Solved

Step by step configuration for Remote Desktop Services of Windows Server Enterprise 2008 running in the cloud

Posted on 2011-09-25
5
588 Views
Last Modified: 2013-11-05
Hello,

My task is to configure a Windows Server Enterprise 2008 (running on a virtual machine in the cloud of a hosting provider) in order to allow users to access  via Remote Desktop Services a .NET application (MYAPP) running on the server.

Additional requirements:
1) User access to MYAPP using a browser (https)
2) Limit user to MYAPP only (not the full desktop experience)
3) Do not allow remote users to view/modify local server folders
4) Optional: allow remote users to use only a default "TEMP" folder on the server
5) If it works we would like to rapidly scale to more than a few test-users

The server runs a 90 (or 120?) days trial version and we want to use that trial period to test Remote Desktop Services (I was told that on a brand new server like ours there is a 120 days grace period to allow RDS testing).

WHAT I NEED:
A step by step guide that tells me, from when I turn on the server for the very first time, how to achieve the above (for example what features need to be installed on the blank Windows server and in what order to enable RDS, what specific configurations need to be performed using which administrative tool etc etc.).

I know that Microsoft provides a step by step guide such as this:
New Step-by-step guides available for Remote Desktop Services
but that is not what I am looking for.
I need a complete from the beginning procedure that leads me to achieve my goal on a completely brand new server with nothing configured so that remote authenticated users can access MYAPP running on the server using a web browser over the internet.

Thank you experts!
Mac

0
Comment
Question by:macarone
  • 2
  • 2
5 Comments
 
LVL 11

Expert Comment

by:yelbaglf
ID: 36596166
The link you posted is actually all you need.  It provides the steps needed to accomplish your goals.  You'll want to follow the below guides.

Guides To Follow
Installing Remote Desktop Session Host Step-by-Step Guide
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide

This will provide a session host (TerminalServer), connection broker (TS Session Broker), and the Remote Desktop Web Access with RemoteApp.  If presenting the application through Web Access and RemoteApp, then the end-users will only have access to the application and not the 'full desktop experience'.  This takes care of your posted requirements 1-3 and 5.

Also, here's a link discussing RDCB load-balancing.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26920397.html?sfQueryTermInfo=1+10+30+desktop+remot+yelbaglf
0
 

Author Comment

by:macarone
ID: 36623277
Hi yelbaglf:

I followed your suggestion altough the Microsoft instructions refer to a multi-server environment.
For testing purposes only I needed to install the entire stack on a single server (including Active Directory Server, DNS...etc).
Nevertheless I followed the instructions and I managed to have Remote Desktop Services up and running with web access therefore I intend to credit you the points; there is though an issue that I need you to help me with:

- on that particular machine that I created the ONLY users allowed to log in via terminal services and launch a remote app via the browser seem to be the "Administrator" group.

- even if I add a non-administrator user to the Remote Desktop users group (via the Active Directory Users and Computers > mydomain_name > Builtin > Remote Desktop Users) that user is NOT allowed to log on for Terminal Services.

I suspect that is because of some kind of default security policy on any Windows Active Directory Server (part of the modules running on the same server) that prevents non-administrator users from messing around on the key "active directory server" by disabling remote TS access to these users even when they are manually included in the Remote Desktop Services users group.

1) Is this correct?
2) If this is correct I will always need at least 2 separate servers to run RDS:
   a) 1 server for Active Directory and DNS
   b) 1 server for the rest

Do you agree?
Any other suggestions?
Thank you
Mac
0
 
LVL 1

Expert Comment

by:ejaramillo
ID: 36635442
0
 
LVL 11

Accepted Solution

by:
yelbaglf earned 500 total points
ID: 36645909
You are correct...personally I deployed ours like this, which is recommended, but of course not the only way.  What you have done will work for you, but if possible, I would at least move AD/DNS to it's own VM.

Suggested...but again...not a big deal if you have a small environment and want to run SH's, WA/RemoteApp, and RDCB on the same VM.
NLB Clustered Session Hosts (number of clustered VM's will depend on app requirements, etc.)
RDCB VM
Web Access with RemoteApp VM
DC/DNS VM
0
 

Author Comment

by:macarone
ID: 36705815
Allow logon through Remote Desktop Services:

http://scorpiotek.com/blog/?p=742
 
Open gpedit.msc (the local group policy editor)
Expand Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management
Look for the setting on the right called Allow log on through Remote Desktop Services
Double click this policy
Add the user/group you would like to have remote access to the box.
Once this was done, the user was able to connect w/o hassles.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now