Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp

Posted by on Nov 23, 2009 in Windows 2008 R2

Welcome back to the 3rd and final article in this series in installing and configuring your Remote Desktop Services in Windows 2008 R2, with the focus of today’s article around Remote Desktop (RD) Web Services (formerly referred to as TS Web Services) and utilising RemoteApp to publish applications to our RD Web Access web page and to the client desktop. For those that missed the previous 2 articles, you can access these from the links below;

  1. Remote Desktop Services in Windows 2008 R2 -Part 1 – Installation
  2. Remote Desktop Services in Windows 2008 R2 – Part 2 – RD Gateway

RD Web Access is a component within Remote Desktop Services in Windows Server 2008 R2 which provides your remote users with the ability to access network published applications via Internet Explorer over SSL or commonly referred to as HTTPS.  This type of access breaks all barriers and restrictions where traditional VPN’s were IPSEC based or L2TP and usually required special software to be installed on the client machine which in itself required special configuration.  Not only was it cumbersome and problematic to setup for the non IT savvy, it usually caused potential problems for remote workers that were connected behind restricted Internet connections that only opened up a limited number of ports, namely HTTP and HTTPS.  This is where SSL based VPN’s such as RD Gateway (introduced in part 2 of this series) and RD Web Access come into play.

To recap, we went through the process of installing the necessary components for Remote Desktop Services including the RD Session Host and RD Web Access role services in part 1 of this series, with today’s focus on completing and fine tuning the configuration of RD Web Access and then shifting our focus on publishing remote applications in the latter half of this post.

So let’s begin by confirming the operation of the RD Web Access role by navigating to Start / Administrative Tools / Remote Desktop Services / Remote Web Access Configuration.

Because we are running a self-signed certificate on the IIS web site you will receive the usual Internet Explorer Certificate warning. It’s safe for us to click on continue to this website.

The below RD Web Access login screen will appear. Enter your administrative network credentials and then click on sign in.


The configuration screen will be displayed in which you have the option to select a Remote Desktop (RD) Connection Broker server or specify individual RemoteApp sources.


Let me provide you with a primer on the RD Connection Broker Server. Recall this was installed back in part 1 of this series as one of the role services installed for Remote Desktop Services. Formerly known as TS Session Broker, RD Connection Broker provides enhancements and benefits to the users experiences when connecting to an RD Host Server and are accessing RemoteApp and or Remote Desktop connections. These are listed below;

  • Support for load balancing amongst Remote Desktop Servers located within a single farm
  • Support for seamless user reconnection with farm based setups
  • A new feature in Windows 2008 R2 is the ability to combine RemoteApp sources from different Remote Desktop Session Host servers that may potentially be housing different RemoteApp programs for compatibility and segregation reasons.
  • Also a new feature in Windows 2008 R2 is the Direct integration with the newly introduced Virtual Desktop Infrastructure (VDI) – (to be covered in a future post.)

Considering that this is a basic single server Remote Desktop Host setup, we do not require to setup the RD Connection Broker, but I will outline the steps for convenience if you decide to go down this path;

1. The RD Connection Broker role service is required to be installed on a server. This could be on any server located on your network and does not necessarily need to be installed on a server running the Remote Desktop Host server or any of the other Remote Desktop Services Roles.

2. Add the RD Session Host servers that you would like to aggregate in your farm setup to the Session Broker Computers local group which is located on the RD Connection Broker server. (screen capture below)


3. Navigate to Start / Administrative Tools / Remote Desktop Services / Remote Desktop Session Host Configuration and configure each RD Session Host Server that will participate in the farm to become a farm member in the RD Connection Broker. (highlighted below)


4. Lastly, you can utilise DNS round robin with the RD Connection Broker to provide load balancing. This is as simple as creating an addition A record in DNS to point each Remote Desktop Host Server that is participating in the farm to the farm name. The farm name is specified in the Remote Desktop Session Host Configuration and is common on all Remote Desktop Host Servers. Recall that this is located under Remote Desktop Session Host configuration / RD Connection Broker / Member of farm in RD Connection Broker’s properties. clip_image006

The above steps have outlined the configuration of an RD Connection Broker server and the necessary steps required to configure your farm .  So going back to the RD Web Access Configuration screen we can either select “An RD Connection Broker server” as our source or individual RemoteApp sources (i.e. individual RD Host Servers).

clip_image008 As this is a single Remote Desktop Host setup, I will select one or more RemoteApp sources (which is selected by default), leave localhost as the source name as this is also our single  RD Host Server and click OK.

The web page will then redirect to the RemoteApp Programs screen which currently is not populated with any published applications …. but not for long.


This brings us to the second part of this article, Publishing RemoteApp Programs. Windows 2008 was the first version of Windows that provided us with the ability to publish individual applications to the Desktop and to TS Web Access or should we now say RD Web Access.

Quite simply, we can only publish applications that are installed on the Remote Desktop Host. Installing client applications on a Terminal Server is not the same as installing on a client computer and to ensure Remote Desktop compatibility it is best practice to still utilise the “Install Application on Remote Desktop” mini wizard provided. This is to ensure that our applications are installed utilising RD Install mode which configures the correct registry entries for a multi user Remote Desktop environment. You can also utilise Windows command prompt to achieve the same;

Change user / install – prior to running setup.exe of the application

Change user /execute  – after the application installation has completed.

For simplicity, you can access the wizard via Control Panel / Programs / Install Application on Remote Desktop.


This will initiate the wizard.


Click Next, complete the installation, and then click on Finish. Let’s install Office 2007 as our first client application on the Remote Desktop Host.

After installing Office 2007 utilising RD install mode, we now have our first application to publish to RD Web Access and to a Remote Computer desktop such as Windows 7. Lets start with the former first. Navigate to Start / Administrative Tools / Remote Desktop Services / Remote App Manager.


Under the Actions pane, click on Add RemoteApp Programs.

This will invoke the RemoteApp Wizard.


Click Next.


Choose the application that you would like to publish. I will select Microsoft Office Word 2007 in this example. Before clicking on next, let’s venture into the properties area as there is an enhancement made to Windows 2008 R2 over Windows 2008.

The first tab (properties) as you will see is identical to that provided in Windows 2008 with the ability to change the icon, provide additional command line arguments and a checkbox allowing us to make this published application available through RD Web Access.


The second tab (User Assignment) is new and a welcome enhancement to Windows 2008 R2 allowing us to specify users and or groups whom you want the published application to be visible to.


I will keep All authenticated domain users ticked and click OK.

Click Next to proceed with the wizard.

You will then be presented with the below summary of settings.


Click Finish.

We have now published our first RemoteApp to RD Web Access.


If I now navigate to the RD Web Access URL from any internal client computer, usually in the form of  https://servername/RDweb and login, our Microsoft Office 2007 icon will now be listed providing us with the ability to now launch published application singularly via a secure web interface.


In addition to publishing RemoteApp Programs to RD Web Access, we  are also provided with the ability to publish applications via a Windows Installer Package or via the creation of an .rdp file which both can be assigned to Remote Computers running Windows 7 etc.

Quite simply, right click on the Microsoft Office Word 2007 under RemoteApp Programs within RemoteApp Manager and select either Create .rdp File or Create Windows Installer Package. You can also initiate both wizards under Actions on the right navigation pane. Both have advantages and disadvantages with the .rdp file providing you with flexibility in the distribution method in deploying applications to remote users by providing them with a single .rdp file, whereas the Windows Installer Package is more geared towards Group Policy Software installation with added benefits in specifying shortcuts locations such as specifying that the shortcut icon will appear on client computers Desktop or Start Menu Folder.

This ends the series on Remote Desktop Services. This is by no means an exhaustive complex setup but it gives you a taste of what is possible with the technology and how far it has come since the early days of Windows NT. Every setup will be different and even though I have installed all of the roles on a single server, depending on the size of your organization and deployment these can be easily split across multiple servers with farm configurations and so forth to accommodate for larger number of users.

This article has not gone into great depth or detail with regards to securing your RD Gateway and RD Web Access with trusted 3rd Party Certification Authority Certificates such as those provided by GoDaddy and Verisign, nor have we discussed potentially publishing both RD Web Access and RD Gateway using a reverse proxy firewall such as Microsoft’s Internet and Acceleration Server (ISA) 2006 and the recently announced Forefront Threat Management Gateway (TMG).  Expect to see future articles on this topic.

Well, I hope you enjoyed this series and please feel free to comment about your experiences or questions you may have.

Subscribe to this blog and join our Facebook page and Twitter Page to keep up to date and be notified of our latest articles.

If you require any assistance with your SharePoint or other IT needs, the team at GKM2 are happy to assist.  You can contact us via or 1300 797 288 within Australia.


Remote Desktop Connection Broker- What’s New;
Remote Desktop Connection Broker;
Remote Desktop Web Access;
RemoteApp and Desktop Connection – What’s New;
RemoteApp Manager;


Articles in this series;

  1. Remote Desktop Services in Windows 2008 R2 -Part 1 – Installation
  2. Remote Desktop Services in Windows 2008 R2 – Part 2 – RD Gateway
  3. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp

One Comment

  1. can i connect client hosts with the server which is found remotely as a database server like client server architecture?


  1. Tweets that mention Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp | SharePoint George -- - [...] This post was mentioned on Twitter by Planet SharePoint, George Khalil. George Khalil said: Latest post on Remote Desktop…