Step by step configuration for Remote Desktop Services of Windows Server Enterprise 2008 running in the cloud

Posted on 2011-09-25
Last Modified: 2013-11-05

My task is to configure a Windows Server Enterprise 2008 (running on a virtual machine in the cloud of a hosting provider) in order to allow users to access  via Remote Desktop Services a .NET application (MYAPP) running on the server.

Additional requirements:
1) User access to MYAPP using a browser (https)
2) Limit user to MYAPP only (not the full desktop experience)
3) Do not allow remote users to view/modify local server folders
4) Optional: allow remote users to use only a default "TEMP" folder on the server
5) If it works we would like to rapidly scale to more than a few test-users

The server runs a 90 (or 120?) days trial version and we want to use that trial period to test Remote Desktop Services (I was told that on a brand new server like ours there is a 120 days grace period to allow RDS testing).

A step by step guide that tells me, from when I turn on the server for the very first time, how to achieve the above (for example what features need to be installed on the blank Windows server and in what order to enable RDS, what specific configurations need to be performed using which administrative tool etc etc.).

I know that Microsoft provides a step by step guide such as this:
New Step-by-step guides available for Remote Desktop Services
but that is not what I am looking for.
I need a complete from the beginning procedure that leads me to achieve my goal on a completely brand new server with nothing configured so that remote authenticated users can access MYAPP running on the server using a web browser over the internet.

Thank you experts!

Question by:macarone
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 11

Expert Comment

ID: 36596166
The link you posted is actually all you need.  It provides the steps needed to accomplish your goals.  You'll want to follow the below guides.

Guides To Follow
Installing Remote Desktop Session Host Step-by-Step Guide
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide

This will provide a session host (TerminalServer), connection broker (TS Session Broker), and the Remote Desktop Web Access with RemoteApp.  If presenting the application through Web Access and RemoteApp, then the end-users will only have access to the application and not the 'full desktop experience'.  This takes care of your posted requirements 1-3 and 5.

Also, here's a link discussing RDCB load-balancing.

Author Comment

ID: 36623277
Hi yelbaglf:

I followed your suggestion altough the Microsoft instructions refer to a multi-server environment.
For testing purposes only I needed to install the entire stack on a single server (including Active Directory Server, DNS...etc).
Nevertheless I followed the instructions and I managed to have Remote Desktop Services up and running with web access therefore I intend to credit you the points; there is though an issue that I need you to help me with:

- on that particular machine that I created the ONLY users allowed to log in via terminal services and launch a remote app via the browser seem to be the "Administrator" group.

- even if I add a non-administrator user to the Remote Desktop users group (via the Active Directory Users and Computers > mydomain_name > Builtin > Remote Desktop Users) that user is NOT allowed to log on for Terminal Services.

I suspect that is because of some kind of default security policy on any Windows Active Directory Server (part of the modules running on the same server) that prevents non-administrator users from messing around on the key "active directory server" by disabling remote TS access to these users even when they are manually included in the Remote Desktop Services users group.

1) Is this correct?
2) If this is correct I will always need at least 2 separate servers to run RDS:
   a) 1 server for Active Directory and DNS
   b) 1 server for the rest

Do you agree?
Any other suggestions?
Thank you
LVL 11

Accepted Solution

yelbaglf earned 500 total points
ID: 36645909
You are correct...personally I deployed ours like this, which is recommended, but of course not the only way.  What you have done will work for you, but if possible, I would at least move AD/DNS to it's own VM.

Suggested...but again...not a big deal if you have a small environment and want to run SH's, WA/RemoteApp, and RDCB on the same VM.
NLB Clustered Session Hosts (number of clustered VM's will depend on app requirements, etc.)
Web Access with RemoteApp VM

Author Comment

ID: 36705815
Allow logon through Remote Desktop Services:
Open gpedit.msc (the local group policy editor)
Expand Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Management
Look for the setting on the right called Allow log on through Remote Desktop Services
Double click this policy
Add the user/group you would like to have remote access to the box.
Once this was done, the user was able to connect w/o hassles.

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question