Prerequisites for creating limited application access on windows server

Print Friendly, PDF & Email

Following prerequisites are needed for creating a limited application on windows server. This helps in configuring the access to remote desktop applications.

Configuring a remote application

To configure a remote application for limited application access, follow these steps.

  1. Open Server Manager.
  2. Navigate to Remote Desktop Services > Collections > QuickSessionCollection.
  3. In the REMOTEAPP PROGRAMS section, click the Tasks drop-down menu and select Publish RemoteApp Programs.

    Publish remoteapp programs

    The Publish RemoteApp Programs dialog box opens.

  4. Select the app that you want to configure and click Next.

    Selecting app to configure

  5. On the Confirmation page, click Publish.

    Confirmation page
  6. After the application is published, right-click it in the REMOTEAPP PROGRAMS section.

    Edit properties

    Click Edit Properties.

  7. On the General tab, click the Yes option button in the Show the RemoteApp program in RD Web Access dialog.

    General

    Click OK.

  8. On the Parameters tab, click the Allow any command-line parameters option button if you want to support command-line parameters. Else, click the other two option buttons as required.

    Parameters

    Click OK.

  9. On the User Assignment tab, it is highly recommend to change the User Assignment option to a specific user or a group of users.

    User Assignment

    You will be connected to the server as a pre-designated account, which can be managed by Privileged Identity. This is the only account that requires access to run the program. The assigned account requires all permissions and rights to launch the desired programs.
    After this is done, click OK.

Known Issues

Following known issues occur while accessing remote desktop applications.

Case – 1:
After an application is minimized, it cannot be maximized. The screen will remain blacked out.

Minimize
Black Out

The workaround:
The user must wait for one minute. After one minute, the user can relaunch the application from the application portal.

Case – 2:
User opens one application and closes the browser tab without closing the application. The first application is visible when the user opens another application.

Two applications open

There is no workaround for this case. You can close one application and access the other application.

Creating an Organizational Unit and Adding Users

To create a separate organizational unit and add users, follow these steps.

  1. Open Server Manager. Navigate to Tools > Active Directory Users and Computers in the upper-right corner.

    Tools

    A new dialog box opens.

  2. Right-click the current domain. Click New > Organizational Unit for adding users to allow access for Remote Desktop Applications.

    New Organizational Unit

    The Organizational Unit dialog box opens.

  3. Enter the name of the organizational unit.
    Select the checkbox below the Name field.

    OU name

    After this is done, click Next.

  4. Right-click on the Organizational unit. Select New > User.

    New user addition

    A new dialog box opens.

  5. 5.Enter the following details in the New Object – User dialog box.

    • Enter the name of the user.
    • Enter the user logon name.

    New object - User 1

    Click Next.

  6. On this page, enter the password and confirm the password.
    Select the checkboxes, as required.

    New object - User 2

    New object - User 3

    Click Next. Then click Finish.

    New object - User 4 finish

Creating a Group Policy

Creating a group policy is recommended for limited access to applications.
To create a group policy, follow these steps.

  1. Open Server Manager.
  2. Navigate to Tools > Group Policy Management.

    GPO Management

  3. On Group Policy Management (GPO) page, the organizational units created earlier are displayed under Domains.
  4. Right-click the Organizational Unit for which you want to create a new group policy. Click Create a new GPO in this domain, and Link it here.
    Create a new GPO

    A new dialog box opens.

  5. In the New GPO dialog box, enter the group policy name and click OK.

    New GPO dialog box

    This new group policy is created. It is visible in the left side pane.

  6. Now, right-click the policy. Click Edit.

    Edit GPO

  7. In left hand pane, navigate to User Configuration >Administrative Templates >System.
    Under System, double-click Run Only Specified Windows Applications.

    Run only specified windows applications

    A dialog box opens.

  8. Click Enabled option button.

    Enabled option button

  9. Click the list of allowed applications to see and add applications.
  10. To add applications, click Show.

    The Show Content dialogue box opens.

  11. In the Value column, type the exact .exe file names of applications you want to allow access to users.

    Show contents

    Click OK to save it.

    GPO creation completed

  12. Now the Group policy creation is complete.

    Note:
    mstsc.exe and rdpshell.exe are must to take RDP.

Was this page helpful?