Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

using windows remoteapp without exposing remote desktop admin screen

Posted on 2014-11-03
3
264 Views
Last Modified: 2014-11-24
Hello,

I have a remoteapp server using server 2008 R2 that is running fine.  However if you use remote desktops and go to the IP address the windows server login page will display.  How can I run remoteapp without having the server login page of the server being exposed to the outside world?

Thank you
0
Comment
Question by:Tim Lewis
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40420079
No way to do this. Because remoteapp is built upon RDP, enabling one inherently enables the other. Microsoft has not defined any security policies to filter connections and allow one and prevent the other.
0
 
LVL 15

Accepted Solution

by:
ZabagaR earned 500 total points
ID: 40425059
What I did to help remedy that problem is this:

I put a shortcut to logoff.exe (c:\windows\system32\logoff.exe) in the all users startup folder (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup)

You have to unhide c:\ProgramData\ - it's hidden by default. Change it in Organize -> Folder & Search -> View.

Then I set the NTFS security on the logoff shortcut so only my group of remote app users could run it (i.e. so admins like myself wouldn't get logged off at log in).

When you use RemoteApp, that \StartUp\ folder where you dropped the logoff shortcut/link isn't processed. So RemoteApp users will be unaffected. Only people logging on with standard RDP session will get logged off

And this will only run logoff.exe for those person(s) or group(s) you set on the security tab of the logoff shortcut.
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40425078
I'm curious why y'all want to do this. RemoteApp isn't a security boundary and can never effectively be used as one. It is a user interface convenience (and a good one) so I'm not sure what attempting to block traditional RDP accomplishes?
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question