An Introduction to Terminal Services Remote Programs (Part 3)

by [Published on 6 Dec. 2006 / Last Updated on 6 Dec. 2006]

How to distribute the remote programs that were authorized in the previous article.

If you would like to read the other articles in this series please go to:

Introduction

So far in this article series, I have talked about how remote programs work in conjunction with the Terminal Services, and how you can designate a program for remote execution. In this article, I will continue the series by talking about how to make a remote program available to the users.

At the conclusion of Part 2, we had configured an application for remote execution. What this means is that the server that will be hosting the remote application is fully configured, and ready to go. The trick now is to make the remote application accessible to the end users. As I’m sure you know, when a user runs a normal Terminal Server session, the user establishes a connection to the server by using client software that communicates with the server using the RDP protocol. Things work a little bit differently when a user is executing remote programs. The user’s computer will still have to communicate with the Terminal Server using the Remote Desktop Protocol, but the normal Terminal Server client software won’t cut it.

The Terminal Server client software is designed to provide the user with access to an entire remote operating system environment. Remember that the whole point of running remote programs is that we want the user to be able to work off of their own desktop. We don’t want to force the users to use the Terminal Server desktop. Even so, the users will require some sort of client software in order to access the remote programs.

In order to run remote programs, the client computer must have the Remote Desktop Connection (RDC) 6.0 software installed. The software is included with Longhorn Server and Windows Vista. A version intended for users running Windows XP or Windows Server 2003 will eventually be available for download.

Running the Remote Desktop Connection software is only half of the process though. The other half of the process consists of providing users with a link to the remote program. This link will appear as either a shortcut on the user’s desktop, or as an application on the user’s Start menu. The file that acts as a link to the remote program uses the .RDP extension. You can either install an RDP file onto a user’s workstation manually, or you can create an MSI file that acts as an installer for the RDP file. The advantage to creating an MSI installation package is that you can distribute this package using a group policy, or just about any other software deployment utility. In the next section, I will show you how to create a basic RDP file, but then, in the upcoming article, I will go on to show you how to create an MSI installer package for the file.

Creating an RDP File

Begin the process by selecting the Terminal Services Remote Programs command from Longhorn’s Administrative Tools menu. When the console opens, you should see the Allow list, which contains a list of the applications that you have configured to run remotely. You can see the Allow list in Figure A.


Figure A: The Allow list is a list of programs that you have configured to run remotely

Select the application that you want to create an RDP file for, and then click the Create RDP Package link, found in the Actions pane. Doing so will launch the Remote Programs Wizard.

When the wizard opens, click the Next button to bypass the wizard’s welcome screen. You will now see a screen asking you to enter a location to which the RDP packages should be saved, as shown in Figure B. You can either enter a custom location, or go with the defaults. In either case, just make sure that the port number is set to 3389. If your Terminal Server is a part of a load balanced Terminal Server farm, you will also have to select the This Server is Part of a Farm check box.


Figure B: The Remote Programs Wizard asks you for a location to store the RDP package that you’re creating

The next step in the process is to set the security options for the RDP package that you are about to create. To do so, click the Security button, which will open the Configure Package Security dialog box, shown in Figure C.


Figure C: The Configure Package Security dialog box allows you to configure the remote application’s security

Depending on how your Terminal Server environment is configured, you may or may not have to configure any package security options. The Configure Package Security dialog box is primarily intended for use by those who have a Terminal Service Gateway in place. If you have a Terminal Service Gateway on your network, then you’ll have to select the Use TS Gateway checkbox. Additionally, you’ll have to provide the name of the Gateway server, and select whether you want to always use the Gateway or use it only when a direct connection is not available. You will also be required to choose between using a smart card in a password for authentication.

Even if you are not using a Terminal Service Gateway, there is a check box on the screen that you can use to require server authentication. Selecting the Require Server Authentication checkbox requires the Terminal Server to authenticate itself before clients can connect to it.

When you finish configuring the security options, click the OK button. You will now be taken back to the Remote Programs Wizard screen shown in Figure B. Click Next and you will see a screen displaying a summary of the options that you’ve chosen. Click the Finish button and the RDP file will be created in the location that you have specified.

Deploying the RDP File

  Now that you have created an RDP file, simply copy it to a user’s workstation. When the user double clicks on the file, they will see a dialog box similar to the one that’s shown in Figure D. As you can see in the figure, this dialog box simply asks the user to enter their credentials.


Figure D: The user must enter their credentials to access the remote program

The user will now see a different type of security warning. As you can see in Figure E, Windows Vista warns the user to verify that the remote system is trustworthy. By default, the remote application will have access to the user’s local hard disk, local ports, local clipboard, and other supported devices. The screen does however contain check boxes that the user can use to limit the amount of access that the remote application has to the local system. As an administrator, you can automate this process to avoid displaying confusing warning messages to the users. Click OK, and the remote program will be opened.


Figure E: The user has the option of limiting access to local resources

Conclusion

In this article, I’ve shown you how to create and deploy an RDP file that can be used as a shortcut to a remote program.  In the next part of this article series, I will show you how to create and distribute an MSI package for a remote program.

If you would like to read the other articles in this series please go to:

Advertisement

Featured Links