Deploying RDS Remote Applications to Users’ Laptop Start Menu
Introduction
This white paper outlines the process to publish Microsoft Remote
Desktop Services (RDS) RemoteApps directly to end-users’ Start Menu on their
laptops. The goal is to provide a seamless user experience where RemoteApps
behave like locally installed applications, launching without additional
credential prompts.
RDS Farm Overview
A Windows Server 2022 RDS farm was built on-premises for internal
users. Key components of the deployment:
·
2 RD Connection Broker
Servers (with High Availability using SQL Server
2022)
·
2 RD Web Access Servers
·
3 Session Host Servers
·
1 License Server
·
No RD Gateway (internal use only)
·
PKI SSL Certificates applied for:
o
RD Connection Broker - Enable
SSO
o
RD Connection Broker -
Publishing
o
RD Web Access
·
Load Balancing handled by NetScaler for RD Web Access and Connection Broker
servers
Users access published applications via browser successfully with
good performance, as both RDS infrastructure and users reside in the same
Active Directory domain.
Business Requirement
Business users requested the RemoteApps to appear under a folder
called “Work Resources” in their laptop Start Menu, launching seamlessly
without additional login prompts post Windows logon.
Note on
Examples Used in This Document
Throughout the technical steps, the RemoteApp named “Calculator” and
associated files like Calculator.rdp and Calculator.ico are used as examples to
illustrate the process. Replace these with the actual RemoteApps and
corresponding files relevant to your environment.
Challenge with RDS
Feed URL
Initial attempts involved using the built-in RemoteApp and
Desktop Connections feature:
1.
Open Control Panel >
RemoteApp and Desktop Connections
2.
Enter RDS Feed URL: https://<servername>/rdweb/feed/webfeed.aspx
This approach resulted in repeated credential prompts and error code
0x80004005, 0x0, despite assistance from Microsoft Support.
Alternative
Solution: Group Policy Deployment of .RDP Files
Instead, the .RDP files for each RemoteApp were downloaded and
distributed via Group Policy. Custom icons were also deployed to enhance
usability.
Advantages
·
Launch RemoteApps directly from
Start Menu with Windows Search
·
Seamless Single Sign-On (SSO)
experience
·
Automatic icon visibility
Prerequisites
·
Export .rdp files for each
RemoteApp from the RDS Web Access portal
·
Capture icons (e.g., using
screenshots), convert to .ico format, and store centrally
·
Ensure all files are readable
by users (shared folder with at least Read permission)
·
Group Policy Management Console
(GPMC) access
Deployment Steps
Step 1: Create a GPO
·
Open Group Policy Management
Console (GPMC)
·
Right-click on the appropriate OU
where user laptops are located
·
Click Create a GPO in this
domain and link it here
·
Name the GPO: Deploy RDP files to Start Menu
Step 2: Create
“Work Resources” Folder in Start Menu
·
Navigate to: User Configuration > Preferences > Windows Settings > Folders
·
Right-click Folders >
New > Folder
·
Action: Update
·
Path: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Work Resources
Step 3: Create
“Images” Folder for Icon Files
·
Path: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Images
Step 4: Copy .RDP
Files to “Work Resources”
·
Navigate to: User Configuration > Preferences > Windows Settings > Files
·
Right-click > New >
File
·
Action: Update
·
Source File: \\<SharedFolder>\Calculator.rdp
·
Destination: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Work Resources
·
Repeat for each .rdp file
Step 5: Copy .ICO Files
to “Images”
·
Similar to Step 4
·
Source File: \\<SharedFolder>\Calculator.ico
·
Destination: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Images
·
Repeat for each icon file
Step 6: Create Start
Menu Shortcuts
·
Navigate to: User Configuration > Preferences > Windows Settings >
Shortcuts
·
Right-click > New >
Shortcut
·
Action: Update
·
Name: Work Resources\Calculator_RDS
·
Target Type: File System
Object
·
Location: Start Menu
·
Target Path: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Work Resources\Calculator.rdp
·
Icon File Path: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Images\Calculator.ico
PKI Certificate
Deployment
Step 1: Create
GPO - Root and Intermediate Certificate
- Navigate to:
o
Computer Configuration >
Windows Settings > Security Settings > Public Key Policies > Trusted
Root Certification Authorities
- Import Root Certificate
- Then navigate to:
o
Intermediate Certification
Authorities
- Import Intermediate Certificate
Enable Single Sign-On
(SSO)
Step 1: Create
GPO - SSO for RDS Remote Application
- Navigate to: Computer Configuration > Policies > Administrative Templates
> System > Credentials Delegation
- Enable: Allow delegating default credentials with NTLM-only
server authentication
o
Add entries in the form:
§ TERMSRV/server1.domain.com
§ TERMSRV/server2.domain.com
§ TERMSRV/server3.domain.com
o
Enable: Concatenate OS
defaults with input above
- Enable: Allow delegating default credentials
o
Same server entries as above
Final Step: Enforce Group Policy
·
Wait for automatic refresh
(typically 90 minutes)
·
Or manually run: gpupdate /force
Comments
Post a Comment