Remote Desktop Services Web Access is a great feature that lets admins present hosted applications to users no matter the geographic location.
With it, users can log onto a Web portal
For more advanced users, it's possible to customize via Group Policy which users have access to which applications and get granular and specify that certain applications should only be displayed to selected users when they’re accessing the Web portal from within the corporate network.
To get started setting up Remote Desktop Services Web Access portals, there are a few requirements:
- The Remote Desktop Services role should be installed.
- The RD Web Access portal machine needs to use Windows Server 2008 R2, and not a downstream flavor.
- A machine must be running RD Session Host and RD Connection Broker roles, both of which are available through the Server Manager user interface common to Windows Server 2008.
Installing the RD Web Access Role Service
First off, lay down the correct code on the machine that will be hosting the portal website. Use the following steps to install the RD Web Access role service:
1.Log on as an administrator to the machine that you want to become a RD Web Access portal.
2. Click Start, and then from Administrative Tools, select Server Manager.
3. In the Roles Summary section, click the Add Roles task, and click Next off the wizard’s introductory screen.
4. Select the Remote Desktop Services role, and click Next, and then click Next off the Remote Desktop Services page.
5. Select the Remote Desktop Web Access role service. On the resulting dialog box prompt, click the Add Required Role Services button, and then click Next.
6. Click Next on the Web Server (IIS) page, and then click Next on the Select Role Services page.
7. On the Confirm Installation Selections page, Install.
Now the RD Web Access portal needs something to host; this information comes from a source, which can be a RD Connection Broker server or an RD Session Host server or farm of servers. The RD Web Access server needs to be added to the TS Web Access computers security group on the session host for this to work. However, it’s pretty easy to configure this:
1. Connect to the RD Web Access website at https://<server_fqdn>/rdweb and log in as an administrator.
2. Select the Configuration page.
3. Select either “An RD Connection Broker Server” or “One or More RemoteApp Sources.” Specify the appropriate addresses, and then click OK to save the changes.
Configuring RemoteApp and Desktop Connection Properties
At this point, massage the source of the RemoteApp programs and set up some of the configuration properties on the connection broker machine. This lets the portal machine and the server hosting the “internals” of Remote Desktop Services talk to each other and exchange connection and session information.
1. On the RD Connection Broker machine, click Start > Administrative Tools > Remote Desktop Services > Remote Desktop Connection Manager.
2. In the left pane, click the top node, and then in the right pane, click Properties.
3. Navigate to the Connection Settings tab, and define the display name and connection ID.
4. Navigate to the RD Web Access tab, and enter the full DNS address for the RD Web Access server in the Server Name text box.
5. Click the Add button, then click Apply, and finally, click OK.
Adding Items to the RemoteApp Programs List
Lastly, add programs for users to access on the portal itself. This is a fairly simple process:
1. On the session host, click Start, Administrative Tools, Remote Desktop Services, RemoteApp Manager.
2. In the Actions pane, click Add RemoteApp Programs, and click Next off the introductory screen of the wizard.
3. Select the items to add to the RemoteApps list from the list. While the dialog shows all of the items in the All Users Start Menu folder, click on the Browse button, and then specify where the program you want resides on the disk.
4. Click Next, review settings, and then click Finish.
After that, users will be able to access the Web portal, click on the icon for the program they’d like to run, and the session and connection will be built automatically for them. All the while, the program runs on the servers, in a controlled environment, and user data remains on the corporate network, and not on the client.
ABOUT THE AUTHOR
Jonathan Hassell is an author, consultant, and speaker on a variety of IT topics. His published works include RADIUS, Hardening Windows, Using Microsoft Windows Small Business Server 2003, and Learning Windows Server 2003.
This was first published in October 2011