Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Solved
RemoteApp Server 2008 R2
Posted on 2012-12-27
Hello,
When we deploy RemoteApp in Server 2008 R2. Upon clicking on the app:
1) Is the application opened using port 80/443 or still uses 3389?
2) Is there anyway to just move RemoteApp data on 80/443 and block 3389?
3) Is there a way to disable RDP and only enable RemoteApp. My understanding of RemoteApp is that it still uses RDP to open the Apps, but not exactly sure..
Thanks
When we deploy RemoteApp in Server 2008 R2. Upon clicking on the app:
1) Is the application opened using port 80/443 or still uses 3389?
2) Is there anyway to just move RemoteApp data on 80/443 and block 3389?
3) Is there a way to disable RDP and only enable RemoteApp. My understanding of RemoteApp is that it still uses RDP to open the Apps, but not exactly sure..
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
- +2
8 Comments
It may help you...
RD Web Access using only port 80 and 443
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27566372.html
More:
TS RemoteApp Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc730673(v=ws.10).aspx
RD Web Access using only port 80 and 443
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27566372.html
More:
TS RemoteApp Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc730673(v=ws.10).aspx
Have a look at the article published on Expert-Exchange itself
It might be helpful for You
Expert Exchange Article
For your Third Query follow the bellow procedure
Start in: c:\windows\system32
It might be helpful for You
Expert Exchange Article
For your Third Query follow the bellow procedure
Go to the RDP properties in Terminal Services Configuration Console
In environment tab, select the option "Start the following program when the user....”
Path: c:\windows\system32\logoffStart in: c:\windows\system32
Active today
I think a general answer, will answer all 3 questions.
If you enable the TS Gateway service, when you connect to the server you use only port 443 to access the server. You are authenticated, and then the TS Gateway server uses port 3389 internally to connect to the Terminal Server (now called Remote Desktop Services (RDS) server, which can be but does not need to be the same server. In this case external access to port 3389 is not needed at all, no router/firewall opening or port forwarding for port 3389 is required. Port 3389 is only needed internally, but is needed. Without the TS Gateway service port 3389 is required externally. RDP is always needed, even with RemotApps, as it is the protocol/service used for accessing and communicating with the server or PC to which you are connecting. It is possible to change the the RDP listening port to something other than 3389.
These days due to a virus that spreads via RDP and port 3389, the TS Gateway service, which uses SSL, should always be used instead of direct connections using 3389.
If you enable the TS Gateway service, when you connect to the server you use only port 443 to access the server. You are authenticated, and then the TS Gateway server uses port 3389 internally to connect to the Terminal Server (now called Remote Desktop Services (RDS) server, which can be but does not need to be the same server. In this case external access to port 3389 is not needed at all, no router/firewall opening or port forwarding for port 3389 is required. Port 3389 is only needed internally, but is needed. Without the TS Gateway service port 3389 is required externally. RDP is always needed, even with RemotApps, as it is the protocol/service used for accessing and communicating with the server or PC to which you are connecting. It is possible to change the the RDP listening port to something other than 3389.
These days due to a virus that spreads via RDP and port 3389, the TS Gateway service, which uses SSL, should always be used instead of direct connections using 3389.
Active 3 days ago
1) Is the application opened using port 80/443 or still uses 3389?
3389
2) Is there anyway to just move RemoteApp data on 80/443 and block 3389?
Kindof. You can set RDP port to anything you like but you will find issues if it conflicts with another used port, like 443. This doesnt change how it connects, it just changes the port number.
You should try the Web Access feature of Remoteapp, as that uses port 443 (https) and may do what you want.
3) Is there a way to disable RDP and only enable RemoteApp. My understanding of RemoteApp is that it still uses RDP to open the Apps, but not exactly sure..
Again, it's a yes & no. You can use remote web apps and block port 3389 completely, or just set the TS to log users straight off if they log in directly (using login script or group policy etc.)
3389
2) Is there anyway to just move RemoteApp data on 80/443 and block 3389?
Kindof. You can set RDP port to anything you like but you will find issues if it conflicts with another used port, like 443. This doesnt change how it connects, it just changes the port number.
You should try the Web Access feature of Remoteapp, as that uses port 443 (https) and may do what you want.
3) Is there a way to disable RDP and only enable RemoteApp. My understanding of RemoteApp is that it still uses RDP to open the Apps, but not exactly sure..
Again, it's a yes & no. You can use remote web apps and block port 3389 completely, or just set the TS to log users straight off if they log in directly (using login script or group policy etc.)
Featured Post
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month9 days, 2 hours left to enroll
721 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.