Unable to restrict access to published apps in RDS RDWeb - icon is still visible.

Just a quick note.  I have seen the posts about creating security groups, applying them to the RDWeb folder/page, and they making one allow and one deny.  I can't do this because this is an enterprise level AD domain.  I would have to add hundreds of thousands of accounts to the deny to secure this.

Ken -

So far I have only read that the User Assignment is not meant as a security feature - only a way to clean up clutter if numerous apps are published.  That is exactly what I'm looking for but it doesn't work.  I have an app published and I want it only visible to a specific AD security group.  This is supposed to be done with User Assignment but it just doesn't seem to work for me.

I did a quick check about the behavior. We use 2012 R2 as RDS server and Win10 clients. If I select "program X" should only be visible to group "domain admins" (for example) while it was visible to all before, the change is visible as soon as I refresh the page.

Could it be that you had been member of this group before, removed yourself but you didn't logoff from windows and logon again between trying? You have to.

Jackie - thank you for that.  Yesterday I added the server to the group you suggested.  Seems that I am still getting the same result - I can still see icons I'm not supposed to see in RDWeb.  McKnife - I'm double checking group membership now to make sure I didn't miss something.

Ken -

Neither worked.  Server is a part of the correct group and my test account is in the correct group.  This seems to be a feature that simply does not work.

I don't think I've seen a single solution for this problem on any of the user groups I'm part of.

It works here. Check bested groups, please. Make sure to log off and on again.

I logged off and back in with the same results.  I'm still seeing icons that I should not see.  I have set User Assignment to a group I am not a member of and selected "Only specified users and groups" but I still see them.

This is absurd.  No idea why this is not working but I see quite a number of people online with the same issue - but no answers.  This is so Microsoft - to design something that doesn't work - or requires one to jump through ridiculous unspecified hoops to get it to work.

I think that you need to republish the app again to rule out the trace of permission issue when you first published the app.

Let's stay analytical. Find out what happens when you do that change of group entitlement. The rdweb page is served by IIS. In IIS, there will be ACLs where you can exactly see who is entitled to see the items. Please look into that and we can compare with my working environment.

Looks like adding to User Assignment actually worked.  I checked in on it and it was suddenly working.  I'm wondering if there is a delay in IIS picking up these settings - I was testing right after I made the change.