none
remote desktop and group policy

    Question

  • i have a question about rdp and group policy. my client has a rdp server and i have been able to grant acces to several users.

    i want to give my users acces to the rdp and have a application start. i tried it with the remote desktop session host configuration but ran into the problem that i as a administrator had no control over the server anymore unless i log on to the console. well the problem is that i am in a different city.

    so i tried using the group policy i like that better because i should be able to point the gp to a specific user or group off users and still maintain control over the server myself, i tried some settings myself and could not get it to work. than i did my research and found out that i was doing the right thing group policy  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment.

    well long story short it does not work even after restarting the server several times gpupdate. you name it i tried it. i am old school and am at the point where i am ready to read the manua. yeah that bad.

    i have had help in the forums from several people and i hope that someone can help me out here. 

    thanks


    Just a clear mind and some time to think

    Wednesday, October 24, 2012 12:36 AM

All replies

  • sorry i forgot to mention that with the group policy enabled and enforced i dont get any results and i still get my normal desktop on the rdp server

    ok well the presure is off. i have a workaround. even though group policy isnt working and the local policies give me a result i sort off can use but not really. administrator can do everything but every other user including admins get the application. the best work around is to add the required application to the envirement tab within the user properties of the object within ad users and computers.

    i say work around because a 100 years ago back in school i was tought that we admins are basicly lazy people and that we like to automate our job. now adding the required application to every user we have is a time consuming way. so if there is anyone who can help me sort out the group olicy thingy i would apreciate that


    Just a clear mind and some time to think

    Wednesday, October 24, 2012 1:59 AM
  • Hi,

    I may not fully understand what you said.What did you mean by "but ran into the problem that i as a administrator had no control over the server anymore unless i log on to the console."
    To remotely mangage the RDS server,you don't need to change any policies.You can Remote desktop to the RDS server using mstsc /admin and log on using the domain administrator account to control over the server like console.

    The policies under Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment define the setting allows you to make for Remote Desktop Services connections.

    To check whether your policy has been applied,run the gpresult or rsop.msc on the RDS server to see whether the corresponding GPO has been applied.If you create a GPO on DC,you need to link the GPO to the existing OU which has a RDS server object inside.

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, October 24, 2012 10:00 AM
  • hi clarence thanks for your response

    ok what i ment with no more control over the server is that when i logged on i also got the application and had no desktop. canceling the login for the application made me cfancel the the rdp session. and the only way to administer the server was to go to the location and log on to the console.

    but what i need is that regular users when they log on to the server get a application and nothing else and when they exit the application the session needs to end just like what happens when you use the  remote desktop session host configuration  and add the application to the enviroment. i need that application to start for every user with the exception of the administrator my own user and the support person off he application company.

    problem is that we have users that like to find out what they can do on the server so we need that locked down to the bone.

    i tried like i said the remote desktop session host configuration and when that didnt work i tried group policy. within group policy i have it linked to the ou of the rds and that had no result. i might as well have done nothing. i know i must have done it right caus ei followed the instructions i found on a technet (microsoft) page and followed that to the letter.

    as a work around till i get a working solution i added the application to the ad users and computer objects. to be exact in the user object go properties than top row there is a tab enviroment specially to do this. first of it is a lot of work to maintain that for all new users and secondly i noticed that when the users exit the application the session doesnt end it just exits the application and gives me the blue background off the desktop and doesnt logg off.

    i have been in the IT Business a long time but rdp is new to me and way to elusive for me. so any help is apreciated

    thanks


    Just a clear mind and some time to think

    Thursday, October 25, 2012 2:03 AM
  • Hi,

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thank you for your understanding and support.

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, October 25, 2012 3:50 AM
  • Hi,

    Based on your description, I understand what you want is let normal users can only open one specific application when RDP, but you want the administrator account/or your account can RDP to the server to manage the RDS server, if I misunderstand your means, please feel free to correct me.

    If that is the case, I think we can achieve your goal via:

    ---Open RemoteApp Mananger, pubish the specific application as a RemoteApp.

    ---Then right click the published RemoteApp and click create a MSI file or publish it to as a RDP file.

    ---Then copy this MSI file or RDP file to the normal users' client and install it.

    ---Install the MSI file on users' client, when users want to open the applications, just open the icon created on their clients. If you want to RDP to the server, just use MSTSC /admin to directly RDP to the server.

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, October 26, 2012 9:26 AM
  • Hi,

    How are things going, could you please give us an update?

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, October 30, 2012 2:47 AM