Professional Documents
Culture Documents
Abstract
RemoteApp and Desktop Connection provides administrators with the ability to group RemoteApp
programs and make them available to end users on the Start menu of a computer that is running
Windows 7 or by using a Web browser. This guide explains how to configure a RemoteApp
program so that a user can access it by using a Web browser.
Copyright Information
This document is provided “as-is”. Information and views expressed in this document, including
URL and other Internet Web site references, may change without notice. You bear the risk of
using it.
This document does not provide you with any legal rights to any intellectual property in any
Microsoft product. You may copy and use this document for your internal, reference purposes.
© 2011 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, RemoteApp, Windows, and Windows Server are trademarks of the
Microsoft group of companies.
All other trademarks are property of their respective owners.
Contents
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step
Guide ............................................................................................................................................ 4
About this guide............................................................................................................................ 4
What this guide does not provide ............................................................................................. 5
Scenario: Deploying Remote Desktop Web Access with Remote Desktop Connection Broker in
a test environment .................................................................................................................... 6
The computers form a private network, and they are connected through a common hub or Layer 2
switch. This step-by-step guide uses private addresses throughout the test lab configuration. The
private network ID 10.0.0.0/24 is used for the network. The domain controller is named
CONTOSO-DC for the domain named contoso.com. The following figure shows the configuration
of the test environment.
Step 1: Setting Up the CONTOSO Domain
To prepare your RemoteApp and Desktop Connection test environment in the CONTOSO
domain, you must complete the following tasks:
Configure the RD Session Host server (RDSH-SRV).
Configure the client computer (CONTOSO-CLNT)
Configure the Remote Desktop Connection Broker (RD Connection Broker) server (RDCB-
SRV).
Configure the Remote Desktop Web Access (RD Web Access) server (RDWA-SRV).
Use the following table as a reference when setting up the appropriate computer names,
operating systems, and network settings that are required to complete the steps in this guide.
Important
Before you configure your computers with static Internet Protocol (IP) addresses, we
recommend that you first complete Windows product activation while each of your
computers still has Internet connectivity. You should also install any available critical
security updates from Windows Update (http://go.microsoft.com/fwlink/?LinkID=47370).
Subnet mask:
Computer name Operating system IP settings DNS settings
requirement
255.255.255.0
Default gateway:
10.0.0.1
To add the certificate thumbprint to the Default Domain Group Policy setting
1. Log on to CONTOSO-DC as CONTOSO\Administrator.
2. Open the GPMC. To open the GPMC, click Start, point to Administrative Tools, and
then click Group Policy Management.
3. Expand Forest: contoso.com, expand Domains, and then expand contoso.com.
4. Right-click Default Domain Policy, and then click Edit.
5. Navigate to Computer Configuration\Policies\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop Connection Client.
6. Double-click Specify SHA1 thumbprints of certificates representing trusted .rdp
publishers.
7. Select the Enabled option.
8. In the Comma-separated list of SHA1 trusted certificate thumbprints box, type the
certificate thumbprint used to digitally sign the RDP file, and then click OK.
Important
You must import a PFX certificate file that includes the private key.
13. Navigate to the folder where the certificate is located, click the certificate, and the click
Open.
14. Click Next.
15. In the Password box, type the password for the PFX file, and then click Next.
16. Click Next, and then click Finish.
Important
You must import a PFX certificate file that includes the private key.
13. Navigate to the folder where the certificate is located, click the certificate, and the click
Open.
14. Click Next.
15. In the Password box, type the password for the PFX file, and then click Next.
16. Click Next, and then click Finish.
Finally, configure a digital certificate used to digitally sign the RDP file.
To add the certificate thumbprint to the Default Domain Group Policy setting
1. Log on to CONTOSO-DC as CONTOSO\Administrator.
2. Open GPMC. To open GPMC, click Start, point to Administrative Tools, and then click
Group Policy Management.
3. Expand Forest: contoso.com, expand Domains, and then expand contoso.com.
4. Right-click Default Domain Policy, and then click Edit.
5. Navigate to Computer Configuration\Policies\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop Connection Client.
6. Double-click Specify SHA1 thumbprints of certificates representing trusted .rdp
publishers.
7. Select the Enabled option.
8. In the Comma-separated list of SHA1 trusted certificate thumbprints box, type the
certificate thumbprint used to digitally sign the RDP file, and then click OK.
You have set up the CONTOSO domain. Now you can proceed to Step 2: Installing and
Configuring RemoteApp.
Important
This guide uses a self-signed certificate for the RD Web Access server. Self-
signed certificates are not recommended in a production environment. You
should use a certificate that is trusted from a certification provider when
deploying RD Web Access in a production environment.
4. In the Domain\user name box, type CONTOSO\Administrator.
5. In the Password box, type the password that you specified for CONTOSO\Administrator,
and then click Sign in.
6. On the Configuration page, click An RD Connection Broker server.
7. In the Source name box, type rdcb-srv and then click OK.
Finally, you must add a RemoteApp source on the RDCB-SRV computer by using Remote
Desktop Connection Manager.
Important
This guide uses a self-signed certificate for the RD Web Access server. Self-
signed certificates are not recommended in a production environment. You
should use a certificate that is trusted from a certification provider when
deploying RD Web Access in a production environment.
5. In the Domain\user name box, type CONTOSO\mskinner.
6. In the Password box, type the password that you specified for Morgan Skinner, and then
click Sign in.
Note
In you receive a prompt asking you to install the Microsoft Remote Desktop
Services Web Access Control, click Run Add-on, and then click Run.
7. Click Calculator, and then click Connect.
8. When prompted, enter the credentials for Morgan Skinner, and then click OK.
You have successfully deployed and demonstrated the functionality of a RemoteApp program by
using the simple scenario of connecting to Calculator by using RD Web Access. You can also use
this deployment to explore some of the additional capabilities of personal virtual desktops through
additional configuration and testing.
Related topics
Step 1: Setting Up the CONTOSO Domain
Step 2: Installing and Configuring RemoteApp