Abstract: Embodiments described herein are directed to establishing a terminal services (TS) session between a TS server and the client without creating a temporary session. In one embodiment, a computer system receives a user request indicating that a TS session with a first TS server is to be initiated. The request includes an indication that the user is authenticated and authorized to use the first TS server. The computer system searches for any prior TS sessions previously initiated by the user with other TS servers and determines, based on the search, that at least one prior TS session was initiated with a second TS server. The computer system also sends redirection data to the user indicating that the user request is to be redirected to the second TS server to reestablish the prior TS session with the second TS server.

Abstract: Techniques for configuring and operating a virtual desktop session are disclosed herein. In an exemplary embodiment, an inter-partition communication channel can be established between a virtualization platform and a virtual machine. The inter-partition communication channel can be used to configure a guest operating system to conduct virtual desktop sessions and manage running virtual desktop sessions. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract: Techniques for configuring a commodity server to host virtual hard disks are disclosed herein. In an exemplary embodiment, a virtual hard disk file can be split into a plurality of differencing VHD files and one or more of the files can be downloaded to a virtualization host as it runs off the VHD files stored on the server. After the one or more VHD files are downloaded, the virtualization host can be configured to use the local copy instead of the copy on the commodity server. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract: Techniques are provided for preserving state—both machine state and user state—in a virtual machine (VM) in a server deployment. User state may be preserved among a plurality of VMs in a server deployment by storing data specific to the user in a virtual hard drive (VHD). When a user logs into a particular VM, the VM remaps portions of a guest OS file system that correspond to user state to the VHD and mounts the VHD. Machine state may be preserved by storing information particular to a VM apart from that VM. When a VM is to be recreated, a diff disk containing the information particular to the VM is determined based on the current VM, the information particular to the VM, and a gold image that the VM is to be created with. Then, the VM is created with the gold image and the diff disk.

Abstract: Described are techniques for providing an application program interface that leverages the terminal services session broker infrastructure to support third party plug-in applications. In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may override the session broker logic and interacts with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers.

Abstract: Techniques are disclosed for enabling a system service executing in an isolated session to access system resources (such as a graphics processing unit) that it is isolated from. In an embodiment, the system service creates a “worker” session that is not isolated, and a “worker” process inside that worker session. Then, the system service is able to access the system resource that it is directly isolated from accessing by passing a request to the worker process to access the system resource on the system service's behalf. The worker process does so, and passes a result to the system service.

Abstract: A workstation including a host machine and a plurality of consoles directly connected to the host machine. Each of the consoles are configured as a separate console, and each of the consoles include a respective input device adapted to receive input from a user and a respective output device adapted to provide output to the user. A method provided herein includes configuring the host machine to support a plurality of users concurrently on a plurality of consoles, and connecting each of the consoles directly to the host machine so as to enable direct communication therebetween.

Abstract: Systems and methods are described for providing security through sessions. In an implementation, a method includes initiating a session, by an operating system, in which operating system services are executable and initiating another session, by the operating system, in which a user-interactive application is executable.

Abstract: Techniques for extending federation services to access desktop applications are herein described. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Systems, methods, and computer-readable storage media are disclosed for roaming profiles and application compatibility in multi-user systems. In an embodiment, a user profile exists on a plurality of client computers. Each client computer executes a roaming profile client that intercepts a change to an application's settings. The roaming profile client sends this change to a roaming profile server that stores it. When the user profile logs on to a second client computer, the roaming profile server sends an indication of the change to a second roaming profile client on the second client computer. This roaming profile client alters the settings for the application on the second client computer such that, when the user session executes the application on the second client computer, the application reflects the change.

Abstract: High Fidelity remoting can be enabled by loading a hybrid remote session in a computer system. The hybrid remote session can include components loaded in a console session and components loaded in a remote session.

Abstract: Techniques are disclosed for virtualizing internet protocol (IP) addresses in terminal server sessions. A client component comprises a layer service provider (LSP) and a name service provider (NSP) that intercept a socket call to associate a port with a socket for a terminal server session. The client component queries a server component for a virtual IP address, and the server component determines whether the terminal server session can use a virtual IP address. Where the session can use a virtual IP address, the server returns a virtual IP address and the client component binds the socket call to the virtual IP address. Where the session cannot use a virtual IP address, the server returns an indication of that, and the client component acts as a proxy for that socket call and any future calls for that socket.

Abstract: Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.

Abstract: Embodiments described herein are directed to establishing a terminal services (TS) session between a TS server and the client without creating a temporary session. In one embodiment, a computer system receives a user request indicating that a TS session with a first TS server is to be initiated. The request includes an indication that the user is authenticated and authorized to use the first TS server. The computer system searches for any prior TS sessions previously initiated by the user with other TS servers and determines, based on the search, that at least one prior TS session was initiated with a second TS server. The computer system also sends redirection data to the user indicating that the user request is to be redirected to the second TS server to reestablish the prior TS session with the second TS server.

Abstract: Example embodiments of the present disclosure are related to terminal servers. In an example embodiment a license can be associated with, or define, a set of capabilities and a session can be generated that includes the capabilities. In an example embodiment the session can be generated in view of a license and privileges that are associated with an account identifier of a user requesting a session from a terminal server.

Abstract: Described are techniques for providing an application program interface that leverages the terminal services session broker infrastructure to support third party plug-in applications. In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may override the session broker logic and interacts with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers.

Abstract: The present invention is directed to restricting device access per session. Entries in a device list are configured to store session ID values in addition to values for other device properties. A session ID value for a device can be set to the session ID value of a (e.g., RDP) session that registered the device such that the subsequent transfer of device related information for the device can be restricted to processes in the session. When a request for device related information is received from a process, an access check is performed by at least comparing a session ID value for the process to a session ID value stored in a device entry for the device. When the access check is successful, for example, when session ID values match, access to the requested device related information can be permitted.

Abstract: Systems and methods to implement load balancing of connections to a server computer in a server collection are described. The server collection receives connection requests from remote clients over a network. A session broker evaluates one or more load parameters of the server computers in the server collection and, based on those load parameters, determines load associated with each server computer. The session broker redirects the connection requests to the server computer which has a lesser load.

Abstract: A session-specific policy may be used to define specific configuration and operational characteristics of different types of sessions. One type of session may have one set of characteristics while a second type of session may have a different set of characteristics. The policy may be applied by a server or client, and may be propagated through an enterprise by a policy distribution management system to establish policies across multiple devices. Different session types include sessions from a local console, a remote user, a device-initiated session, a service-initiated session, and other types. Within each session type, policies may be defined for specific instances of each type. For example, different policies may be defined for different devices in a device-initiated policy.

Abstract: Techniques are described for managing and controlling connections of server sessions, including systems and methods for managing and controlling connections to a server computer. Connections are monitored to a server computer depending on a “drain state” of the server computer. If the server is in drain mode, requests to initiate a fresh session with the server computer are rejected, or deferred until the server computer comes out of the drain state.