Austin Maliszewski's Blog

This weekend, I was browsing the web and I came across an interesting MSIT Whitepaper on using Terminal Services for remote access and new components of Windows Server 2008 Terminal Services. In TS2008, Microsoft developed really neat new features which make Terminal Services a viable solution for remote access. In fact, I think these new services make TS far more attractive than an ordinary VPN; it’s significantly more secure, too.

As part of Server 2008, Microsoft built new TS components. First, I want to start with TS Gateway. TS Gateway allows you to send RDP traffic over HTTPS. A TS Gateway server relays the RDP traffic to its destination inside the network. This is really neat; you don’t have to poke a billion holes in your firewall to have remote access to your computers nor do you need to establish a full VPN connection.

However, it gets better… There’s another component, TSRemoteApp which allows you to encapsulate applications in Terminal Services. That is, you can send an app without the background environment over TS. It appears as a window on the client computer without a second explorer interface, etc. In fact, it will match the client’s theme if you install the Desktop Experience plugin on the server. That’s incredibly cool because then you can have apps that people can access from home without having to wait for them to load over a VPN connection, which is generally pretty slow, given the speed of most people’s DSL. Even better is that you save bandwidth because TS uses less bandwidth than transferring whatever application.

This has some amazing security benefits. One, it takes the security of the client PC mostly out of the picture. You don’t really have to worry about an infected client because the scope of potential damage is significantly reduced; i.e., the infected client does not become part of the network through VPN, it’s avenues of infection are significantly limited. This also has majoer confidentiality benefits. If you have confidential information that you need protected, that stays on the server this way. Employees/volunteers can access the files from home, but you’re free to lock them to the terminal server. They no longer would be copied to someone’s home PC for editing, etc.

This can also integrate with some new rights management features of Active Directory. It also is fully integrated with AD DS. Users logon to the server using their AD username and password. Permissions are managed by AD and group policy, etc. It also integrates with AD CS and Rights Management.

It also will relay RDP traffic to properly configured workstations. That is, an end user could connect securely, through TS Gateway to the PC on his or her desk and work as if he or she were sitting at his or her desk. There’s no need to make a VPN connection, nor expose the network to potential viruses on the end user’s home PC, the user can work seamlessly with RemoteApp or RDPing into his or her desk PC.

To tie this all together, there’s another component, TS Web Access which provides access to all these resources in a nice, easy to use web interface. You logon to the ASP.NET app, that is TS WebAccess, with your AD username and password and you have access to all your RemoteApp apps, your desk PC, (server manager, if you’re an admin), etc.

All in all, I need a little more time to play with this before I try implementing it, but it definitely looks promising as a way of controlling access to enterprise resources but still allowing end users to work from home. Way to go Microsoft!

I recently discovered this program by Bartels Media, a German software company, called MaxiVista. Despite the name, this has nothing at all to do with Windows Vista. It’s actually a really neat multimonitor package that allows you to use old laptops/computers as a secondary, tertiary, etc., monitor for your main PC/Laptop.

I have this configured with two monitors connected to one of my main laptops (I have two main laptops, one that leaves the house with me and one that doesn’t.). Then I have MaxiVista setup using an older laptop as a third monitor. This gives me a total of three monitors of screen space.

Quite frankly, I’m impressed with this program. There’s no latency between the monitors. I wouldn’t show video over the third monitor, but, it might actually work. I even pulled iTunes over to the third display and coverplay ran, albeit a little blocky, but it ran. Take that, Remote Desktop. Right now, I’m typing this message with Firefox in the third monitor, so that’s working nicely. I thought having two monitors was nice, but having three is really incredible. When I build my new desktop, it will probably have three or four (depending on how far over budget I run) monitors on two dual head video cards with 1GB DDR3 VRAM each. I haven’t decided which ones yet, though.

I just had to share this really neat program. I forgot exactly where I read about it, otherwise I’d give credit. Link: http://www.maxivista.com

I finally got around to installing Vista on my Gateway CX2724. I made a pledge to wait until at least SP1 and since that’s here, I did it. I pulled a copy of Vista Business from MSDN, burned it to DVD, resized my XP Tablet PC partition with GPartEd on Knoppix and installed it. The installation process was pretty painless. Put in your product key, time zone, if you want it to automatically update, it installs everything, about 30 minutes later, you put in your new username and password and it’s done. It rebooted a final time. Loaded, and well, it’s pretty and seems to run pretty nicely, etc.

First thing I notice, the pen doesn’t work. Well, I knew that would happen. Connected it to my WiFi and went and downloaded the pen drivers from Gateway.com. (Well, I downloaded Firefox first.) I installed the drivers based on the HWID of the HID. Then I installed the Tablet Buttons drivers based on its HWID. And what do you know, I point the pen at the screen and the mouse moves. Well, it’s a good deal away from where it should be. I fiddled with Calibration which failed every time. I decided I should do Windows Update, so I go do that, and in my list of updates are drivers for the pen device. Well, it does its thing and an hour later, I’m prompted to reboot. It tells me that the updates for the pen device failed, which makes sense since I already had the newest drivers. Upon reboot, everything works perfectly.

This morning, I played with it a bit more. I tried out the Input Panel. Boy, the handwriting recognition is so much greater than XP TPE. It could make everything I threw at it. I wrote in cursive, manuscript, mixed it up (that is pseudocursive), neatly, messily, it could read it all. It even got my name. I had to wait until about 4 o’clock before I could download OneNote because MSDN was being updated. Loaded up OneNote and did some sample

The way OneNote’s handwriting recognition works is based on the OS it’s running on. It makes a hook to the host OS’s handwriting recognition API if it has one. It installs TPE’s if you’re running it on any version of XP besides TPE, and on Vista it uses the native API except on Home Basic which doesn’t have one. (This is to the best of my knowledge, not sure if 2007 still works that way). So, handwriting recognition worked nicely, again recognizing everything I threw at it.

The best part is it’s supposed to learn your handwriting and improve over time kind of like the way Speech to Test works now. Well, we’ll see.

Overall, I’m pretty happy with the way Vista and Tablet PCs work. In the near future I should be getting a new Tablet (HP tx2525nr) with Vista Ultimate which should be a pleasure to work with.

Another thing: If anyone has computer questions, shoot me an email. I fix/can help with PCs (XP, Vista), Macs (OS X), *nix boxes, networking, servers, and hardware problems. Oh yeah, I also do programming and web design.