Last Topic "Requirements"

RDP Server Setup

The following directions assume the RDP server is using Window 7 Pro .

PAGING FILE (From Microsoft’s Website)

For a Terminal Server, it is best to put your page files on a dedicated hard drive. In addition, because of the multiuser nature of Terminal Server, be sure that your page file is twice the size of your RAM. For example, if your Terminal Server has 4 gigabytes (GB) of RAM, you should have a 4 GB paging file. You should also have two paging files if necessary. For information about how to change the default paging file size, see "Change the size of the virtual memory paging file" in Help and Support Center for Windows.

Turn Off Windows Indexing

Use the following steps to turn off Windows Indexing service.

  1. Click Windows "Start" button > "Control Panel" > then click "Programs and Features".

  2. Click "Turn Windows features on or off"

  3. In the Windows Features window verify the Indexing Service is unchecked. Click "OK" to exit.

  4. Click Windows "Start" button > "Control Panel" > "Administrative Tools" > "Services". Locate the "Windows Search" service on the list, and double click on it Under the General tab:

  1. Click Windows "Start" button > "Computer" > right click the drive where the rmwin folder resides (i.e C drive)

  2. Click "Properties".

  3. Un-check the box next to Index this drive for faster searching.

  4. Reboot Computer

  5. After the computer finishes restarting verify the Indexing Service is turned off by:

  1. Verify the Windows Search service is disabled by:

Disk Performance

It is recommended that both Write-caching policies be enabled to improve disk performance. Write caching in a connected storage device refers to the use of high-speed volatile memory to collect write commands sent to data storage devices and cache them until the slower storage media (either physical hard disks or low cost flash memory) can accommodate them. Most devices that use write caching require that power be supplied continuously. Improving disk performance is easily accomplished by:

  1. Open the Control Panel (All Items view), and click on the Device Manager icon.

  2. In Device Manager, double click on Disk drives to expand it, and then double click on the listed storage device that you want to enable write caching for. (See screen shot below)

  1. Click on the Polices tab. Under the Write caching policy section, check the "Enable write caching on the device"option, and click on OK. Note: this option usually is enabled by default. You need only enable it if is been disabled (unchecked). If this is enabled you may skip to step 4.

  1. Turn off Windows write-cache buffer on the device- place a check mark in the box for this option to turn off this option. This option is not enabled by default.

Important Note: However, there is one disadvantage in enabling these options – if there is a power outage or a system crash, data might be lost or corrupted. If you have a secondary power supply, like a UPS, you could go ahead with checking these options but there still remains the threat of data loss in the event of a power failure.

Enable Fast User Switching

The second step in setting up RDP on the server computer is to enable the "Hide entry points for fast user switching" option in the Local Group Policy Editor.

  1. Click "Start", type "gpedit.msc" and hit "Enter". In Windows 8 press the Windows key and type "gpedit.msc"

  1. Navigate to the following policy: Local Computer Policy | Computer Configuration | Administrative Templates | System | Logon

  1. Double-Click "Hide entry points for Fast User Switching" and then click "Enable".

  1. Double-Click "Hide entry points for Fast User Switching" and then click "Enable".
  2. Click "OK". Exit Local Group Policy Editor.

Create a Unique Windows User Account

Create a unique Windows User Account for each POS station you will be running on the tablet device:

  1. Click Windows "Start" button, Click "Control Panel", and then "User Accounts".

  2. Click "Manage another Account"

  3. Click "Create a new account" in the Manage Accounts window.

    1. Type in the Account Name (i.e. POS1)
    2. Click "Administrator"

    3. Click "Create Account"

  1. Assign the user account a password

    1. Click on the account name (i.e. POS1) in the Manage Accounts window

    2. Click "Create a Password"

    3. Type password in the New Password field" and confirm the password.

    4. Click "Create Password" button

Repeat steps 1 thru 4 for each tablet running RMPOS

Enable Remote Desktop

Use the following step to enable Remote Desktop.

  1. Right click on Computer, click "Properties",

  2. Click "Remote Settings" and click the "Remote" tab

  1. Enable "Allow connections only from computers running any version of Remote Desktop with Network Level Authentication".

  1. Click "Select Users" and specify each POSx account by
  1. Click "Add" and then "Advanced"

  2. Click "Find Now" button in Select User window.

  3. Click the POS account (i.e. POS1) on the "Search results" list. Click "OK" button.

  4. Click "OK" in the Select User window.

  5. When finished, click the "OK" button in the Remote Desktop User screen and again in the System Properties screen.

  6. Exit Control Panel.

 

Repeat steps 4a thru 4d for each POS user account.

 

Change Terminal Services Default Port

By default, the RDP Terminal server listens on TCP port 3389. This port must be changed to comply with PCI PA-DSS Standards (PA-DDS 3.1c). In addition, using default port 3389 leaves the system vulnerable to a man-in-the-middle , pass the hash, and severe virus attacks. Changing the port is mandatory whether you are processing credit cards on the tablet device or not.

You can change default port on the server using the following steps:

Note: Changing the system registry can lead to serious problems if done incorrectly. It is recommended that you back up the registry using the steps outlined in the Microsoft Support article " How to back up and restore the registry in Windows"

  1. Start Registry Editor(Regedit).

  2. Locate and then click the following registry subkey:

  3. HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > TerminalServer > WinStations > RDP-Tcp> PortNumber

  4. On the Edit menu, click Modify, and then click Decimal.

  5. Type the new port number, and then click OK.

  6. Quit Registry Editor.

  7. Restart the computer.

Make note of the new port number. You will need the port number when configuring RDP on the tablet device.

Note: this step may require configuring the firewall and/or router to allow the new port number.

Use Remote Desktop when Windows Firewall is on

Because Windows Firewall restricts communication between your computer and the Internet, you might need to change settings for Remote Desktop Connection so that it can work properly.

Allow Program thru Firewall

The first step to configuring Window's Firewall is to allow the program:

  1. Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. Locate and click Windows Firewall icon.

  2. In the left pane, click Allow a program or feature through Windows Firewall.

  3. Click Change settings. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  4. Under Allowed programs and features, select the check box next to Remote Desktop, and then use the check boxes in the columns to select the network location types you want to allow communication on.

  5. Click "OK"

    .

Note: If the "Change" settings button is unavailable, you might not have permissions to change some settings that are managed by your system administrator.

Allow Port Number

By default, the RDP Terminal server listens on TCP port 3389. This port must be changed to comply with PCI PA-DSS Standards (PA-DDS 3.1c). If you have not done so already, use the instructions under the section Change Terminal Services Default Port to change the default port number.

  1. Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. Locate and click Windows Firewall icon.

  2. In the left pane, click Advanced settings.

  3. Click "Inbound Rules" on left pane

  4. Click "New Rules" on the pane to the right

  5. Click the Port radio button, Click "Next"

  6. Type the new port number in the Specified local port box, click "Next"

  7. Verify the "Allow the Connection" radio button is checked, click "Next"

  8. Enable the network were the port is allowed (i.e. Private, Public, etc), click "Next"

  9. Type a name for the connection rule (i.e. RMRDP), click "Finish"

  10. Exit Windows Firewall

 

Configure Router

You should configure your system to allow only the POS related computers on the network using MAC address filtering. However, MAC filtering isn't foolproof but adding this level of protection makes it a little more difficult for hackers.

Make sure WPA2 is being used on the router and the default SSID has been changed and is not being broadcast.

Antivirus

If present on your system, include the following folders into your antivirus exception list

Add the Uphclean.exe process into exception list

Note: The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. this service may or may not be installed ion your system.

Disk Defragmentation

Configure regular scheduled defragmentation of paging files(s). IObit has a very good free defrag program that continuously defrags when the computer is idle

http://www.iobit.com/iobitsmartdefrag.html

Place RMPOS (exe) in Windows Startup for Each User Account.

You must place a shortcut to RMPOS in the Windows Startup folder to effect the POS every time you login to user account:

  1. Switch users by logging off the default desktop and re-login to the server desktop as POS1.

  2. Add a shortcut for ‘RMPOS.Exe 1’ into the Startup folder.

Repeat switching users for each POS account, remembering to add the station number parameter at the end of the program name: (RMPOS.Exe 2, RMPOS.Exe 3, etc..)

Reboot the server computer

Test RDP

To ensure RDP is working first, it is best to test on a wired network first if possible, then use the tablet.

  1. PING the server IP address.

  2. From another Windows PC on the network: click the Windows "Start" button and then Click "Run".
  1. Type "Mstsc.exe" in the Run window

  2. Type in the server IP and Click "Connect".

  3. Click the User Account for the POS station (i.e. POS1). Enter the user account password.

POS1 should appear and the RMPOS should start.