Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Step by step configuration for Remote Desktop Services of Windows Server Enterprise 2008 running in the cloud

Posted on 2011-09-25
Medium Priority
Last Modified: 2013-11-05

My task is to configure a Windows Server Enterprise 2008 (running on a virtual machine in the cloud of a hosting provider) in order to allow users to access  via Remote Desktop Services a .NET application (MYAPP) running on the server.

Additional requirements:
1) User access to MYAPP using a browser (https)
2) Limit user to MYAPP only (not the full desktop experience)
3) Do not allow remote users to view/modify local server folders
4) Optional: allow remote users to use only a default "TEMP" folder on the server
5) If it works we would like to rapidly scale to more than a few test-users

The server runs a 90 (or 120?) days trial version and we want to use that trial period to test Remote Desktop Services (I was told that on a brand new server like ours there is a 120 days grace period to allow RDS testing).

A step by step guide that tells me, from when I turn on the server for the very first time, how to achieve the above (for example what features need to be installed on the blank Windows server and in what order to enable RDS, what specific configurations need to be performed using which administrative tool etc etc.).

I know that Microsoft provides a step by step guide such as this:
New Step-by-step guides available for Remote Desktop Services
but that is not what I am looking for.
I need a complete from the beginning procedure that leads me to achieve my goal on a completely brand new server with nothing configured so that remote authenticated users can access MYAPP running on the server using a web browser over the internet.

Thank you experts!

Question by:macarone
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 11

Expert Comment

ID: 36596166
The link you posted is actually all you need.  It provides the steps needed to accomplish your goals.  You'll want to follow the below guides.

Guides To Follow
Installing Remote Desktop Session Host Step-by-Step Guide
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide

This will provide a session host (TerminalServer), connection broker (TS Session Broker), and the Remote Desktop Web Access with RemoteApp.  If presenting the application through Web Access and RemoteApp, then the end-users will only have access to the application and not the 'full desktop experience'.  This takes care of your posted requirements 1-3 and 5.

Also, here's a link discussing RDCB load-balancing.

Author Comment

ID: 36623277
Hi yelbaglf:

I followed your suggestion altough the Microsoft instructions refer to a multi-server environment.
For testing purposes only I needed to install the entire stack on a single server (including Active Directory Server, DNS...etc).
Nevertheless I followed the instructions and I managed to have Remote Desktop Services up and running with web access therefore I intend to credit you the points; there is though an issue that I need you to help me with:

- on that particular machine that I created the ONLY users allowed to log in via terminal services and launch a remote app via the browser seem to be the "Administrator" group.

- even if I add a non-administrator user to the Remote Desktop users group (via the Active Directory Users and Computers > mydomain_name > Builtin > Remote Desktop Users) that user is NOT allowed to log on for Terminal Services.

I suspect that is because of some kind of default security policy on any Windows Active Directory Server (part of the modules running on the same server) that prevents non-administrator users from messing around on the key "active directory server" by disabling remote TS access to these users even when they are manually included in the Remote Desktop Services users group.

1) Is this correct?
2) If this is correct I will always need at least 2 separate servers to run RDS:
   a) 1 server for Active Directory and DNS
   b) 1 server for the rest

Do you agree?
Any other suggestions?
Thank you
LVL 11

Accepted Solution

yelbaglf earned 2000 total points
ID: 36645909
You are correct...personally I deployed ours like this, which is recommended, but of course not the only way.  What you have done will work for you, but if possible, I would at least move AD/DNS to it's own VM.

Suggested...but again...not a big deal if you have a small environment and want to run SH's, WA/RemoteApp, and RDCB on the same VM.
NLB Clustered Session Hosts (number of clustered VM's will depend on app requirements, etc.)
Web Access with RemoteApp VM

Author Comment

ID: 36705815
Allow logon through Remote Desktop Services:
Open gpedit.msc (the local group policy editor)
Expand Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management
Look for the setting on the right called Allow log on through Remote Desktop Services
Double click this policy
Add the user/group you would like to have remote access to the box.
Once this was done, the user was able to connect w/o hassles.

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question