Solved

Step by step configuration for Remote Desktop Services of Windows Server Enterprise 2008 running in the cloud

Posted on 2011-09-25
5
590 Views
Last Modified: 2013-11-05
Hello,

My task is to configure a Windows Server Enterprise 2008 (running on a virtual machine in the cloud of a hosting provider) in order to allow users to access  via Remote Desktop Services a .NET application (MYAPP) running on the server.

Additional requirements:
1) User access to MYAPP using a browser (https)
2) Limit user to MYAPP only (not the full desktop experience)
3) Do not allow remote users to view/modify local server folders
4) Optional: allow remote users to use only a default "TEMP" folder on the server
5) If it works we would like to rapidly scale to more than a few test-users

The server runs a 90 (or 120?) days trial version and we want to use that trial period to test Remote Desktop Services (I was told that on a brand new server like ours there is a 120 days grace period to allow RDS testing).

WHAT I NEED:
A step by step guide that tells me, from when I turn on the server for the very first time, how to achieve the above (for example what features need to be installed on the blank Windows server and in what order to enable RDS, what specific configurations need to be performed using which administrative tool etc etc.).

I know that Microsoft provides a step by step guide such as this:
New Step-by-step guides available for Remote Desktop Services
but that is not what I am looking for.
I need a complete from the beginning procedure that leads me to achieve my goal on a completely brand new server with nothing configured so that remote authenticated users can access MYAPP running on the server using a web browser over the internet.

Thank you experts!
Mac

0
Comment
Question by:macarone
  • 2
  • 2
5 Comments
 
LVL 11

Expert Comment

by:yelbaglf
ID: 36596166
The link you posted is actually all you need.  It provides the steps needed to accomplish your goals.  You'll want to follow the below guides.

Guides To Follow
Installing Remote Desktop Session Host Step-by-Step Guide
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide

This will provide a session host (TerminalServer), connection broker (TS Session Broker), and the Remote Desktop Web Access with RemoteApp.  If presenting the application through Web Access and RemoteApp, then the end-users will only have access to the application and not the 'full desktop experience'.  This takes care of your posted requirements 1-3 and 5.

Also, here's a link discussing RDCB load-balancing.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26920397.html?sfQueryTermInfo=1+10+30+desktop+remot+yelbaglf
0
 

Author Comment

by:macarone
ID: 36623277
Hi yelbaglf:

I followed your suggestion altough the Microsoft instructions refer to a multi-server environment.
For testing purposes only I needed to install the entire stack on a single server (including Active Directory Server, DNS...etc).
Nevertheless I followed the instructions and I managed to have Remote Desktop Services up and running with web access therefore I intend to credit you the points; there is though an issue that I need you to help me with:

- on that particular machine that I created the ONLY users allowed to log in via terminal services and launch a remote app via the browser seem to be the "Administrator" group.

- even if I add a non-administrator user to the Remote Desktop users group (via the Active Directory Users and Computers > mydomain_name > Builtin > Remote Desktop Users) that user is NOT allowed to log on for Terminal Services.

I suspect that is because of some kind of default security policy on any Windows Active Directory Server (part of the modules running on the same server) that prevents non-administrator users from messing around on the key "active directory server" by disabling remote TS access to these users even when they are manually included in the Remote Desktop Services users group.

1) Is this correct?
2) If this is correct I will always need at least 2 separate servers to run RDS:
   a) 1 server for Active Directory and DNS
   b) 1 server for the rest

Do you agree?
Any other suggestions?
Thank you
Mac
0
 
LVL 1

Expert Comment

by:ejaramillo
ID: 36635442
0
 
LVL 11

Accepted Solution

by:
yelbaglf earned 500 total points
ID: 36645909
You are correct...personally I deployed ours like this, which is recommended, but of course not the only way.  What you have done will work for you, but if possible, I would at least move AD/DNS to it's own VM.

Suggested...but again...not a big deal if you have a small environment and want to run SH's, WA/RemoteApp, and RDCB on the same VM.
NLB Clustered Session Hosts (number of clustered VM's will depend on app requirements, etc.)
RDCB VM
Web Access with RemoteApp VM
DC/DNS VM
0
 

Author Comment

by:macarone
ID: 36705815
Allow logon through Remote Desktop Services:

http://scorpiotek.com/blog/?p=742
 
Open gpedit.msc (the local group policy editor)
Expand Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management
Look for the setting on the right called Allow log on through Remote Desktop Services
Double click this policy
Add the user/group you would like to have remote access to the box.
Once this was done, the user was able to connect w/o hassles.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question