Terminal Services RemoteApp (remote applications). Installing and configuring remote applications “RemoteApp” and DIRECTUM Remote Application Server

RemoteApps technology is one of the features of the Terminal Services role in Windows Server 2008. Before the advent of RemoteApps, Terminal Services meant displaying everything virtual on the client side desktop remote server. This approach is quite convenient in a number of situations, however, if the user needs to create the effect that an application running on the terminal server was displayed on the client side of the terminal, creating the illusion of its local operation, this approach does not work. This is precisely the functionality provided by the functions RemoteApps, which we will talk about in this article.

Preparing the server for installing RemoteApps

Before using RemoteApps technology on Windows server Server 2008 requires certain conditions to be met. First of all, your server must have .

Secondly, all applications that are planned to be used using RemoteApps must be installed on the terminal so that they support simultaneous multi-user operation. You can read how to do this in the article.

And finally, if you plan to access applications through a browser using the TS Web Access role, you need to make the settings described in the article.

After completing the first two, and, if necessary, the third requirements, you can proceed to the RemoteApp configuration process.

What are RemoteApps?

RemoteApps are part of the Terminal Services role in Windows Server 2008. The purpose of Terminal Services is to provide client systems with access to the desktop and applications running on a terminal server. As the name suggests, remote access and to desktop means display Total server desktop on the screen local client. This approach allows the user to perform various tasks on the server, including running and interacting with applications on a remote host. The RemoteApps feature helps avoid giving a user access to the entire desktop of a remote system if he only needs one application. When each RemoteApp application is launched, it appears in a separate window on the client's desktop, exactly as if it were installed and running locally.

RemoteApps can be launched using a special link on the TS Web Access web page, or by installing special file on the client's computer.

Setting up an application as a RemoteApp

The RemoteApps setup process is carried out using the utility TS RemoteApp Manager. It can be launched from the menu Start -> All Programs -> Terminal Services -> TS Remote App Manager, or using equipment remoteprograms.msc. After launch, the manager interface will look something like this:


To configure the application as a RemoteApp, you must click the link Add RemoteApp Programs in the panel Actions located in the right top corner RemoteApp Manager screen. A wizard will appear on the screen RemoteApp containing a list of applications installed on the system. You need to check one or more applications and press Next.

Also with this wizard you can configure various properties for each application, these settings can be accessed using the button Properties. The RemoteApp settings window is shown below.

This dialog allows you to configure the following parameters:

• RemoteApps program name– the name of the program under which this application will be visible to the user.

• Location:- physical path to executable file applications.

• Alias- a unique identifier for a program or application; as a rule, the name of the executable file is used here without an extension.

• – controls access to the application RemoteApp via TS Web Access. Read more about TS Web Access in the post entitled.

• Command-Line Arguments command line) –sets the rules for how the application uses command line arguments.

• Change Icon–Allows you to set and change the application icon

After making any changes to the RemoteApp properties, click OK and thenNext. Once you've finished setting up your apps, they'll be listed in the list RemoteApp Programs as it shown on the picture:


After setting up RemoteApps, remote users can start using them. All that remains is to install a special package on the client’s PC Windows Installer or copy a pre-generated .rdp file to him, or provide him with access to TS Web Access. Each of these approaches will be discussed in detail in subsequent sections.

User access to RemoteApps via TS Web Access

By default, RemoteApps is available via TS Web Access. You can check this fact, as indicated above, using the RemoteApp properties window and the presence of a checked checkbox in it RemoteApp is available through TS Web Access. Naturally, this parameter can be changed at any time, for which you need to select the required application in the list of RemoteApp applications and go to its properties.

So, if your RemoteApps are configured to be accessed via TS Web Access, simply open a browser window and enter the webpage URL:

As a value Server1 , you can use the IP address or name of your terminal server. When the connection is established, the browser will ask for a username and password before displaying the page.

To launch an application, the user simply needs to click on its icon, after which the initial launch window will appear RemoteApp. Here you will need to select terminal connection settings, for example, which local client resources (for example, disks, devices, keyboard, mouse, printer, ports, etc.) should be available to the application running on the remote system. This can be useful, for example, if the user needs to print from a remote application to a local printer, or save files directly to local disk or USB flash drive:


Once the connection is established, the terminal application window will be displayed in a window on the local computer.

Accessing RemoteApps Using Windows Installer Packages

An alternative way to access RemoteApp applications is to use packages Windows installer, which must be deployed on those systems from which access to the terminal server is expected. To create Windows file Installer for RemoteApp, right-click on the selected application in the RemoteApp manager and select the command CreateWindowsInstallerPackage. In the wizard that appears, you must select the directory in which RemoteApp will be installed on the client. You can also use this wizard to redefine the port RDP protocol, which will be used by the client to access the RemoteApp server. And finally, here you can configure remote access protection using certificates.

After pressing the button Next You can specify whether the client should create desktop and Start menu shortcuts. And the last setting is setting the association with file extensions. As an example of file associations, for the Word application - files with the extension .doc, and for Excel - .xls. When setting up such an association of an application with the .doc extension, it will automatically launch through the associated RemoteApp Word application, in which this file will be opened. The specified mapping is controlled by the option parameters Takeoverfileextensions .

After creating the package, the file . msc will be located in the path that you specified when creating such a package (by default this is \ ProgramFiles\PackagedPrograms). This file can be copied to any client system where it is to be run. As a result of installation Windows package Installer RemoteApp can be found in the Start menu ( Start-> AllPrograms-> RemotePrograms).

In this case, just as when using TS Web Access, the user will be given the opportunity to specify which local resources such as disks, ports and printers should be available to the remote application.

Launching RemoteApps using .rdp files

Process creating RDP file for RemoteApp is completely similar to the process of creating a Windows Installer package. To create an RDP file for a RemoteApp, right-click on the selected RemoteApp in the TS RemoteApp manager and select the menu item Create.rdpFile. As a result, a wizard will open that will require you to specify the directory in which it will be created. . rdp file, it will also be possible to define it for the created RemoteApp, and it is also possible to protect the terminal session using a digital signature.

After completing the settings, click the Finish button, and as a result, a new . rdpfile. This file must be copied to any system from which you intend to use the RemoteApp application.

As with TS Web Access, the user can define which local resources can be accessed in the published terminal application.

Recently, a lot of clients want to use DIRECTUM through terminal servers. In this blog I will talk about new technology Microsoft, which is called RemoteApp.

RemoteApp is a technology that allows applications that can be accessed remotely through Remote Desktop Services to be presented as if they were running on the user's local computer. In other words, the user simply launches a shortcut on the desktop, and the application runs on the terminal server.

Stages of installing and configuring remote applications

• Configuring a Remote Desktop Session Host Server to Host RemoteApps;
• adding programs to the list of remote applications RemoteApp;
• creating an RDP file and creating a Windows Installer package.

Configuring a Remote Desktop Session Host Server to Host RemoteApps

There are installation prerequisites that you must complete before you can configure RemoteApp for use. The following sections discuss setting up the server to work with RemoteApps.

• install the Remote Desktop Session Host role service;
• installation of programs;
• checking parameters remote connection.

RemoteApp Manager is installed as part of the Remote Desktop Session Host role service.

This section describes how to install the Remote Desktop Session Host role service.

Note: After you install the Remote Desktop Session Host role service, you must restart your computer.

• processor: Quad 3.00 GHz;
• memory: 1000 MB for windows+ 350 MB for each session;

Install the Remote Desktop Session Host role service

1. On the computer on which you want to install the Remote Desktop Session Host role service, open Server Manager. To open Server Management, click Start, Administrative Tools, and then Server Management.

2. In the Role Summary group, select Add Roles.

3. On the Before you begin page of the Add Roles Wizard, click the button Further .

4.On the Select Server Roles page, select the Remote Desktop Services check box and click Further .

5. On the Remote Desktop Services page, click Further .

6. On the Select Role Services page, select the Remote Desktop Session Host check box, the Remote Desktop Licensing check box, the Remote Desktop Web Access check box, and then click Further .

7. On the Uninstall and reinstall applications to determine compatibility page, click Further .

8. On the Specify the authentication method for Remote Desktop Session Host page, select Don't require network level authentication, click the button Further .

9. On the Specify licensing mode page, select the desired mode, “Per User” mode is recommended, and click the button Further .

10. On the Select user groups that are allowed to access this Remote Desktop Session Host page, add the users or groups that you want to add to the Remote Desktop Users group, and then click Further .,

11. On the Customize User Experience page, select the desired user interface and click Further .

12. On the Configure discovery scope for remote desktop licensing page, click the button Further .

13. On the Web Server (IIS) page) click on the button Further .

14. On the Select Role Services page, click the button Further .

15. On the Confirm your selections page, ensure that the Remote Desktop Session Host role service is selected for installation, and then click Install .

16. The Installation Progress page will display the installation progress.

17. The Installation Results page will prompt you to restart the server to complete the installation process. Click Close and then Yes to restart the server.

18. After restarting the server and logging into the computer using the same user account, the installation will complete. When the Installation Results page appears, verify that the Remote Desktop Session Host server installation is complete

Installing programs

Applications should be installed on the remote server after installing the Remote Desktop Session Host role service. Applications are installed on the Remote Desktop Session Host server in the same way as they are installed on a local desktop. However, you should ensure that applications are installed for all users and that all required application components are installed locally on the Remote Desktop Session Host server.

In our case, we will install the DIRECTUM system And Microsoft Office.

Checking remote connection settings

By default, remote connections are enabled immediately after installing the Remote Desktop Session Host role service. You can use the following procedure to add users and groups that need to connect to the Remote Desktop Session Host server and check or change the remote connection settings.

The minimum requirement to complete this procedure is membership in the local Administrators group (or equivalent) on the Remote Desktop Session Host server.

To check your remote connection settings:

1. On the Remote Desktop Session Host server, run the System tool. To launch the System tool, click Start, click Run, type control system, and then click OK .
2. In the Tasks group, select Remote Desktop Settings.
3. In the System Properties dialog box, on the Remote tab, select one of the the following options, depending on the environment.

   3.1. Allow connections from computers running any version of Remote Desktop (less secure)

   3.2. Allow connections only from computers running Remote Desktop with network check authenticity (higher security)

3.3. For getting additional information about the two options on the Remote tab, click the Help me choose link.

4. To add the users and groups that you want to connect to the RD Session Host server using Remote Desktop, select Select Users, and then click Add. The added users and groups are added to the Remote Desktop Users group.

Adding programs to the list of remote applications RemoteApp

To make a program available to users remotely through the RemoteApp Manager, you must add it to the RemoteApp Applications list.

The minimum requirement to complete this procedure is membership in the local Administrators group (or equivalent) on the Remote Desktop Session Host server.

To add a program to the list of remote applications RemoteApp:

1. Open RemoteApp Manager on the Remote Desktop Session Host server. To do this, click the Start button, open Administrative Tools, then select Remote Desktop Services and RemoteApp Manager.

2. In the Actions pane, click Add remote applications RemoteApp.

3. On the Remote App Wizard page) press the button Further .

4. On the Select programs to add to the list of RemoteApp applications page, select the check boxes next to the programs that you want to add to the RemoteApp applications list. You can select several programs; in our situation, we choose DIRECTUM and Microsoft Office Application (Excel and Word). Click on the button Further .

5. On the RemoteApp Wizard page click on the button Ready .

Creating an RDP File and Creating a Windows Installer Package

CreationRPD file

Using the RemoteApp Wizard, you can create a Remote Desktop Protocol (RDP) file from any application in the RemoteApp Applications list.

The minimum requirement to complete this procedure is membership in the local Administrators group (or equivalent) on the Remote Desktop Session Host server that you want to configure.

To create an RDP file:

1. In the RemoteApp Applications list, select the program for which you want to create an RDP file. To select multiple programs, press and hold the key CTRL when choosing programs. In our situation, select “DIRECTUM System Explorer”.

3. In the Actions area for the program or selected programs, click Create RDP File.

4. On the Remote Application Wizard page, click Next.

5. On the Set package parameters page, do the following:

5.1.In the Enter a location to save packages field, accept the default location or click Browse to specify a new location to save the RDP file.

OK .

5.3. To digitally sign an RDP file, in the Certificate Settings area, click the button Change to select or change the certificate.

6. When finished, press the button Further .

7. On the View Settings page, click Ready .

Creating a Windows Installer Package( MSI)

You can use the RemoteApp Wizard to create an installer package Microsoft Windows(.msi) from any application in the RemoteApps list.

The minimum requirement to complete this procedure is membership in the local Administrators group (or equivalent) on the Remote Desktop Session Host server.

To create a Windows Installer package

1. Open RemoteApp Manager on the Remote Desktop Session Host server. To do this, click the Start button, open Administrative Tools, then select Remote Desktop Services and RemoteApp Manager.
2. In the RemoteApp Applications list, select the program for which you want to create a Windows Installer package. To select multiple programs, press and hold the CTRL key while selecting programs.
3. In the Actions area for the program or selected programs, click Create a Windows Installer package.
4. On the RemoteApp Wizard page, click Next.
5. On the Set Package Options page, do the following:

5.1. In the Enter a location to save the packages box, accept the default location, or click Browse to specify a new location to save the Windows Installer package.

5.2. Under Remote Desktop Session Host Server Settings, click Change to change the server name or Remote Desktop Protocol (RDP) port number. When finished, press the button OK .

5.3. In the Remote Desktop Gateway Settings area, click Change to change the current setting or set whether clients use the Remote Desktop Gateway server to connect to to the target server Remote Desktop Session Host through the firewall. When finished, press the buttonOK .

5.4. To digitally sign a file, in the Certificate Settings area, click the buttonChange to select or change the certificate. Select the required certificate and click the button OK .

6. When finished, press the button Further .

7. On the Configure Distribution Package page, complete the following steps:

7.1. In the Shortcut icons area, specify where the program shortcut will be located on client computers.

7.2. In the Handle client file extensions area, specify whether to this program handle client file name extensions.

If you map file name extensions on the client computer to RemoteApp, all file name extensions processed by the application on the Remote Desktop Session Host server will also be mapped to RemoteApp on the client computer. Note that users are not prompted to confirm that the RD Session Host server is processing file extensions for the application.

To see which file name extensions are associated with an application on the Remote Desktop Session Host server, click Start, click Control Panel, and then double-click Default Programs. Click the Associate File Type or Protocol to Program button to view file name extensions and the default programs associated with them.

8. Once the distribution package properties are configured, click Further .

9. On the View Settings page, click Ready .

After the wizard completes, the folder in which the Windows Installer package was saved will open in a new window. This way you can verify that a Windows Installer package (.msi) was created.

System testing DIRECTUM in RemoteApp mode

General information

In RemoteaApp mode, the DIRECTUM system operates in full mode, which means that all system components are available.

To connect to the DIRECTUM system in RemoteApp mode:

• run the Rds file, created and issued to the client by the server administrator;
• install on the client computer a *.msi package, also created and issued by the server administrator. In this case, a shortcut to the DIRECTUM system is created in the start menu, as if the system was installed on a local PC;
• via web access terminal service.

A full remote desktop session is not always necessary for users to work on a terminal server. Let’s say in your company users use only an application on the terminal server 1C: Enterprise 8.2. Here we can use technology RemoteApp, which appeared in Windows 2008.

RemoteApp are programs that can be accessed remotely through Terminal Services and run as if they were running on the user's local computer. Users can run programs RemoteApp along with their local programs. Users can minimize and maximize a program window, resize it, and easily run multiple programs at once. If the user is running more than one program RemoteApp on one terminal server, programs RemoteApp will be in the same Terminal Services session.

Setting up a RemoteApp application using an example 1C: Enterprise 8.2:

1. Open (Fig. 1):

2. In the manager, on the action panel on the right, select "Add RemoteApps"(Fig.2):

3. Opens. Click Further(Fig.3):

5. In the next window, click Ready(Fig.5):

6. We see what's in the window "RemoteApp Manager" Below, the 1C Enterprise application appears in the list of remote RemoteApp applications. Right-click on it -> "Create RDP file"(Fig.6):

7. Will open "Remote Application Wizard (RemoteApp)", click Further(Fig.7):

8. In the next window we set the parameters of our package. We can change the location where the RDP file is saved, change the server port, set the Terminal Services Gateway parameters and select a certificate. press Further(Fig.8):

9. In the next window, click Ready(Fig.9):

10. Copy our RDP file to the necessary users (we can change the location where the file is saved in step 8, by default - C:\Program Files\Packaged Programs. You can copy it manually or through a logon script in Group Policy. Open our RDP file (Fig. 10):

11. To launch the application, click To plug(check the box so that this question will not be repeated in the future) (Fig. 11):

12. Enter your credentials and click To plug. Remember that the user must have rights to connect to the Remote Desktop Service (Fig. 12).

annotation

Terminal Services RemoteApp™ (TS RemoteApp) is a technology that allows users to access remote applications through Terminal Services. Remote applications based on TS RemoteApp technology behave as if they were running on the user's local computer. Users can run these applications side by side with local ones. If a user runs multiple remote applications on the same terminal server, they all run in one common Terminal Services session. You can use Terminal Services Web Access (TS Web Access), a Terminal Services role, to allow users to access TS RemoteApp applications using a web browser.

On this page

Introduction

With Terminal Services, organizations can provide access to Microsoft® Windows® applications from almost anywhere in the world. Applications can be launched on almost any computing device. Windows Server® 2008 Beta 3 Terminal Services includes Terminal Services RemoteApp™ (TS RemoteApp) technology. To deploy TS RemoteApp applications, you can use several different methods, such as TS Web Access. Using Terminal Services Web Access, you can make TS RemoteApp applications available through a web page hosted on the Internet or intranet. TS Web Access technology is included in Windows Server 2008 Beta 3.

What are RemoteApps?

RemoteApps are applications that are accessed remotely through Terminal Services. These applications behave as if they were running on the end user's local computer. Now, when you run RemoteApp applications on the desktop of the client computer, the entire desktop of the remote terminal server is not displayed. RemoteApp applications are integrated with the client computer's desktop, and each runs in a separate, scalable window that has its own icon in the system tray. Users can run these applications side by side with local ones. If a user runs multiple remote applications on the same terminal server, they all run in one common Terminal Services session.

Depending on the deployment method for RemoteApp applications, Windows Server 2008 Beta 3 users can access these applications in several ways:

Double-click the .RDP (Remote Desktop Protocol) file that was created and distributed by your administrator.

On your desktop or Start menu, double-click the program icon that was created and distributed by your administrator as a Windows Installer package (.msi file).

Double-click the file with the extension associated with the TS RemoteApp application. The mapping can be done by an administrator using an MSI file.

Files with the .RDP and .MSI extensions contain all the parameters required to run the RemoteApp application. Once the TS RemoteApp running on the terminal server is opened on the local computer, the user can interact with it as if it were running locally.

Important

To run RemoteApp applications on the client computer, you must be using Remote Desktop Connection (RDC) version 6.0. RDC 6.0 is included with Windows Server 2008 and Windows Vista. To download RDC 6.0 for Microsoft Windows Server 2003 SP1 or Microsoft Windows XP SP2 installed, see the Microsoft Knowledge Base article.

Who is this manual for?

This guide is intended for the following categories of IT professionals:

For IT professionals planning and analyzing information infrastructure and evaluating TS RemoteApp technology.

For IT professionals involved in planning and developing information infrastructure in enterprises.

For IT professionals who deploy or administer terminal servers, line-of-business applications, or applications that can be more efficiently deployed using TS RemoteApp technology.

Main scenarios for using TS RemoteApp technology

TS RemoteApp technology is especially useful in the following cases:

Remote users. Users often need to work with applications from a remote location, for example, at home or on a business trip. If you want to provide users with access to RemoteApp applications over an Internet connection, you can use a Virtual Private Network (VPN) to do this, or deploy TS RemoteApp in conjunction with a Terminal Services Gateway (TS Gateway) to help provide secure access to applications .

Branches. Organizations may include remote branches with limited network bandwidth and limited IT support staff. Using TS RemoteApp technology, you can provide centralized management of your applications and improve the performance of remote applications in cases of limited network bandwidth.

Deployment of business applications. Organizations often need to run consistent business applications across computers with different configurations and versions. operating system Microsoft Windows. Instead of deploying these applications on each client computer, which can be time-consuming and costly, you can install the applications on a terminal server and access them using TS RemoteApp.

Deploying the application. TS RemoteApp technology eliminates the need for deployment and support different versions the same application for different computers. If employees need to use several different versions of an application, you can install them all on one or more terminal servers, and users can access them using TS RemoteApp.

Users working on multiple computers. In companies where employees do not have a permanent workplace, users can work for different computers. In some cases, an employee may find himself using a computer that does not have the applications he needs installed. Using TS RemoteApp technology, you can install applications on a terminal server, allowing employees to work with them as if the applications were installed locally.

Methods for Deploying RemoteApp Applications

Before you begin setting up TS RemoteApp, you must decide how you want to distribute RemoteApp applications to users. To do this, you can use any of the following methods:

Access RemoteApp applications on a Web site through Terminal Services Web Access (TS Web Access).

Distribute RemoteApp applications as RDP or MSI files through a network share or using other distribution mechanisms such as Microsoft Systems Management Server.

RemoteApp Deployment Components

About deploying RemoteApp applications via TS Web Access

Using TS Web Access, you can deploy RemoteApp applications from one or more terminal servers directly through TS Web Access (simple deployment mode), or publish RemoteApp applications to a Web site as Windows Installer packages through Group Distribution Policy software Active Directory® (deployment mode via Active Directory).

Simple Deployment Mode

In this mode, you can easily and quickly organize access via TS Web Access to applications located on one or more terminal servers, or provide full access to the terminal server desktop. Simple deployment mode is recommended for small organizations that have a single terminal server or a small farm of approximately five or fewer servers.

With a simple deployment, all configured RemoteApp applications located on one or more terminal servers will be available on the TS Web Access site. List available applications displayed on the TS Web Access website will be the same for all users.

To deploy applications in Easy mode, you must complete the following tasks.

Task
1 Setting up the RemoteApp application server. This task includes installing the terminal server, installing applications, and verifying remote connection settings.
2. Use of equipment TS RemoteApp Manager
3. Setting the role TS Web Access.
TS Web Access Computers on the terminal server.
5. Configure the TS Web Access server to populate its list of RemoteApp applications installed on one or more terminal servers.

Deployment mode via Active Directory

This deployment method is a more complex method in which you can use TS RemoteApp Manager in conjunction with an Active Directory software distribution policy to create MSI packages available through TS Web Access. Active Directory deployment mode is recommended if you have RemoteApp applications running on multiple terminal servers and want to make them available through a single TS Web Access site. This method is also recommended to be used in cases where you want to limit access to various applications for different users.

Note

If you are using Active Directory deployment mode, you will not be able to provide access to the entire terminal server desktop using TS Web Access.

To deploy applications through Active Directory, you must complete the following tasks.

Task
1. Setting up the RemoteApp application server. This task includes installing the terminal server, installing applications, and verifying remote connection settings.
2. Use of equipment TS RemoteApp Manager to add RemoteApp applications accessible through TS Web Access and to configure global deployment settings.
3. Setting the role TS Web Access.
4. Adding the TS Web Access server account to the security group TS Web Access Computers on the terminal server.
5. Create Windows Installer packages for RemoteApp applications and configure Active Directory Domain Services (AD DS) to distribute software through Group Policy.
6. Configure the TS Web Access server to populate its list of RemoteApp applications using Active Directory Domain Services (AD DS).

About deploying RemoteApp applications through a network share or other software distribution mechanism

You can also distribute RemoteApp applications through RDP or MSI files, making them available through a network share or another software distribution mechanism such as Microsoft Systems Management Server. These methods allow you to distribute RemoteApp applications without using TS Web Access.

Note

If you distribute RemoteApp applications via MSI packages, you can also configure RemoteApp applications located on a terminal server to process local client files. In this case, the user can double-click on the local file and it will be processed by its associated TS RemoteApp.

To prepare RemoteApp applications for deployment through a network share or other distribution mechanism, you must complete the following tasks.

After creating RDP or MSI files, you can distribute them to users.

Setting up a RemoteApp application server

Before you can distribute RemoteApp applications to users, you must configure the server on which they will run. This task consists of the following steps:

Note

This guide describes the steps that you perform in an environment with a single terminal server acting as a RemoteApp application server.

You must be a member of the group to complete these procedures. Administrators on the terminal server.

Installing the Terminal Server role

To configure the server as a terminal server, follow these steps:

Installing applications on a terminal server

We recommend that you install applications on the server only after you have installed the Terminal Server role on it. In this case, when you install an application from a Windows Installer package, it will automatically install in Terminal Server Install mode. When using other types of installation packages other than MSI packages, use one of the following methods to install the application using Terminal Server installation mode:

Use the tool to install the application Install Application on Terminal Server in the control panel.

Before installing the application, run the command on the command line change user /install. Once installation is complete, run the command change user /execute to exit installation mode.

If you have applications that are interconnected or dependent on each other, we recommend that you install these applications on the same terminal server. For example, it is recommended to install all Microsoft package Office as a whole, rather than installing individual Office applications on different terminal servers.

Hosting separate applications on different terminal servers is advisable in the following cases:

The application has compatibility issues and may cause instability in other programs.

A single application and the number of users running it can place too much load on the server.

Checking remote connection settings

By default, remote connections are allowed after the Terminal Server role is installed. You can use the following procedures to add users and groups that need to connect to the terminal server, and to check or change remote connection settings.

To check your remote connection settings, follow these steps:

Open the tool System control panels. For this purpose in start menu select team Run, in the text field Open dial control system and press the button OK. In the dialog box System Properties go to the tab Remote and depending on the environment used in your organization, select one of the following values: Allow connections from computers running any version of Remote Desktop (less secure) This value is selected by default. Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) For getting additional information about these values ​​click the link Help me choose. To add users and groups that need to connect to the terminal server using Remote Desktop, click Select Users. The users and groups you specified will be added to the group Remote Desktop Users. Note Members of the local Administrators group can connect to the remote desktop even if they are not listed. After completing all actions, click the button OK to close the dialog box System Properties.

Add RemoteApp Applications and Configure Global Deployment Settings

After completing the process of preparing the terminal server that will act as the RemoteApp application server, you can use the snap-in TS RemoteApp Manager to do the following:

Using a snap TS RemoteApp Manager You can also remove and change RemoteApp applications and their settings, import them from another terminal server, or vice versa, export them to another server. For more information, please refer to the " " section of this document.

Adding applications to the "RemoteApps" list

In order for the RemoteApp application to be available to users through any software distribution mechanism, you must add it to the list of applications RemoteApps. By default, all applications that you add to this list become available to users through TS Web Access.

To add an application to the "RemoteApps" list, follow these steps:

The display name of the application. To change the name, enter its new value in the field RemoteApp name. Path to the application executable file. To change the path, enter its new value in the field Location or specify the executable file manually by clicking the button Browse. Note The path to the executable file may contain system environment variables. For example, you can replace the absolute path to the system Windows folder(for example, C:\Windows) system variable %windir%. You cannot use user environment variables. The RemoteApp application alias. An alias is a unique identifier for an application. By default, the alias is the application file name (without extension). We recommend that you do not change this setting. Availability of the RemoteApp application via TS Web Access. By default, the application is available. To change this setting, select or clear the checkbox RemoteApp is available through TS Web Access. Ability to use command line parameters. An application may or may not allow command line arguments, or the arguments may be strictly fixed. Application icon. To change the application icon, click the button Change Icon. When you've finished configuring the application settings, click Next. On the page Review Settings make sure that all parameters are set correctly and click the button Finish. The applications you selected should appear in the list RemoteApps.

Configuring Global Deployment Options

You can configure global deployment settings that apply to all RemoteApp applications listed RemoteApps. These settings will apply to all applications that you make available through TS Web Access. In addition, these settings will be used by default when creating RDP or MSI files from applications listed RemoteApps.

Note

Any changes made when creating RDP or MSI files using the snap-in TS RemoteApp Manager, will replace the global parameters.

The process of configuring global deployment settings consists of the following steps:

To determine how users connect to one or more terminal servers to run RemoteApp applications, you can configure the terminal server settings.

To configure terminal server settings, follow these steps:

To provide full access to the terminal server desktop through TS Web Access, select the checkbox Make a remote desktop connection to this terminal server available in TS Web Access In chapter Desktop access. In chapter Access to unlisted programs set the switch to one of the positions: Block remote users from starting unlisted programs. Remote users will only be able to start RemoteApps that you list. (Recommended) To protect against intruders, as well as random launch applications when connecting using their corresponding RDP files, we recommend selecting this option. This setting allows you to prevent users from launching applications that are not listed in the application list RemoteApps. Important This setting does not prevent unlisted applications from being launched remotely if the user is already connected to the terminal server using the RemoteApp application. For example, if the program Microsoft Word listed RemoteApps, and the Microsoft program Internet Explorer– no, then by starting a remote Word session and clicking the hyperlink in Word document, the user can launch Internet Explorer. Allow users to start both listed and unlisted programs This option allows users to run any application, both listed and not listed in the application list RemoteApps. Attention If you select this option, users can run any application remotely by connecting using their corresponding RDP files. These apps may not be listed RemoteApps. To protect against intruders, as well as against accidental launch of applications when connecting using their corresponding RDP files, we do not recommend selecting this option. When finished, press the button OK.

Configuring TS Gateway parameters

To allow or block users from connecting to a terminal server through a firewall using the TS Gateway server, you can configure the TS Gateway deployment settings. For more information about TS Gateway, please refer to the article (EN).

To configure TS Gateway parameters, follow these steps:

Configure digital signature settings (optional)

You can use a digital signature to sign RDP files that make connections through TS Web Access to RemoteApp applications located on a terminal server, as well as connections to the terminal server desktop.

If you use a digital certificate, the cryptographic signature contained in the connection file provides verifiable information about whether you are the issuer of the certificate. This allows clients to identify your organization as the source of the RemoteApp application or the host of the Remote Desktop, based on which they can make decisions about remote connectivity. This feature helps protect against spoofing RDP files by attackers.

In the operating room Windows system Server 2008 Beta 3 You can sign RDP files used for RemoteApp connections with a server authentication certificate (SSL certificate) or with a code signing certificate.

If you are already using an SSL certificate for Terminal Server or TS Gateway connections, you can use the same certificate to sign RDP files. However, if the user will be connecting to RemoteApp applications from a public or home computer You must use a certificate that meets one of the following requirements:

A certificate issued by a public certificate authority (CA) that participates in the Microsoft Root Certificate Program Members (http://go.microsoft.com/fwlink/?LinkID=59547).

If you are using an enterprise CA, the certificate it issues must also be signed by a public CA that participates in the Microsoft Root Certificate Program Members

To configure the use of a digital certificate, follow these steps:

In the snap TS RemoteApp Manager click link Digital Signature Settings in the area of ​​action Actions or link Change next to the inscription Digital Signature Settings in the panel Overview. Check the box Sign with a digital certificate. In the window Digital certificate details click the button Change. In the dialog box Select Certificate select the certificate you want to use and click the button OK. Note In Windows Server 2008 Beta 3, the dialog box Select Certificate contains certificates located in the certificate store local computer. The certificate you want to use to sign RDP files must be placed in this store.

Group Policy settings that control how a client computer behaves when it opens a signed RDP file

You can use Group Policy to configure client computers so that RemoteApp applications from a specific publisher are always trusted. You can also block the launch unknown applications RemoteApp and remote desktop connections from external or unknown sources. By using these Group Policy settings, you will reduce the number of situations that require users to make decisions, thereby making their work easier. In addition, you will reduce the likelihood of unintentional user actions that potentially compromise system security.

The relevant Group Policy settings are located in the Group Policy Object Editor node (as in Computer configuration, and in the section User Configuration) Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection Client.

The following important options are available:

Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

This parameter allows you to specify a list of SHA1 fingerprints (Secure Hash Algorithm 1) of certificates of trusted RDP file issuers. If this policy is enabled, any certificate whose SHA1 fingerprint matches the thumbprint presented in this list will be trusted.

Allow .rdp files from valid publishers and user’s default .rdp settings

This setting allows you to allow or prevent users from running RDP files that are signed with a valid certificate from the issuer from which they were received. This setting also controls the ability to connect to Remote Desktop using default settings (for example, when the user directly launches the Remote Desktop Connection program without specifying any RDP file).

Allow .rdp files from unknown publishers

This setting allows you to allow or block the execution of unsigned RDP files and RDP files received from unknown publishers on client computers.

Important

For a client computer to use these Group Policy settings, it must have Remote Desktop Connection version 6.1 (RDC 6.1) installed.

For more information about these settings, see their descriptions in the Group Policy Object Editor.

Customize Remote Desktop Protocol (optional)

You can configure your own Remote Desktop Protocol (RDP) settings for RemoteApp connections, such as device and resource redirection. These settings will apply when users connect to RemoteApp applications through TS Web Access, or when creating MSI or RDP files from an existing RemoteApp application.

To configure your own RDP protocol settings, follow these steps:

Manage applications and RemoteApp settings

Using a snap TS RemoteApp Manager You can make changes to the settings of existing RemoteApp applications or remove applications from the list. You can also export or import a list RemoteApps and global deployment settings and transfer them between different terminal servers.

Changing or deleting RemoteApp applications

After adding an application to the list RemoteApps You can change deployment settings for all RemoteApp applications, change the properties of individual RemoteApp applications, or remove them from the list.

To change deployment settings for all RemoteApp applications, in the snap-in TS RemoteApp Manager click link Terminal Server Settings, TS Gateway Settings or Digital Signature Settings in the area of ​​action Actions or link Change next to the corresponding inscription in the panel Overview(in this panel you can also change custom RDP protocol settings). Any changes made do not affect existing MSI or RDP files created in the snap-in TS RemoteApp Manager.

To change the properties of an individual RemoteApp application, select it from the list RemoteApps and click the link Properties in the area of ​​action Actions.

Note

Using a snap TS RemoteApp Manager You cannot change the properties of MSI or RDP files. Instead you should click the link Create RDP File or Create Windows Installer Package in the area of ​​action Actions to create an MSI or RDP file with specified properties.

To make an application available through TS Web Access or vice versa - hide it, select it in the list and click the link Show in TS Web Access or Hide in TS Web Access in the area of ​​action Actions.

Note

If you change the RemoteApp application state from Show in TS Web Access on Hide in TS Web Access, and the application was deployed via Active Directory as an MSI package, the application will be hidden. However, if you change the application state from Hide in TS Web Access on Show in TS Web Access, it will not be available through TS Web Access until you re-create the MSI package.

To remove an application from the list RemoteApps, select this application and click the link Remove in the area of ​​action Actions. Click the button Yes to confirm deletion. When you remove an application from the list RemoteApps, any MSI or RDP files created from this application are not deleted.

Important

If you are using TS Web Access in Active Directory mode and change RemoteApp settings, you must manually update the TS Web Access server cache for the changes to take effect immediately. To do this, log into the TS Web Access website using an account that is part of the local group Administrators or to a group on the TS Web Access server, click the button Configuration, make sure the checkbox is checked Refresh the Web Part, and press the button Apply. For more information, please refer to the " " section of this document.

Exporting and importing RemoteApp applications and settings

You can copy the list RemoteApps and deployment options from one terminal server to another. You may need this when setting up several identical terminal servers that act as RemoteApp application servers, for example, when setting up a terminal server farm.

To export the RemoteApps list and deployment settings, follow these steps:

To import the RemoteApps list and deployment settings, follow these steps:

Open the snap TS RemoteApp Manager. Set the switch to one of the following positions: Import the RemoteApps list and settings from another terminal server If you select this option, enter in the field Terminal server name name of the terminal server from which you want to import settings, and click OK. The settings will be imported directly into the snap-in TS RemoteApp Manager. Import the RemoteApps list and settings from a file If you select this option, simply click the button OK. In the dialog box Open select the imported .tspub file and click the button Open.

If you are importing a configuration and any application is not installed on the target terminal server (not listed in RemoteApps) or installed in another folder, it will appear in the list RemoteApps, but the application name will appear crossed out.

Note

You can import or export only the list RemoteApps and deployment options. Any MSI or RDP files created from RemoteApp applications will not be exported or imported. You must create new MSI or RDP files on each terminal server unless it is part of a terminal server farm. If you specified the name of a terminal server farm when creating MSI or RDP files, and the server to which you want to copy these files is part of the same farm, then you can copy the MSI or RDP files manually.

Deploying RemoteApp Applications

The following section provides instructions for deploying RemoteApp applications to users through TS Web Access, through file shares, and through other distribution mechanisms.

Deploying RemoteApp Applications via TS Web Access

With Terminal Services Web Access (TS Web Access), users can access RemoteApp applications through a Web site that can be located either on the Internet or on an intranet. To launch the RemoteApp application, users simply click on its icon. TS Web Access is a low configuration solution. The TS Web Access source page includes a custom web part that can be inserted into a custom web page.

To use TS Web Access to deploy RemoteApp applications, you must complete the following steps:

Install the TS Web Access role.

Add accounts to a security group TS Web Access Computers.

Configure the list of RemoteApp applications to be updated on the TS Web Access website from a terminal server or by using Active Directory Domain Services (AD DS).

If you are upgrading a Web site using AD DS, you must create MSI packages from RemoteApp applications and distribute them using Group Policy mechanisms.

Installing the “TS Web Access” role

You must install the TS Web Access role on the server that will be used to connect users to RemoteApp applications through the web interface. When you install the TS Web Access role, Microsoft Internet Information Services (IIS) 7.0 is also installed.

A server with the TS Web Access role installed acts as a web server and does not need to be a terminal server.

Note

When you install TS Web Access, the service's Web site is installed as the default Internet Information Services Web site. The Remote Desktop Web Connection application Web site is also installed in the default location. For more information, see About the Remote Desktop Web Connection. You can change the installation locations of these websites by editing the system registry. You must do this before you install the TS Web Access role on the server. For more information, please refer to the " " section of this document.

Administrators.

To install the TS Web Access role, follow these steps:

Open the snap Server Manager. To do this in the menu Start expand the menu Administrative Tools and click the icon Server Manager. If the role is already installed on the server Terminal Services A. In chapter Roles Summary click link Terminal Services. b. In chapter Role Services click link Add Role Services. V. On the page Select Role Services check the box TS Web Access. If the role is not installed on the server Terminal Services, follow these steps: A. In chapter Roles Summary click link Add Roles. b. On the page Before You Begin click the button Next. V. On the page Select Server Roles check the box Terminal Services and press the button Next. d. Read the information on the page Terminal Services and press the button Next. d. On the page Select Role Services check the box TS Web Access. Review the required additional roles and click the button Add Required Role Services. Click the button Next. Read the information on the page Web Server (IIS) and press the button Next. On the page Select Role Services where you are prompted to select IIS web server roles, click Next. On the page, click the button Install. Wait for the successful installation message on the page Installation Results and press the button Close.

Adding accounts to the “TS Web Access Computers” security group

If the TS Web Access server and the terminal server acting as RemoteApp application servers are separate computers, you must add account TS Web Access server to the security group TS Web Access Computers on the terminal server.

To add the TS Web Access server account to the “TS Web Access Computers” security group, follow these steps:

On the terminal server in the menu Start expand the menu Administrative Tools and click the icon Computer Management. In the left pane, expand the node Local Users and Groups and select a folder Groups. In the right pane, double-click on the group TS Web Access Computers. In the dialog box, click Add. In the dialog box, click Object Types. In the dialog box Object Types check the box Computers and press the button OK. In the window Enter the object names to select enter the name of the computer that is the TS Web Access server and click the button OK. Click the button OK to close the window TS Web Access Computers Properties.

Setting up a data source for TS Web Access

You can configure TS Web Access to receive a list of RemoteApp applications that will be displayed in the web part from one of the following sources:

For more information on the differences between the two modes above, please refer to the “ ” section presented earlier in this document.

Retrieving TS Web Access data from a separate terminal server (simple mode)

By default, TS Web Access updates its list of RemoteApp applications from a separate terminal server, and places a link to the local server. When a single server is specified as the data source, the web part gets a list of all RemoteApp applications available to TS Web Access and placed in the list RemoteApps terminal servers.

The minimum requirement to complete the following procedure is local group membership Administrators or in a local group TS Web Access Administrators.

To specify a specific terminal server as the data source, follow these steps:

Start expand the menu Administrative Tools, then menu Terminal Services and click the icon TS Web Access Administration. server_name http:// server_name/ts Administrators or local group TS Web Access Administrators Configuration. In the dialog box Editor Zone set the switch Populate the Web Part from to position A single terminal server. In field Terminal server name enter the name of the terminal server that you want to use as the data source. Refresh the Web Part. Click the button Apply

Retrieving TS Web Access data through Group Policy (deployment mode via Active Directory)

To provide access to RemoteApp applications through TS Web Access using AD DS as the data source, follow these steps:

Configure access to RemoteApp applications through TS Web Access using Group Policy.

Configure TS Web Access to receive a list of RemoteApp applications from AD DS.

Step 1. Configure access to RemoteApp applications via TS Web Access using Group Policy

If you want to use AD DS as a data source to update the TS Web Access Web Part, you must configure access to RemoteApp applications through TS Web Access using the Software Distribution Group Policy. To do this, follow the steps below.

Note

To perform the following actions, you must be logged in with an account that is part of a group Admins, Enterprise Admins or Group Policy Creator Owners, or you must be delegated appropriate authority to manage group policy.

Setting up access to RemoteApp applications using Group Policy

To open a node Software installation In the Windows Server 2003-based domain controller GPO, expand the nodes one by one User Configuration,Software Settings, and click the policy group Software installation. For more information about distributing software by using Group Policy in a Windows Server 2003 domain, see the Microsoft Knowledge Base article Using Group Policy to Install Software Remotely in Windows Server 2003. To manage Group Policy on a domain controller running Windows Server 2008, you must first add the snap-in Group Policy Management Console (GPMC). To do this, run the snap-in Server Manager and in the section Feature Summary click link Add Features. On the page Select Features check the box Group Policy Management and follow further instructions to complete the installation. If you are using the Group Policy Management Console GPMC, follow these steps to add a package: A. To launch the console GPMC open the menu Start, expand the menu Administrative Tools and click the icon Group Policy Management. b. In the left pane, find and select the GPO you want to change. V. Go to the tab Settings. d. Right-click on the node User Configuration Edit. d. In the section User Configuration open the knot Software Settings. e. Right-click on the node Software installation and in the menu New select item Package. and. In field File name specify the UNC path to the Windows Installer package you need, for example, \\ file_server\share_name\file_name.rap.msi. Click the button Open. h. In the dialog box Deploy Software set the switch to position Published and press the button OK. Make sure that the computer account on which the TS Web Access server is running has permission to read the RemoteApp applications that you make available using rap.msi packages. To do this, make sure that the Software Distribution Group Policy settings are also applied to this computer. If you applied a GPO at the domain level and did not use security filtering to limit the scope of the GPO, then the computer running the TS Web Access server automatically has read permission. If you applied the GPO at the domain level and used security filtering, or if you applied the GPO to an Organizational Unit (OU) containing both the TS Web Access server account and the user accounts to which you want to apply policy settings, you must add the TS Web Access server account to the list of users and groups on the tab SecuritySecurity Filtering on the tab Scope GPMCReadApply Group Policy GPMC. If you have applied a GPO to the organizational unit that contains the user accounts to which you want to apply the policy settings, and the TS Web Access server account is in a different organizational unit, you must link the GPO to the organizational unit containing the TS server account Web Access. In addition, you must add the TS Web Access server account to the list of users and groups on the Security that appears when viewing the properties of a GPU object (in Windows Server 2003), or in the list Security Filtering on the tab Scope, if you are viewing the GP object in the console GPMC. When adding a computer account, make sure it has read permissions ( Read), as well as to apply Group Policy ( Apply Group Policy). These permissions are automatically added when you use the console GPMC. Note Before you can add a TS Web Access server account to the list of users and groups on the tab Security that appears when viewing the properties of a GPU object (in Windows Server 2003), or in the list Security Filtering on the tab Scope(if you view the GP object in the console GPMC), you must press the button Add, in the dialog box Select Users, Computers, or Groups press the button Object Types, check the box Computers and press the button OK.

Step 2: Assign Active Directory Domain Services as the TS Web Access data source

When Active Directory Domain Services acts as a data source, the TS Web Access web part receives a list of RemoteApp MSI packages published to users through Software Distribution Group Policy.

Note

When you create Windows Installer packages from RemoteApp applications accessible through TS Web Access, MSI packages automatically receive the .rap.msi extension.

The minimum requirement to complete the following procedure is local group membership Administrators or in a local group TS Web Access Administrators.

To assign AD DS as a data source for TS Web Access, follow these steps:

Connect to the TS Web Access website. To do this, use one of the following methods: On the TS Web Access server in the menu Start expand the menu Administrative Tools, menu Terminal Services and click the icon TS Web Access Administration. Connect to the TS Web Access Web site using Internet Explorer. By default, the website is located at the following address (where server_name– TS Web Access server name): http:// server_name/ts Log in to the website using an account that is a member of the local group Administrators or local group TS Web Access Administrators(If you are logged in under one of these accounts, you will not be prompted to enter your credentials.) In the window title, click the button Configuration. In the dialog box Editor Zone set the switch Populate the Web Part from to position A single terminal server. For changes to take effect immediately, make sure the checkbox is checked. Refresh the Web Part. Click the button Apply to apply your changes.

To check the operation of TS Web Access, refer to the “ ” section of this document.

Important

If Active Directory Domain Services acts as a data source and you want to test TS Web Access with local server TS Web Access (or by remotely connecting to its desktop), you must disable Protected Mode for the Local Intranet zone in Internet Explorer's Internet Properties.

To disable Internet Explorer Protected Mode, follow these steps:

Connecting to TS Web Access

By default, the TS Web Access website is located at the following address (where server_name– NetBIOS name or fully qualified domain name (FQDN) of the computer running the TS Web Access server):

http:// server_name/ts

If you are connecting to the TS Web Access website from a public computer, for example, from a computer in an Internet cafe, you should uncheck the I am using a private computer that complies with my organization’s security policy, which appears in the lower right corner of the web part. In mode public access You are not given the opportunity to save your credentials.

Client computer configuration requirements

To connect to TS Web Access, one of the following operating systems must be installed on the client computer:

Windows Server 2008

Windows Server 2003 SP1

• Windows XP with SP2

In addition, the client computer must be configured as follows:

The computer must have Remote Desktop Connection (RDC) version 6.0 installed. If you have an earlier version of this program installed, you will be prompted to update when you connect to the TS Web Access website.

The Terminal Services ActiveX Client control must be enabled (this ActiveX control is included with RDC 6.0).

If your computer is running Windows Server 2003 or Windows XP and you are prompted to run the Terminal Services ActiveX Client control, click on the message bar, select Run ActiveX Control and press the button Run. After this, refresh the page in your browser.

If your computer is running Windows Server 2008 or Windows Vista and you see a warning in the information pane of Internet Explorer, hover your mouse over the message Add-on Disabled and select a team Run ActiveX Control. You may then receive a security warning. Make sure that the publisher of the ActiveX control is "Microsoft Corporation" and then click Run.

Note

If the Internet Explorer information pane does not appear, you can enable the Terminal Services ActiveX control by using the tool Manage Add-ons on the menu Tools.

The TS Web Access server must be added to the Trusted Sites zone or Local Intranet zone in Internet Explorer. To do this, follow the steps below.

Note

If you have Windows Server 2003 installed on your computer, when you visit the TS Web Access Web site, you may be automatically prompted to add the TS Web Access server URL to your Trusted Sites zone. To do this, click the button Add, make sure that the checkbox is cleared (if the node does not require server verification), press the buttons in sequence Add And Close. To manually add a site to the Trusted Sites zone or Local Intranet zone, use the following procedure.

To add a Web site to your Trusted Sites zone or Local Intranet zone using the Internet Options menu, follow these steps:

Launch Internet Explorer. On the menu Tools select item Internet Options. Go to the tab Security. If the TS Web Access server is connected to an intranet, select the Local intranet. IN otherwise select icon Trusted sites. Click the button Sites. Depending on the selected zone, do one of the following: If you are adding a site to a local intranet zone, click Advanced. In field server_name) and press the button AddRequire server verification (https:) for all sites in this zoneClose OK). If you are adding a site to the trusted sites zone, in the Add this website to the zone enter the web server URL (for example, http:// server_name) and press the button Add. If the node does not require server verification, clear the checkbox Require server verification (https:) for all sites in this zone. To apply the changes, click the button Close(in Windows XP, click OK).

Deploying RemoteApp applications through file shares and other distribution mechanisms

You can deploy RemoteApp applications by creating MSI or RDP files and placing them on a file share, or use other distribution mechanisms. Using a snap TS RemoteApp Manager You can create MSI or RDP files from the RemoteApp applications listed RemoteApps.

Creating an RDP file from a RemoteApp application

With the help of a wizard RemoteApp Wizard You can create an RDP file from any application listed RemoteApps.

To create an RDP file, follow these steps:

If any of the client computers are running Windows Server 2003 SP1 or Windows XP SP2, you must configure the terminal server to use an SSL certificate (you cannot use a self-signed certificate). If the RemoteApp application is intended for use on your intranet and all client computers are running Windows Server 2008 or Windows Vista, you do not need to configure the terminal server to use an SSL certificate. In this case, network layer authentication is used. When finished, press the button OK. Click the button Change In chapter TS Gateway settings Step-by-step guide to TS Gateway (EN). Follow these steps: In field Server name enter the name of the TS Gateway server to which you want to connect. Important Name entered in the field Server Name In the dropdown list Logon method When finished, press the button OK. Click the button Change In chapter Certificate SettingsOK. When finished, press the button Next. On the page Review Settings click the button Finish. When the wizard finishes, the folder containing the saved RDP file will open in a new window. This will allow you to verify that the RDP file was successfully created.

Creating a Windows Installer package from a RemoteApp application

With the help of a wizard RemoteApp Wizard You can create a Windows Installer package (MSI file) from any application listed RemoteApps.

To create an MSI file, follow these steps:

If any of the client computers are running Windows Server 2003 SP1 or Windows XP SP2, you must configure the terminal server to use an SSL certificate (you cannot use a self-signed certificate). If the RemoteApp application is intended for use on your intranet and all client computers are running Windows Server 2008 or Windows Vista, you do not need to configure the terminal server to use an SSL certificate. In this case, network layer authentication is used. When finished, press the button OK. Click the button Change In chapter TS Gateway settings, if you want to change the settings for using the TS Gateway server when connecting to the terminal server through a firewall. For more information about TS Gateway, please refer to the TS Gateway Step-by-Step Guide article. If you set the switch to position Use these TS Gateway server settings, follow these steps: In field Server name enter the name of the TS Gateway server to which you want to connect. Important Name entered in the field Server Name, must match the name specified for the TS Gateway server in the SSL certificate. In the dropdown list Logon method select the authentication method for connections to the TS Gateway server. If you want the same user credentials to be used to connect to the TS Gateway server and the terminal server, check the box Use the same user credentials for TS Gateway and terminal server. However, users may receive two prompts to enter their credentials. This can happen if, for example, your Group Policy settings contain broken credentials that override the credentials you specified, or if you connect using default credentials that also don't work. If you want client computers to automatically determine the need to use the TS Gateway server when connecting, check the box Bypass TS Gateway server for local addresses(this improves client performance). To always use the TS Gateway server for client connections, clear this check box. When finished, press the button OK. Click the button Change In chapter Certificate Settings if you want to select or change the certificate used to digitally sign files. Select the required certificate and click the button OK. When finished, press the button Next. On the page Configure Distribution Package specify the folder in which the application shortcut will be placed on client computers. You can also configure the handling of local file extensions using RemoteApp applications. When checking the box Associate client file extensions for this program with the RemoteApp You need to consider the following: If you designate a RemoteApp application as a local file extension handler, any extensions that the application processes on the terminal server will also be processed by it on the client computer. For example, if you configure Microsoft Word as a RemoteApp application and enable it to handle client extensions, then all file extensions on the client computer that are mapped to the local Word program, will be processed by the remote Microsoft Word application. This means that any application installed locally on the client computer will no longer be able to process files with extensions such as .doc and .dot. To view file extensions that are processed by applications located on the terminal server, in the menu Start open control panel Control Panel and double click the icon Default Programs. Click the link Associate a file type or protocol with a program to view file types and their assigned handlers. In Windows Server 2008 Beta 3, users are not prompted to process files by using applications located on the terminal server. Do not install MSI packages created with the option to handle local extensions enabled on a terminal server. If you do this, there is a possibility that client computers using the MSI file will not be able to run the corresponding RemoteApp application. When you have finished setting the properties of the MSI package, click Next. On the page Review Settings click the button Finish. When the wizard finishes, the folder containing the saved MSI file will open in a new window. This will allow you to verify that the MSI file was successfully created. Note If you are creating an MSI package from a RemoteApp application accessible through TS Web Access, the MSI package is created with the extension .rap.msi (to view the file extension, select Folder Options on the menu Tools Windows Explorer, go to the View, uncheck Hide extensions for known file types and press the button OK). The Windows Installer package must have a .rap.msi extension if you want to make the application available through TS Web Access using Software Distribution Group Policy. If you are creating an MSI package for a RemoteApp application that is not available through TS Web Access, the package is created with the .rdp.msi extension. In both cases, the MSI package contains an RDP file that will be installed on the end user's client computer.

Organizing access to RemoteApp applications over the Internet

Using TS RemoteApp together with TS Gateway, you can organize user access to individual applications terminal server over the Internet without the need to create a connection to a virtual private network(providing access to RemoteApp applications using VPN is an alternative to deploying TS Gateway). Depending on the access method chosen, remote users can connect to RemoteApp applications by launching an RDP file, clicking the MSI package shortcut located on the desktop or in start menu, or by visiting the TS Web Access web page.

To organize access to RemoteApp applications over the Internet using TS Gateway, follow these steps:

Make sure the following conditions are met:

The terminal server already has RemoteApp applications deployed.

If you want to provide access to RemoteApp applications over the Internet using TS Web Access, a TS Web Access server must be deployed on your intranet.

Follow the instructions provided in the TS Gateway step-by-step guide to deploy and configure TS Gateway. During this process, you need to complete the following mandatory steps:

A. Create a Terminal Services Connection Authorization Policy (TS CAP) to define the list of user groups that are allowed to connect to terminal servers that are RemoteApp application servers. For more information please refer to the relevant section step by step guide by TS Gateway.

After creating the TS RAP policy, you must add the user groups defined in the TS CAP policy. In addition, you need to create new group computers, managed by TS Gateway and containing both the NetBIOS and Fully Qualified Domain Name (FQDN) names of all terminal servers that are RemoteApp application servers.

Note

If you are using a terminal server farm, specify the name of the farm, not the names of its individual members.

For more information please refer to the section Create a TS RAP and specify computers that users can connect to through the TS Gateway server step-by-step guide to TS Gateway.

Configure TS Gateway settings in the snap-in TS RemoteApp Manager. You can configure global deployment settings, or configure settings when creating MSI or RDP files. At the same time, make sure that you have specified the FQDN name of the TS Gateway server.

When you configure global deployment settings, all changes are immediately reflected on TS Web Access Web sites that were deployed in Simple mode (for these changes to take effect for TS Web Access Web sites deployed in Active Directory mode, you must manually update those Web sites -nodes).

Note

The new settings will not affect existing MSI and RDP files. You must create new files with the required parameters and distribute them to users.

To provide Internet access to RemoteApp applications via TS Web Access, you need to perform the following steps:

A. If you are using simple deployment mode, in which TS Web Access obtains the list of RemoteApp applications from a separate terminal server or from a separate server farm, make sure that when you configure TS Web Access you specify the name of the terminal server or farm in the field Terminal Server name.

b. Configure your firewall and check your authentication settings. For more information, please refer to the " " section of this document.

Setting up the TS Web Access server to provide access via the Internet

To allow Internet users to access the TS Web Access server through TS Gateway, it is recommended to use a configuration in which the TS Web Access server and TS Gateway server are located in the perimeter network, and the terminal servers that act as RemoteApp application servers are located behind an internal firewall.

You can also use an alternative configuration in which the TS Web Access server is deployed on the internal network and access to the TS Web Access Web site is provided using Microsoft Internet Security and Acceleration (ISA) Server. For more information about Web publishing using ISA Server 2006, see Publishing Concepts in ISA Server 2006.

If you are deploying TS Web Access on a perimeter network, you must configure the firewall to allow the following types of traffic between the TS Web Access server and the internal network:

Traffic Toolkit Windows management (Windows Management Instrumentation, WMI) from the TS Web Access server to the terminal server.

If the source of this TS Web Access is AD DS, you must allow LDAP traffic that communicates with these services.

If TS Web Access was deployed in Active Directory mode, you must allow SMB (Server Message Block) traffic from the TS Web Access server to the file share where the MSI packages are located.

In addition to this, the TS Web Access site must be configured to use validation Windows authenticity. Usage this method allowed for TS Web Access sites by default.

If you host the TS Web Access Web Part on a custom Web site, you must ensure that the authentication method used for that site can work with Windows user credentials. You can ensure this by choosing to use the built-in Windows authentication mechanism for your Web site.

Additional Information

Disabling the launch of the Server Manager and Initial Configuration Tasks tools while the administrator is working with RemoteApp applications

If the user running the RemoteApp application has administrator rights on the terminal server on which the application is installed, the tools are automatically launched when connecting to the server Server Manager And Initial Configuration Tasks.

You can change this behavior by using the following Group Policy settings, located under Computer Configuration - Administrative Templates – System - Server Manager Terminal Server Local Group Policy Object Editor:

Do not open Initial Configuration Tasks window automatically at logon

You must enable this policy to prevent the window from starting Initial Configuration Tasks

Do not open Server Manager automatically at logon

You must enable this policy to prevent the snap-in from running Server Manager when connecting to the terminal server of users with administrative rights.

Changing the installation location of TS Web Access components

By default, when you install the TS Web Access role, the RemoteApp Applications Web site is installed as the Internet Information Services default Web site (the "/TS" virtual folder). The Remote Desktop Connection Web site is also installed as the default Internet Information Services Web site (the "/TSWeb" virtual folder). You can change the installation location of these components by editing the system registry. You must do this before you begin installing the TS Web Access role.

Attention

If you modify the system registry incorrectly using Registry Editor or other tools, serious problems may occur that may require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be resolved by other means. Editing system registry, You assume all risk.

To change the installation location of both TS Web Access sites, follow these steps:

If you do not already have IIS installed, install it. To do this, follow these steps: A. Open the snap Server Manager. To do this in the menu Start open the folder Administrative Tools and click the icon Server Manager. b. In chapter Roles Summary click link Add Roles. V. On the page Before You Begin masters Add Roles Wizard click the button Next. d. On the page Select Server Roles check the box Web Server (IIS) and press the buttons in sequence Add Required Features, Next. d. On the page Web Server (IIS) click the button Next. e. On the page Select Role Services click the button Next. and. On the page Confirm Installation Selections click the button Install. h. On the page Installation Results click the button Close. On the menu Start open the folder Administrative Tools and click the icon. In the snap Internet Information Services (IIS) Manager expand the node with the server name, right-click the node Sites and in the context menu select the command Add Web Site. In the dialog box Add Web Site Enter the required information to add a new website. In this case, you need to check the following: In the window Physical path you need to specify the path C:\Windows\Web, where “C” is the letter of the partition in which Windows is installed. To avoid conflicts between the specified configuration and the default site configuration, you should either select a different IP address from the list IP address, or specify a port other than 80 in the field Port. When finished, press the button OK. Open Registry Editor. To do this in the menu Start select team Run, in the window Open dial regedit and press the button OK. Locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft To set a new installation location for the TS Web Access Applications website, follow these steps: Microsoft, expand the menu New and select Key. b. Enter a section name Terminal Server Web Access and press the key ENTER. Terminal Server Web Access, expand the menu New and select String Value. d. Enter a parameter name Website and press the key ENTER. Website and in the context menu select the command Modify. e. In the field Value data enter the name of the website where you want to install the TS Web Access application website and click the button OK. To set a new installation location for the Remote Desktop Connections website, follow these steps: A. Right click on the node Microsoft, expand the menu New and select Key. b. Enter a section name Terminal Server Web Client and press the key ENTER. V. Right click on the node Terminal Server Web Client, expand the menu New and select String Value. d. Enter a parameter name Website and press the key ENTER. d. Right-click the name of the new parameter Website and in the context menu select the command Modify. e. In the field Value data enter the name of the website where you want to install the Remote Desktop Connection website and click the button OK. Close Registry Editor. Install the TS Web Access role. For more information, please refer to the " " section of this document.

Not everyone knows that in addition to the Remote Desktop Service, Windows Server 2008 R2 has a very convenient RemoteApp remote application service. The essence of RemoteApp is that any applications installed on this server can be accessed remotely from any computer connected to the network. In this case, the program will be executed on the server, but its window will be drawn as if the user had launched the program from the local computer. It is possible to minimize and maximize the window of a program running via RemoteApp, resize it and run several programs at once along with your local applications. This is a very convenient mechanism that can significantly simplify the administration of some programs and reduce the cost of purchasing them.

Below I will tell you how to configure RemoteApp applications in Windows Server 2008 R2 using the 1c:Enterprise 7.7 program as an example.

1. What you will need


2. Creating an RDP file or installer for a remote program


3. Setting up users

1. What you will need

1. Computer with Windows Server 2008 R2 (you can read about installation)


2. Running server terminals on this computer(read about installing a terminal server)


3. Also, on this computer the application that we will add to RemoteApp must be installed and configured, in my case it is 1C:Enterprise 7.7 (I wrote about the features of installing 1C:Enterprise 7.7)

2. Create an RDP file or installer for a remote program

Launch " RemoteApp Manager» (« Start» — « Administration» — « ") and in the menu " Actions"on the left click on " Add RemoteApps» .

After which this program will appear in the list of remote RemoteApp applications. Having highlighted it in the table, click on “ Create RDP file» in the menu on the left.

" RemoteApp Wizard", click " Further" and we get to the window " Setting package parameters". Here you can select the directory where the RDP file will be saved, set the Remote Desktop Gateway settings, as well as the certificate settings for secure connections. But most importantly, you can change the server name and port. Initially, the computer name and RDP port are set by default. With these settings, the application will only be available from local network. If it is necessary for the program to be launched from all computers connected to the Internet, then the server name must be replaced with an external IP address, and also, if necessary, change the port that is forwarded on the router for of this server, as shown in the screenshot below.

The port should also be changed if you changed the default port for the terminal server (you can read about how to do this). We complete the wizard by clicking “ Further" And " Ready", after which in the specified directory we will find a file with the extension rdp.
In a similar way, you can create an msi installer by clicking on " Create a Windows Installer package". When you run the resulting installer, it will create an RDP shortcut on the desktop and in the start menu with the icon of the selected application.
Now, if you run the resulting RDP file from another computer on the network, a window will appear to enter your login/password to log into the server.

After entering the data, we will see the 1C:Enterprise window as if we had launched it from a local machine.

3. Setting up users

If the application will be launched by several users with the same settings, then it is not necessary to add each one to the server. It is enough to create only one user, say User_1C(you can read about how to create a user), configure all parameters (list of databases, printers, etc.) for this user and allow multiple sessions.

In order to allow multiple sessions, go to “ Start» — « Administration» — « Remote Desktop Services» — « Remote Desktop Session Host Configuration"click 2 times on " Limit a user to a single session", in the properties window uncheck " Restrict all users to single sessions» .

The value should change to " No» .

In addition, you need to know about one more nuance. The fact is that when an application launched via RemoteApp is closed, the user is not logged out automatically, and the disabled account continues to “hang” on the server. To change this, in the properties of users who will run applications via RemoteApp, on the " Sessions» install « Ending a disconnected session» in 1 minute.

This completes the setup. We implemented it in such a way that several people can simultaneously work with the 1C:Enterprise 7.7 program under one account (for ease of use, you can create several accounts, for example, User_1c_Buh,User_1C_Operator, User_1C_Sklad etc. or a separate account for each user).