locked
Icons seen when publishing RemoteApp RRS feed

  • Question

  • Hi,

    Just a quick and probably easy question which I'm hoping can be answered. When publishing RemoteApp applications through RD Gateway and Forefront TMG does the user see the icons for all available applications on the RD Session Hosts or only those applications they have be authorized to access?

    Thanks,

    Patrick Leathen


    Thanks, Patrick Leathen
    Wednesday, August 3, 2011 11:53 PM

Answers

  • Hi,

    When you publish the RemoteApp icons you are using TMG to publish RD Web Access, similar to as described in the article below, correct?

    http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-Publishing-RD-Web-Access-RD-Gateway-Part2.html

    If my understanding of your intention to publish RD Web Access via TMG is incorrect, please let me know.

    By default if you publish RD Web Access, the user will logon to the RDWA page with their username/password using forms authentication just like in a non-TMG scenario.  This will limit the RemoteApps they see on the page based on the RemoteApp User Assignment I linked to above.

    As I mentioned before the above only filters the icons they see on the page, it does not actually limit which RemoteApps the user may launch.  You must use some other mechanism to actually prevent users from launching a RemoteApp that they do not have access to such as NTFS permissions or AppLocker.

    If you are planning on publishing the RemoteApp icons using some other method besides RDWA and/or you plan on changing the default authentication for RDWA and/or are planning to do something a little different then please describe in detail.

    Thanks.

    -TP

    Tuesday, August 9, 2011 5:10 AM

All replies

  • Hi,

    Users will only see the icons for RemoteApps that you have assigned to them.  This only affects what icons are shown in RD Web Access, and is not a substitute for securing access to a program using NTFS Permissions, AppLocker, etc.

    Assign Domain Users and Domain Groups to a RemoteApp Program

    http://technet.microsoft.com/en-us/library/dd851539.aspx

    -TP

    • Proposed as answer by TP []MVP Friday, August 5, 2011 4:21 AM
    Thursday, August 4, 2011 12:17 AM
  • Hi,

    Thanks for the reply, however what I need is confirmation of is when publish RemoteApp applications externally through RD Gateway and Forefront TMG that users will only see those applications they are Authorized to access, which yes is done though security group membership. I've been told that this is not the case when publishing through RD Gateway and TMG and users in fact see all applications available on the RD Session Host, though only have the ability to access those they are authorized too. However, when publishing through Forefront UAG users will only see those applications they are in fact authorized to access.

    I do intend on testing both scenarios as I need to confirm that users do NOT see all applications and only see the icons for those applications they have sufficient privileges to access. Was, just looking to see if anybody here might be able to confirm this beforehand.


    Thanks, Patrick Leathen

    Monday, August 8, 2011 10:24 PM
  • Remote Apps User assignment is better explained here :

    http://blogs.msdn.com/b/rds/archive/2009/06/12/introducing-remoteapp-user-assignment.aspx

    Hope it answers your queries.


    Please remember to click “Mark as Answer” on the post that helps you.
    Tuesday, August 9, 2011 4:55 AM
  • Hi,

    When you publish the RemoteApp icons you are using TMG to publish RD Web Access, similar to as described in the article below, correct?

    http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-Publishing-RD-Web-Access-RD-Gateway-Part2.html

    If my understanding of your intention to publish RD Web Access via TMG is incorrect, please let me know.

    By default if you publish RD Web Access, the user will logon to the RDWA page with their username/password using forms authentication just like in a non-TMG scenario.  This will limit the RemoteApps they see on the page based on the RemoteApp User Assignment I linked to above.

    As I mentioned before the above only filters the icons they see on the page, it does not actually limit which RemoteApps the user may launch.  You must use some other mechanism to actually prevent users from launching a RemoteApp that they do not have access to such as NTFS permissions or AppLocker.

    If you are planning on publishing the RemoteApp icons using some other method besides RDWA and/or you plan on changing the default authentication for RDWA and/or are planning to do something a little different then please describe in detail.

    Thanks.

    -TP

    Tuesday, August 9, 2011 5:10 AM
  • Hi,

    Looking forward to your feedback.


    Technology changes life……
    Tuesday, August 16, 2011 11:49 PM