Terminal Services consists of four components: the WindowsServer 2003 multi-user kernel, the Remote Desktop client, the TerminalServices Licensing service, and Session Directory Services.Specifically:
Multi-user kernel. The multi-user kernel extensions, originallydeveloped for Windows NT 4.0 Server, Terminal Server Edition, have beenenhanced and fully integrated as a standard part of theWindows Server 2003 family kernel. These are resident on the server atall times, regardless of whether Terminal Services is enabled or not.
Remote Desktop client: The client software is an application thatestablishes and maintains the connection between a client and a servercomputer running Terminal Services.
Terminal Services Licensing service: This system allows terminalservers to obtain and manage terminal server client access license (TSCAL) tokens for devices and users connecting to a terminal server.
Session Directory Services: The session directory (SD) keeps a listof sessions indexed by user name, and allows a user to reconnect to theterminal server where the user’s disconnected session resides andresume that session.
Terminal Services Architecture
The following table describes the Terminal Services architecture components. Terminal Services Components
Component Description CSRSS.exe
The Client-Server Runtime Subsystem is the process and thread manager for all logon sessions.
RdpDD.sys
Captures the Windows user interface and translates it into a form that is readily converted by RDPWD into the RDP protocol
RdpWD.sys
Unwraps the multi-channel data and then transfers it to the appropriate session.
SMSS.exe
Session Manager creates and manages all sessions.
Termsrv.exe
Manages client connections and initiates creation and shutdown of connection contexts.
Termdd.sys
The RDP protocol, which listens for RDP client connections on a TCP port.
Tdtcp.sys
Packages the RDP protocol onto the underlying network protocol, TCP/IP.
Wlnotify.dll
Runs in the session’s WinLogon process to create processes in the user session.
Win32k.sys
Manages the Windows GUI environment by taking the mouse and keyboard inputs and sending them to the appropriate application.
WinLogon.exe
Thissystem service handles user logons and logoffs and processes thespecial Windows key combination Ctrl-Alt-Delete. WinLogon isresponsible for starting the Windows shell (which is usually WindowsExplorer).
Terminal Services ArchitectureAs the Windows Server 2003 Terminal Server boots and loads the coreoperating system, the Terminal Server service (termsrv.exe) is startedand begins waiting for session connections. Each connection is given aunique session identifier or “SessionID” to represent an individualsession to the Terminal Server, and each process created within asession is “tagged” with the associated SessionID to differentiate itsnamespace from any other session namespaces.
The console session (Terminal Server keyboard, mouse, and video) isalways the first to load, is treated as a special-case clientconnection, and is assigned SessionID0. The console session starts as anormal Windows Server 2003 session, with the configured Windowsdisplay, mouse, and keyboard drivers loaded.
After creating the console session, the Terminal Server service thencalls the Windows Session Manager (SMSS.EXE) to create two idle clientsessions, which then await client connections. To create the idlesessions, the Session Manager starts the Client-Server Run-timeSubsystem (CSRSS.EXE), and a new SessionID is assigned to that process.The CSRSS process also invokes the WinLogon process (WINLOGON.EXE) andthe Windows Manager and GDI kernel module (Win32k.sys) under the newlyassociated SessionID.
The Windows image loader recognizes this Win32k.sys as aSessionSpace loadable image by a predefined bit set in the imageheader. It then relocates the code portion of the image into physicalmemory with pointers from the virtual kernel address space for thatsession if Win32k.sys has not already been loaded. By design, it alwaysattaches to a previously loaded image’s code (Win32k.sys) if onealready exists in memory (that is, from any active application orsession). The data (or non-shared) section of this image is thenallocated to the new session from a newly created SessionSpace pageablekernel memory section.
Unlike the console session, Terminal Server client sessions areconfigured to load separate drivers for the display, keyboard, andmouse. The display driver is the Remote Desktop Protocol (RDP) displaydevice driver (rdpdd.dll), and the mouse and keyboard drivers arereplaced with the RDP driver Rdpwd.sys. These drivers allow the RDPclient session to be both available and interactive, remotely. Finally,Terminal Server also invokes a connection listener thread for the RDPprotocol (Termdd.sys), which listens for RDP client connections on aTCP port.
At this point, the CSRSS process exists under its own SessionIDnamespace, with its data instantiated per process as necessary. Anyprocesses created from within this SessionID will execute within theSessionSpace of the CSRSS process automatically. This preventsprocesses with different SessionIDs from accessing another sessionsdata.作者: 小俊 时间: 2007-9-11 15:38
