup screen with ask for your email and password, necessary for future logins.

Now that TeamViewer is installed you can now connect to your server remotely with your TeamViewer client or by logging in with your account to https://login.teamviewer.com/LogOn. You will now see your server listed under “My computers” in TeamViewer. Just double-click on your server under “My computers” and it will connect to your Ubuntu server. Here is an example TeamViewer connected to my Ubuntu 16.04 LTS running Xfce and LightDM:An example TeamViewer connected to my Ubuntu 16.04 LTS running Xfce and LightDM.

You now know how to setup TeamViewer on Ubuntu server 16.04 LTS! If you are already a Liquid Web customer, feel free to contact The Most Helpful Humans™ with questions you may have in setting up a TeamViewer on Ubuntu 16.04 LTS.  We also have some more useful articles about Ubuntu.

Cloud Spectator is an independent, third-party cloud analytics confirms Liquid Web’s VPS servers outperform Rackspace, Amazon, and Digital Ocean across the board.

 

 

Remote Desktop Troubleshooting

Remote Desktop Protocol (or RDP) is the most common method of gaining administrative access to a Windows server. RDP is available on all versions of Windows server and a client (called Remote Desktop Connection) is included with all versions of Windows desktop operating systems. Clients are also available for Macintosh operating systems from Microsoft in the iTunes store and for Linux desktops with applications like FreeRDP. Connecting to your server via RDP allows you full control of the server desktop environment, just as if you were sitting in front of the server’s monitor and keyboard. Depending on your permissions and settings, you can copy and delete files, change file permissions or settings, and even print documents from the server.

Pre-Flight Check

Using Remote Desktop Protocol to manage a Windows server generally requires a few basic settings and information about the server.

  • First, the Remote Desktop Service must be running on the server to which you would like to connect (RDP uses port 3389 by default).
  • Second, you need to know the IP address of the server.  
  • Third, you must have a username and password that is allowed to connect to the server remotely (often, this is the primary administrator account, but can also be a secondary account set up specifically for remote access purposes).
  • Finally, the Windows firewall (and any other hardware or software firewalls) needs to be configured to allow Remote Connections from your location.

 

Once you have all of the correct settings enabled, IP address and user account details, you can connect RDP to your server! Just launch the RDP client, enter the IP address of the server and the user credentials, and log in to the server using what looks like the standard Windows desktop environment.

Image of Remote Desktop Connection

As helpful as the Remote Desktop Protocol can be when it comes to managing your Windows server, there are also times when the connection fails, which can be very frustrating as the error message is generally not very helpful (often just the window shown below).         

RDP Connection Error Pop Up

 

The error shown above means that for some reason, your client was unable to make a connection to the Windows server via the Remote Desktop Protocol. When you are experiencing connectivity issues, there are many items that you can check to try to resolve the problem.

 

  1. Ensure you can reach the server via ICMP (or Ping). Most desktop operating systems will allow you to send small bits of information to the computer to verify connectivity and connection speeds. Generally, you just need to open a terminal window (on a Windows desktop, press the Window key, then type cmd and press enter) and enter the following command: ping IP or ping domain.tld. Normally, you’ll receive an output that is similar:Ping Results
  2. This output shows the pings were successful to the destination and took between 50 ms and 150 ms to complete. These pings indicate a successful connection to the server as desired (at least over ICMP). If the output for the command shows a failure to respond, we know there is some network interference.
  3. If the ping test fails (indicated by repeating asterisks), check your internet connectivity to guarantee that you can reach other resources on the internet. If not, you may need to contact your local service provider to restore your internet access.
  4. Reaching other internet sites but not your server indicates your server is refusing connections from your IP address (due to security software or firewall settings). You may need to contact your hosting company to verify there is not an IP address blocked by your server. You can find your current public IP address by going to http://ip.liquidweb.com.
  5. Can you ping your server, but still can’t connect over RDP? It is likely an issue with the RDP service or your firewall. You’ll need to contact your hosting company to get assistance with the service or firewall.

Firewall Issues

Best practices in configuring a firewall is to allow the least amount of access necessary for the various connections to the server. Limiting the connections to a particular service like RDP is called “scoping” the access for that service. If your configured Windows firewall scopes traffic on RDP, it’s possible that a user may not be able to connect due to their IP address not being included in the rule. Access to the server via RDP from one user but another user is not, check the firewall; their IP address may not be included in the allowed list of IPs for Remote Desktop Access.

  1. Log in to the server, click on the Windows icon, and type Windows Firewall into the search bar.Firewall Settings
  2. Click on Windows Firewall with Advanced Security.
  3. Click on Inbound Rules
  4. Scroll down to find a rule labeled RDP (or using port 3389).
  5. Double-click on the rule, then click the Scope tab.Scope Tab
  6. Make sure the user’s current IP address is included in the list of allowed Remote IPs.

If you are unable to connect to the server from your location, contact your hosting company for help in checking the firewall rule for RDP access.

User Connectivity Problems

Can you connect to RDP using the administrator account, but one or more of the other accounts cannot? There may be a problem with the user account permissions.

  1. Make certain the user is a member of the Remote Desktop Users group. Log in to the server with the administrator account, then go to the Local Users and Groups control panel (Open Administrative Tools, then open Computer Management).Local Users and Groups
  2. Navigate to the Remote Desktop Users group and verify that the user is a member of the group. If they are not a member of the group, add them as a member of the group.
    remote desktop users group
  3. Go to the username under the Users tab. Make sure that the user account is not locked out. Accounts can get locked out due to too many attempts to log in with an incorrect password (either by the user or by a brute force attack on the server).
    account lockout screen
  4. Double check the firewall for the IP address of the user and add to the scope of the RDP rule.

No Available Connections/Sessions

By default, Windows server only allows two users to connect via RDP simultaneously. If both sessions are already in use, you will receive an error indicating that no additional users are allowed to connect at this time. Too Many Users Error

To resolve this issue, you will need to wait until one of the other users logs out or you’ll require to purchase additional RDP user licenses from your hosting provider (assuming that you regularly need access for more than two users at a time).

Failed login attempts during a brute force attack can sometimes take up RDP licenses, even though the session isn’t connecting. If you are experiencing unavailable sessions even when no one is logged in to the server, it’s possibly the result of a malicious login. The best remedy for this situation is to scope the firewall rule to prevent access attempts from unauthorized IP addresses.

Data Encryption Errors

If you are using an out of date Remote Desktop Client or are connecting to an older Windows server, you may receive an error that there is a problem with the TLS settings for the connection. Generally, you can resolve this issue by updating your RDP client software on your workstation. It may also be possible to set the client to ignore these errors, but that could leave your workstation and your server vulnerable to malicious attacks.

Sudden Disconnection

If you are using RDP and suddenly lose the connection, the issue is almost always related to your internet connection. Check to make sure that you can stay connected to other services (like running a ping command in the background). If you are not losing internet connectivity, it’s possible that the server is running out of memory or the RDP service may be experiencing an active attacked in a brute force attack. If you’ve confirmed that your internet connection is stable, contact your hosting company to make sure that the server is not the cause of the lost connection.

Slow Connection Issues

If the connection between your location and your server is slow your Remote Desktop Session may not function as smoothly as you would like. However, you may be able to adjust the Desktop Environment settings of the connection before you connect to simplify and speed up the connection.

  1. Open the Remote Desktop Client application (these directions are for the Windows built-in client, but most RDP clients have similar settings available).
  2. Click on the Experience tab to see the various items you can choose to enable or disable to improve your connection speeds. Change the drop-down to select a specific connection speed or select/deselect the various items to optimize performance.Remote Desktop Connection Settings

         

Windows 10 Update Issues

Oddly enough, Microsoft updates often cause problems with RDP connectivity. As recent as April 2018, an update on both the server operating system and the Windows 10 desktop operating system caused connectivity issues for many users. Generally, the best policy is to update both the server and workstation, as connectivity issues most often arise when the two systems are not on the same update cycle. You may be able to resolve a new connectivity issue by removing a recent Windows update (either on the server or the desktop). Many users also reported that disabling the Printer option from the local resources setting resolved the most recent connectivity issue.         

Local Resources

 

While RDP is a great tool for managing your Windows server, connectivity issues can be frustrating. By working through the possible causes of the connection problem, you will generally be able to get reconnected and working again in no time!

How to Use a Remote Desktop

Remote Desktop Protocol or RDP provides access to your Windows Server’s operating system from your desktop, workstation machine, mobile device or laptop. The connection to your server will be encrypted and it offers some enhancements that allow you to attach local drives and devices.

Most modern Operating Systems have support for Remote Desktop. A Remote Desktop Client made by Microsoft is available in the Apple Appstore, the MacOS store, Google Play, the Chrome Web Store for ChromeOS and of course in the Windows Store. On Linux you may need to download a 3rd party option such as RDesktop or FreeRDP which you can get through a repository or it will be pre-installed on some distro’s.

Continue reading “How to Use a Remote Desktop”

RDP File Transfer

How to Use Remote Desktop to Transfer Files to Your Windows Server

Transferring files to your new Windows Server can be a hassle when you are first setting everything up. Plesk, FTP, or network file sharing might not be quite ready to use or your internet service provider may block those web ports. This is where transferring files via the Remote Desktop Connection program comes in! You can redirect your workstations hard drive and it will appear when you are logged in.

Continue reading “RDP File Transfer”

How to Configure a VNC Server to Use an SSH Tunnel on Ubuntu 14.04 LTS

VNC is short for ‘Virtual Network Computing’. It’s a simple method for sharing a graphical desktop environment. For example, if you install VNC on your hosted server, you could connect to its graphical desktop environment remotely.

Pre-Flight Check

Continue reading “How to Configure a VNC Server to Use an SSH Tunnel on Ubuntu 14.04 LTS”

How to Install VNC Server on Ubuntu 14.04 LTS

VNC is short for ‘Virtual Network Computing’. It’s a simple method for sharing a graphical desktop environment. For example, if you install VNC on your hosted server, you could connect to its graphical desktop environment remotely.

Pre-Flight Check

Continue reading “How to Install VNC Server on Ubuntu 14.04 LTS”

How to Install the Xfce Desktop Environment on Ubuntu 14.04 LTS

By default Liquid Web servers running Ubuntu 14.04 don’t include a graphical desktop environment. It’s easy, however, to install the Xfce Desktop Environment on Ubuntu 14.04 LTS, if need be.

Keep in mind that once Xfce is installed on a hosted server, you’ll need a method to share and connect to the graphical desktop environment. That’s where VNC, or Virtual Network Computing, comes in. Once you finish this tutorial visit our tutorial on: How to Install VNC Server on Ubuntu 14.04 LTS.

Pre-Flight Check
  • These instructions are intended for installing Xfce Desktop Environment on a single Ubuntu 14.04 LTS node.
  • I’ll be working from a Liquid Web Core Managed Ubuntu 14.04 LTS server, and I’ll be logged in as a non-root user, but with sudo access. For information on giving a user sudo access visit our page on How to Add a User and Grant Root Privileges on Ubuntu 14.04.

Continue reading “How to Install the Xfce Desktop Environment on Ubuntu 14.04 LTS”

How to Configure Your Liquid Web VPN

Liquid Web offers a free Virtual Private Network (VPN) user with every account. A VPN uses encryption to secure your computer’s connection to the Internet and guarantees that all of the data you’re sending and receiving to the Liquid Web network is secured from any potential prying third parties.

Be security-minded.

A VPN will secure and encrypt inherently insecure communications (such as HTTP, FTP, SMTP, etc.) to the Liquid Web network, even while using an untrusted public network.

Who uses a VPN? People just like you.

The Professional: Whether working from a permanent home office, or simply getting a few important projects done from home, a VPN will provide secure access to files stored on your dedicated server.

Remote Developers: Do you have a fleet of remote WordPress, Joomla, PHP, Drupal, or other developers that need secure access to your hosting infrastructure? If so, a VPN is not only perfect, but should be required.

The World Traveler: Working on your top secret startup from abroad? Or perhaps uploading photos from your most recent adventure? Prevent snooping by using a VPN.

Once you’re logged into your Liquid Web Manage account, follow the steps below to create a VPN user and get connected! Continue reading “How to Configure Your Liquid Web VPN”