Windows Server 2022 Essentials Remote Desktop Services

A few questions first.

How do you access your other/work network from home? Is it over a VPN? Do you directly connect by public IP address? Or do you use something like apache guacamole RDP router?

What do you have for firewalling on the network? are all of the ports set properly for remote access? Have you verified by testing it on a network other than your home?

Magus writes...

Such as not using Admin logins on the server for other tasks, such as what was asked?

Ensuring that patches are applied (which means the server has access to the internet)
AV and IDS is installed, monitored and maintained?

You have an domain account with local admin to privileges to cover the box(s) or you just use a white list of applications so it doesn't matter anymore.

Most modern AV include client based IDS which can and should be configured to centrally send e-mail if it detects anything which you should be doing for all end points anyway,

To largely be honest the risk of something like mimikatz it's overblown. If you device is compromised to the point where someone is running it on the server or end point they will just find an alternate way into something important. Malware notifications for you AV are far more important unless you are running some EDR/XDR which is way beyond the price point of a small business.

AWS and Azure offer this, along with partners that re-sell these offerings fully configured and secure.

They still have issues, they only get caught when third parties find it the whole and tell MS/Amazon who doesn't do anything so they go public about it. Cough cough Cosmos DB and SharePoint.

Resellers don't mean much in this space. "Oh it wasn't us it was MS/AWS take it up with them".

Saying a NAS is more secure than a Server 2k19 or 2k22 is dumb along with saying a consumer/SMB grade router is more secure. Sure if you want to pay money and get a Fortinet/Watchguard/Sophos/Palo yeah it's better but paying 2-5k a year is licensing is beyond most SMB budget. The real only major issues with Windows is on prem exchange with OWA enabled without a stringent updating plan in place.

Using a Linux server for a small business is dumb, you lose a heap of functionality in AD/WSUS which sure you can replace with third part remote support tools but it is dumb and are just as susceptible to malicious acts and the amount of man hours needed to maintain it increases exponentially.

The only time cloud makes sense if you you are:a) planning on scaling the business rapidlyb) deal with massive data sets for short periods of time

c) the generic e-mail/SharePoint work loads

FYI, payloads attacking QNAP/Synology have been included with generic malware payloads for over 2 years. I really have no idea where you are getting your information from.

Page 2

Marky000 writes...

Is there any links I can see these price guides?
https://www.microsoft.com/en-au/d/windows-remote-desktop-server-cal-2022/dg7gmgf0d7hx

Pricing may vary if purchased from a Microsoft authorised vendor or volume licencing.

what about Essentials 2019 vs Essentials 2022? Is it true that 2022 isn't actually Essentials?All previous releases the only differences is the lack of an additional vm licence and 25 cals included. It is not licenced by core like higher versions.

This is not changing from my fact sheet, but Microsoft licencing is a train wreck to follow on the best of days.

I assume you mean the 2 extra RDP admin sessions
2 concurrent unlicenced admin sessions is what I recall. But it's a moot point as you don't given standard users admin rights.

Server 2008 R2 seemed to have some tolerancesAll have a 180 grave period for terminal services. There was highly publicised work around at the time but 2008 is dead and only a fool would consider going down that path in today's age.

Not worth the risk if caught, not worth the disruption if an update breaks your work around.

RDS CALs, on top of your regular cals have been around forever.
Microsoft audits are a pain and will try to give you the full pineapple treatment of your in the wrong.

Workgroup
Irrelevant to RDS.

Does TS just stop working completely if licences are not sorted?
Yup, no licences avaliable. Contact your administrator or something along those lines when you try to connect.

Take it from experience from those who have been in the game: Don't cheap out on offering business solutions, it hurts you and can crippling to the company.

HeadTheWall writes...

If it's only for 3 eyes it may be excessive having a serverYea.

Sounds like a job for Synology NAS and couple off new workstations managed by a RMS.

Windows Server 2022 arrived without the pageantry of previous Windows Server releases, but organizations with specific needs will appreciate the refinements to this server OS release.

Microsoft has offered Standard and Datacenter editions of its Windows Server operating systems for several years, which continued with Windows Server 2022. However, the company introduced a new product called the Windows Server 2022 Datacenter Azure edition. As the name implies, this edition ties server workloads more closely to the Microsoft cloud platform and offers unique features to tempt customers who want easier patching and other perks.

Microsoft decided to drop the Windows Server Semi-Annual Channel that catered to organizations interested in emerging server technologies and stick with the Long-Term Servicing Channel, which produces a major feature release around every two years. All Windows Server 2022 editions follow Microsoft's fixed lifecycle policy and will receive five years of mainstream support followed by five years of extended support. While Microsoft always recommends a clean install of its server OS, Windows Server 2022 supports in-place upgrades from the two previous Windows Server releases.

Windows Server 2022 hardware requirements and limitations

Windows Server 2022 Standard and Datacenter editions share the same hardware requirements. Both require a 1.4 GHz, 64-bit CPU and 512 MB of RAM; for the Desktop Experience GUI-based version, the system needs 2 GB of RAM. Additionally, 32 GB of disk space are required.

These minimum hardware requirements will not be sufficient to run a workload with decent performance. Even Microsoft's own documentation points out the minimum requirements just to install Windows Server 2022 require at least 800 MB of RAM. Once Windows Server has been installed, the RAM can be decreased to 512 MB if necessary. As a best practice, organizations should match server hardware to the workload.

Both Standard Edition and Datacenter Edition can run on an unlimited number of cores, but both editions are limited to a total of 64 sockets, which must be 64-bit. Likewise, both editions support a maximum of 48 TB of RAM.

Any Trusted Platform Module (TPM) features, such as BitLocker Drive Encryption and secured-core server, will require the hardware to come with a TPM 2.0 chip.

Microsoft deprecated features in Windows Server 2022

Every time Microsoft releases a new Windows Server product, it deprecates some features. In the case of Windows Server 2022, Microsoft removed the Internet Storage Name Service, the protocol used to find and work with iSCSI systems on the network.

Microsoft also stopped development on the guarded fabric and shielded virtual machines it introduced with Windows Server 2016 but will continue to support those features.

Administrators who deploy the server core version of Windows Server should note that Microsoft plans to stop developing the Server Configuration tool (sconfig) and remove it from the next Windows server version. The sconfig utility will still run upon sign-in, but Window Server 2022 will use PowerShell as the default shell rather than the command prompt.

Other features Microsoft will not develop further include the Windows Deployment Services boot.wim image deployment, and it deactivated the Local Security Authority Remote Protocol interface used to connect to Encrypting File System encrypted files over the network.

What's in the Windows Server 2022 Standard edition?

Microsoft designed Windows Server 2022 Standard for physical machines or environments that are minimally virtualized. The retail price for Standard edition is $1,069 for use up to 16 cores. Systems with more than 16 cores will require additional licenses to cover each physical core on the CPU. Additionally, each client that accesses a Standard edition server requires a Client Access License (CAL).

Windows Server 2022 Standard largely has the same feature set as the Datacenter edition with some minor variations. For example, Standard edition limits the Storage Replica feature to a single partnership with one resource group and a 2 TB volume. Similarly, Standard edition only supports inherited activation if it is running as a guest on a Datacenter edition server. Standard edition also lacks support for software-defined networking and the Storage Spaces Direct software-defined storage feature.

The biggest difference between the Standard and Datacenter editions relates to virtual-machine licensing. Both editions support an unlimited number of Windows Server containers. However, the Standard edition limits this to two operating systems per license, meaning a Standard edition server can run a parent operating system and a single Hyper-V virtual machine or a single Hyper-V container. In contrast, a Datacenter edition license allows for an unlimited number of Hyper-V virtual machines or Hyper-V containers.

What's in the Windows Server 2022 Datacenter edition?

Microsoft markets Windows Server 2022 Datacenter for use in highly virtualized environments, such as data centers and clouds. A Datacenter license has a retail price of $6,155.

Like the Standard edition, this license allows Windows Server to run on up to 16 cores with additional licenses required for CPUs with more cores. CALs are also required for each client that accesses the server.

What's in the Windows Server 2022 Datacenter Azure edition?

Windows Server 2022 Datacenter Azure edition runs either as an Azure virtual machine or on an Azure Stack HCI cluster. It cannot install to bare hardware, nor can it be installed and run as a Hyper-V virtual machine. Microsoft has not disclosed pricing for this edition.

Windows Server 2022 Azure Edition offers several new features not available on either the Standard or Datacenter editions of Windows Server 2022. Microsoft calls this exclusive combination of features "Automanage for Windows Server."

SMB over QUIC provides encrypted access to SMB file shares without the need for a VPN. This feature uses the TLS 1.3 protocol, and administrators cannot turn off the encryption in the settings. Microsoft said this feature uses certificates rather than public key infrastructure authentication.

Also unique to the Windows Server 2022 Datacenter Azure edition is hot patching. With this feature, administrators can patch Windows Server 2022 Datacenter Azure virtual machines without the reboot Windows typically requires, which results in downtime.

The Datacenter Azure edition supports an extended network into Azure so virtual machines retain the IP address during a migration from the data center into Microsoft's cloud.

For smaller organizations, the Essentials editions is another option

Microsoft also offers an Essentials edition of Windows Server 2022 that it targets for small businesses with up to 25 users and 50 devices. Windows Server 2022 Essentials sells for $501 and does not require CALs but is limited to 10 cores, a single socket and a single virtual machine. The feature set is the same as the Standard edition. Windows Server 2022 Essentials is only available through certain server hardware partners.

Microsoft compares the different Windows Server 2022 editions on its website at this link.