In my previous post titled Windows 2008 R2 Remote Desktop Services (RDS) (1 of 2) where I covered Understanding and Deploying RDS, I gave an intro to RDS as well as the basic installation of the Windows 2008 R2 Remote Desktop Services (formerly known as Terminal Services). In this post, I’m going to key in specifically on the Remote Desktop Services Web Access and RemoteApp roles.
This Web Access and RemoteApp are new to Windows 2008 Terminal Services and enhanced in RDS 2008 R2. Effectively prior to Terminal Services / RDS Web Access, the only way to access a TS / RDS session was to run the Remote Desktop Connection (RDC) client software that launched a full desktop window complete with a Start button on this session.
With RDS Web Access, you can simply give a user a Web URL and they get a list of the applications they can launch and run. The list of programs is all determined by group policy, so you can set it so that some users see 5 application icons to choose from where other users might see 10 application icons to run. Also through group policy you can identify that someone might get 10 icons when they are accessing RDS Web Access from within the company network, and they only see 7 icons when they are accessing RDS Web Access from outside of the company network (effectively preventing them to access sensitive or compliance regulated data externally).
Even if a user accesses two separate apps from the Web Access interface, they can still cut/paste content between the sessions, and when they save information, it all saves back to the company network by default (although RDS Web Access does have the ability for users to load and save files locally).
With RemoteApp, users can simply have an icon placed on their desktop and they can double click the icon to launch an application off a shared RDS Host server.
To install the RDS Web Access and RDS RemoteApp, here’s a snippit out of my book “Windows Server 2008 R2 Unleashed”…
Before installing RD Web Access, you need to take a few considerations into account:
Installing the RD Web Access Role Service
Use the following steps to install the RD Web Access role service:
Defining the RemoteApps Programs Source
Before users can use RemoteApp and Desktop Connection, the source for RemoteApps programs must be defined for an RD Web Access server. A RemoteApp source can be either of the following:
Use the following steps to define the RemoteApp source:
When defining a RemoteApp source, certain requirements must be met depending on the option used. For example, if an RD Session Host is used as the source, the RD Web Access server must be added to the TS Web Access Computers security group on the RD Session Host server. Or, when using an RD Connection Broker server as the source, the RD Connection Broker server must be installed, configured, and online.
Additionally, if the “One or More RemoteApp Sources” option is used, a connection name and connection ID must be defined on the RD Web Access server, and the RDWebAccess.config file needs to be modified. This file is found under the: %windir%\Web\RDWeb\App_Data\ directory. The contents of this file include instructions as to how to define the connection name and connection ID. Once a connection name has been defined, it is used to identify the RemoteApp and Desktop Connection that comes from that RD Web Access server. Conversely, if the “An RD Connection Broker Server” option is used, the connection name and connection ID are defined using the Remote Desktop Connection Manager tool on the RD Connection Broker server.
Securing RD Web Access
After RD Web Access has been installed, it is recommended that you secure the RD Web Access traffic by installing and using a Server Authentication (SSL) certificate. To complete this task, refer to the IIS 7.5 online help section titled “Request an Internet Server Certificate.” After a certificate has been requested, installed, and bound to the website hosting the RD Web Access role service, that website should then be configured to only accept SSL connections.
Configuring RemoteApp and Desktop Connection Properties
Adding Programs to the RemoteApp Programs
The applications that are shown on this page are shortcuts that are found in the All Users Start Menu folder. If there is an application that is not listed on this page, an administrator can click on the Browse button, and then specify the location to that application’s executable.
6. After selecting an application or applications to add to the RemoteApps list, an administrator can then choose to configure the different RemoteApp properties for that application or applications. To do this, select the application name, click Properties, make any needed modifications, and then click OK.
It is important to note that, by default, the RemoteApp Program Is Available Through RD Web Access option is enabled. Also, only system environment variables can be used in the pathname for an application (such as %windir%). Per-user environment variables cannot be used. Lastly, if needed, using the User Assignment tab, an administrator can define which users/groups have access to the RemoteApp program.
7. Click Next.
8. Finally, review the settings on the Review Settings page, and then click Finish.
9. The RemoteApps list will then appear
Configuring Global Deployment Settings
In the RD RemoteApp Manager interface, an administrator can also configure a number of deployment settings that globally apply to all RemoteApp programs in the RemoteApps list. The settings are grouped into the following categories:
Accessing RemoteApp and Desktop Connection
When using Windows 7 or Windows Server 2008 R2, users can also access RemoteApp and Desktop Connection using two methods. The first method is to use a RemoteApp and Desktop Connection URL, which is provided by administrators. For example, such a URL might be formatted as: https://remotedesk.companyabc.com/RDWeb/Feed/webfeed.aspx. Using this URL, a user can then create a new connection to RemoteApp and Desktop Connection using the Control Panel, RemoteApp and Desktop Connection.
The second method to access RemoteApp and Desktop Connection is to use a configuration file that is generated by an administrator. These configuration files are generated using the Remote Desktop Configuration Manager tool. Once the configuration file is given to a user, the user just has to double-click the configuration file and the connection to RemoteApp and Desktop Connection is created.
RemoteApp and Desktop Connection connections are also created when a user logs on to RD Web Access and accesses RemoteApp programs, session-based remote desktops, or virtual desktops. To access RemoteApp and Desktop Connection, users would log on to RD Web Access using the following URL:
The <name> might be the FQDN of the RD Web Access server or some other known name that refers to that server or group of servers. Additionally, for centralized portal deployments, an RD Web Access web part can be added to a Windows SharePoint Services site.
Rand Morimoto has been in the computer industry for more than 30 years and has authored, co-authored, or been a contributing writer for a couple dozen books on Microsoft Windows, Security, Exchange email, BizTalk Server, and remote and mobile computing. Rand is the president of Convergent Computing, an IT consulting firm that has been one of the key early adopter program partners with Microsoft, implementing beta versions of Microsoft technologies 2-3 years before the product releases to the public. This provides Rand and the consultants in his company extensive knowledge on the technologies long before the products are generally available.
Besides speaking at more than 50 conferences and conventions around the world in the past year on tips, tricks, and best practices on planning, migrating, and implementing technologies, Rand is also head judge for the worldwide Imagine Cup competition, is a Board member for the Chabot Space and Science Center and planetarium, and a Regent for the Board of Saint Mary's College of California.
Rand's book Exchange Server 2010 Unleashed was selected as the November, 2009, book of the month book giveaway. Read a free sample chapter of this book,, hosted exclusively by Microsoft Subnet. Buy the book now from InformIT.
Rand's latest book, Microsoft System Center Enterprise Suite Unleashed has been selected as the April, 2010, Microsoft Subnet book giveaway. Read an excerpt of Microsoft System Center Enterprise Suite Unleashed.
Enter the monthly book giveaway contest. Entry form and details are on the Microsoft Subnet home page.