I read and hear a lot of questions about why Remote Desktop Connection 6.1 or later doesn’t exist for Windows Server 2003. Well, if you’re wondering, I have good news for you: RDC 6.1 does exist for Windows Server 2003!
First of all, Remote Desktop Connection (RDC) is the Microsoft RDP client, previously called Terminal Services Client (TSC). It’s by far the most common tool to connect to a Remote Desktop Protocol (RDP) server, which is actually every somewhat modern Windows system. The RDP server component of Windows systems (clients and servers) is called Remote Desktop Services (RDS), formerly known as Terminal Services (TS). Some of those Windows systems can be put in a special mode to allow more remote connections/sessions, making the system a so-called Remote Desktop Session Host (RDSH) or Terminal Server (TS) (the former name).
The last version of RDS, RDP and RDC is 7.1, introduced with SP1 of Windows 7 and Windows Server 2008 R2. This version doesn’t exist for Windows Server 2003 though. Hell no, the latest version of RDC supported for Windows Server 2003 was 6.0. Till recently… Microsoft has published an update for RDC 6.0 and 6.1, upgrading those versions to the latest build of 6.1. This update is also valid for Windows Server 2003, meaning you can upgrade your RDC 6.0 on WS03 to the latest build of 6.1!
Well, it’s still not the same as 7.0 or 7.1, which implies you still can’t get things like multimedia redirection (WMP redirection), true multimonitor support, audio recording (and thus getting a form of bidirectional audio redirection), the so-called “enhanced graphics”, RemoteFX, etc. on a WS03 machine in the client role (also note that starting from RDC 7.0 you can’t connect to Windows 2000 systems anymore!). But you do get RDP signing, Easy Print, a new bulk compressor (RDP6.1-BC) and the ability to explicitly connect to administrative sessions (with the /admin switch instead of the /console switch). And Network Level Authentication (NLA)?
Well, yes and no. For the RDC client itself, yes. But the thing is it only works when the Security Service Provider (SSP) CredSSP is available and that’s not the case in WS03. For Windows XP it is available, but it’s disabled by default; you can enable it, but it doesn’t make sense to do the same for WS03, because it’s just not there. So at the end this means no NLA from a WS03 machine, even with RDC 6.1!
IMHO this is a pity… First of all WS03 is still very widely used and it’s difficult to understand all of at least many of the newest features aren’t supported at RDP client level! Secondly, NLA is perhaps even the most important feature missing! The reason is simple: if a company implements RDS farms with high security requirements, NLA should be enabled. NLA requires the client to provide all the credentials before the actual RDP connection to the target is made. So forget about making a connection and then entering your password into the Winlogon desktop (that’s how it’s called, as it is actually a desktop too, although not the application desktop we typically refer to). Does this sound stupid to you? Well, it isn’t! With NLA authentication happens before the actual RDP connection is made, i.e. during the Kerberos/SSL/NTLM setup, meaning server authentication is required too. This is a good thing security-wise and performance-wise, because bad attempts are blocked earlier and take less resources. I could tell you more about how and why exactly, but I guess it’s best not to go outside the scope of this article, otherwise I end with my opinions about the political situation in Lagos, Nigeria or something similar 🙂
The thing is you can’t connect from your old WS03 working environment to your new highly secured working environment, so if you’re moving from a WS03 to a WS08(R2) RDS farm, it’s not a nice thing. The only thing you can do is to connect to another system and connect to your new WS08(R2) farm from there. Or reduce your security, at least for a while… If your old working environment is XP though, there is no problem at all, because there NLA is possible (after enabling it though).
Anyway, it seems most people are not aware of the fact RDC 6.1 can be run on WS03 for the moment. That is the message I’m trying to spread! For completeness, the latest build for 6.1 is 6.0.6001.18564 and is also supported on XP (you need at least SP2), Vista and WS08; for WS03 you need at least SP1. More information can be found in KB2481109 at http://support.microsoft.com/kb/2481109. This update is available through Microsoft Update (MU). If you really want to know: before this update the last version of RDC for WS03 was 6.0.6000.16459 (a build of version 6.0), available through KB925876 for WS03 SP2. Well, AFAIK, that is.
PS: don’t be confused by the version numbering. 6.0.6000.x builds belong to the main version 6.0, while 6.0.6001.x builds belong to the main version 6.1.