Go Premium for a chance to win a PS4. Enter to Win


Step by step configuration for Remote Desktop Services of Windows Server Enterprise 2008 running in the cloud

Posted on 2011-09-25
Medium Priority
Last Modified: 2013-11-05

My task is to configure a Windows Server Enterprise 2008 (running on a virtual machine in the cloud of a hosting provider) in order to allow users to access  via Remote Desktop Services a .NET application (MYAPP) running on the server.

Additional requirements:
1) User access to MYAPP using a browser (https)
2) Limit user to MYAPP only (not the full desktop experience)
3) Do not allow remote users to view/modify local server folders
4) Optional: allow remote users to use only a default "TEMP" folder on the server
5) If it works we would like to rapidly scale to more than a few test-users

The server runs a 90 (or 120?) days trial version and we want to use that trial period to test Remote Desktop Services (I was told that on a brand new server like ours there is a 120 days grace period to allow RDS testing).

A step by step guide that tells me, from when I turn on the server for the very first time, how to achieve the above (for example what features need to be installed on the blank Windows server and in what order to enable RDS, what specific configurations need to be performed using which administrative tool etc etc.).

I know that Microsoft provides a step by step guide such as this:
New Step-by-step guides available for Remote Desktop Services
but that is not what I am looking for.
I need a complete from the beginning procedure that leads me to achieve my goal on a completely brand new server with nothing configured so that remote authenticated users can access MYAPP running on the server using a web browser over the internet.

Thank you experts!

Question by:macarone
  • 2
  • 2
LVL 11

Expert Comment

ID: 36596166
The link you posted is actually all you need.  It provides the steps needed to accomplish your goals.  You'll want to follow the below guides.

Guides To Follow
Installing Remote Desktop Session Host Step-by-Step Guide
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide

This will provide a session host (TerminalServer), connection broker (TS Session Broker), and the Remote Desktop Web Access with RemoteApp.  If presenting the application through Web Access and RemoteApp, then the end-users will only have access to the application and not the 'full desktop experience'.  This takes care of your posted requirements 1-3 and 5.

Also, here's a link discussing RDCB load-balancing.

Author Comment

ID: 36623277
Hi yelbaglf:

I followed your suggestion altough the Microsoft instructions refer to a multi-server environment.
For testing purposes only I needed to install the entire stack on a single server (including Active Directory Server, DNS...etc).
Nevertheless I followed the instructions and I managed to have Remote Desktop Services up and running with web access therefore I intend to credit you the points; there is though an issue that I need you to help me with:

- on that particular machine that I created the ONLY users allowed to log in via terminal services and launch a remote app via the browser seem to be the "Administrator" group.

- even if I add a non-administrator user to the Remote Desktop users group (via the Active Directory Users and Computers > mydomain_name > Builtin > Remote Desktop Users) that user is NOT allowed to log on for Terminal Services.

I suspect that is because of some kind of default security policy on any Windows Active Directory Server (part of the modules running on the same server) that prevents non-administrator users from messing around on the key "active directory server" by disabling remote TS access to these users even when they are manually included in the Remote Desktop Services users group.

1) Is this correct?
2) If this is correct I will always need at least 2 separate servers to run RDS:
   a) 1 server for Active Directory and DNS
   b) 1 server for the rest

Do you agree?
Any other suggestions?
Thank you
LVL 11

Accepted Solution

yelbaglf earned 2000 total points
ID: 36645909
You are correct...personally I deployed ours like this, which is recommended, but of course not the only way.  What you have done will work for you, but if possible, I would at least move AD/DNS to it's own VM.

Suggested...but again...not a big deal if you have a small environment and want to run SH's, WA/RemoteApp, and RDCB on the same VM.
NLB Clustered Session Hosts (number of clustered VM's will depend on app requirements, etc.)
Web Access with RemoteApp VM

Author Comment

ID: 36705815
Allow logon through Remote Desktop Services:

Open gpedit.msc (the local group policy editor)
Expand Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management
Look for the setting on the right called Allow log on through Remote Desktop Services
Double click this policy
Add the user/group you would like to have remote access to the box.
Once this was done, the user was able to connect w/o hassles.

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question