Start a program for a specific user-group logging via RDP onto a server

Hi Guys,

I need to Auto start a program in Remote Desktop when a user in a specific group logs onto a server in our domain.
I created a new group policy in GPM (just for our application specific user group)

Location = local domain
Security filtering = My group (The settings in GPO can only apply to the following groups, users, etc)

Editing the policy:

Under Computer Config\Administrative Templates\Windows Components\Remote Desktop Services\Session Host\Remote Session Environment
Start a Program on Connection

* I did the same for User Config also

The auto-starting application did not work until I added the computer (being logged onto) into the Security Filtering list of the group policy.
However, this is creating a problem, as even when Domain Administrator (which is not part of the group) logs on, the application is auto-started.

Any ideas will be appreciated,
Rupert EghardtProgrammerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shaun VermaakTechnical SpecialistCommented:
I would deploy that Program as a Start-Up shortcut (GPO Preferences) and use item level filtering to only apply/or not apply to a specific user group.

See shortcut part of this article

You can also use loopback processing on your policy and then use security filter to a group with apply policy permissions but I don't like that approach

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rupert EghardtProgrammerAuthor Commented:
Thank you Shaun,

We don't want to give users full access to RDP sessions, but only to the application running from the server.
The application uses files which are in a folder on the server.  Thus exe must run from the user session on the server.

Preferably as a user logs on the application should open, when the user logs out, the application should close.
Thus limiting the user only to this application.
This is working fine at the moment, except for the group part, as it is now also limiting an "open" RDP session for Administrator.
Shaun VermaakTechnical SpecialistCommented:
Please to the following
Remove the computer settings and leave the user settings for Start a program on connection
Ensure Authenticated Users have read rights to GPO and your targeting group has Application Group Policy rights
Test user by adding to group and first logging of and logging on to the client computer
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

"Preferably as a user logs on the application should open, when the user logs out, the application should close. Thus limiting the user only to this application" - that sounds very much like what RemoteApps are designed for. You can assign an application to certain users so that the normal shell (the complete GUI) is exchanged for the RemoteApp.
Do you know that concept? Every Remote Desktop Host can host RemoteApps - it is easy to setup and a seamless experience.
Rupert EghardtProgrammerAuthor Commented:
Thanks Shaun,

"your targeting group has Application Group Policy rights"
Where do I allocate these rights?
Rupert EghardtProgrammerAuthor Commented:
Thanks McKnife,

I haven't tried setting up the RemoteApps as yet,
Although Remote Desktop Services have been installed, I don't see RemoteApps in Server Manager?
I checked under Roles and Features, but also don't see the option ...

Not sure if it will work with a 3rd party application, which runs from a Batch file?
Well, it's hard to help without even knowing the server OS. Yes, command line options can be passed to the RemoteApp.

Maybe the most simple solution would be to populate the common autostart with a batch that goes
net user %username% /domain | findstr /c:"groupname" || goto end
...your commands here...

Open in new window

Shaun VermaakTechnical SpecialistCommented:
Sorry, meant Apply Group Policy rights
Rupert EghardtProgrammerAuthor Commented:
Thanks McKnife,

"your commands here" mean, the commands by which I call the application (batch file)?
Thus with the above suggested command lines, the RemoteApp is setup and ready to publish the application?
The batch lines themselves would go there - the contents of your original batch file. If not in that group, they are skipped (that is what my addition would do - check if in that group, if not, skip the commands).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.