Step 4 – Remote Desktop Services Web Access – Standard Deployment

Once you have entered the credentials, you will see that nothing is configured.

Certificates

The first thing we are going to do is configure the SSL certificate.

In this article you will find how to create a remote desktop certificate template:

ADCS – Create a template for the remote desktop certificate via (AD CS)

Open MMC (Windows button + R and type MMC) and request a certificate.

Access the file, add / remove a snap-in, and add the certificate to the snap-in. Be sure to specify a computer account.

Expand Certificates and right-click Personal, All Tasks -> Request a new certificate

On the Before you begin and Select the certificate enrollment policy page, click Next.

On the Request a certificate page, select the corresponding Template already created above and click on the More information is required… link.

Change the subject name type to Common Name and add the exact name of the server or website you are using.

We will first add the unique label name rdwa01 and then the fully qualified domain name rdwa01.domain.com, click OK. Once finished, click on Register and finish

Now, under Personal, I can go up and click on Certificates, and here is the certificate I requested. Next, we need to export the certificate with a private key and configure RDWA01 to use it.

The export wizard is displayed. Click on Next. Select Yes, export the private key and click on next.

On Export File Format click next.

Check the Password box and enter the password. Click on Next

Type the name and location where you want to save it and click Next and finish

Now we want to add this certificate to the remote desktop service, click on the Collections, Tasks page and click on Edit Deployment Properties.

We are going to click on Web Access.

I will select an existing certificate, search for the certificate, give the password and check the Allow adding certificate… box. And click on OK.

Click Apply, then we will see the certificate appear as trusted.

Open the web browser and go back to the remote desktop access page, we can see that the web page is displayed without certificate error.

Publish applications

When we publish remote applications, everything is done on the Connection Broker.
When I log in, this is what it currently looks like. We can now see that there is no Remote Apps program published

We want to see remote applications here, which will allow my users to use the applications that run on the RDSH.

To publish RemoteApp programs, click on the link and the wizard will retrieve a list of applications available on the RDSH. If you want to publish programs that are not on this list, use the Add button to find the program you want to publish. Note that you must find a UNC path, not a local disk, on the Remote Desktop session host.

Let’s continue and publish Calculator and Google Chrome. Select these programs and click on next, publish and close

The applications are published, we will carry out a verification. Start the web browser, log in to the RDWA page, and log in.

If you click on one of them, it prompts you to log in and you can see that Chrome opens.

Return to Collection and right click on the calculator and modify the properties.

The first thing I can do is change the name. I can choose to display or not on the web access page. I can also have the web access page to categorize programs into folders. I will put the calculator in a folder called Tools.

In the command line parameters we can

Add any

Always use these special command line parameters.

Do not allow any command line parameters

In assigning users, we can limit the particular RemoteApp to specific users, so that only users authorized to use the app will see it.

It is important to know that we must therefore do this for each RemoteApp.

The last thing we can change are the file associations. If I want to open particular files, say, .doc to open in WordPad, we can add file associations here which will link this RemoteApp application to these associations, to these file extensions.

If we go back to the RDWA page and if we refresh, we will be able to see the Tools folder. If we click on it, we will see Calculator.

Password reset

The first thing you can do is add a password reset link, so it’s actually a link where users can change their AD passwords only from the main RD Web Access page.

Let’s start by opening IIS in Server Manager

Expand the RDWA01 server -> sites -> Default site -> Web page and click Pages.

Double click on Application Settings

We can see that the password change activated is false, so I’m going to modify it and change it to true. Double-click it and enter True in Value

Changing this to true means that if the user’s pass expires, the web access page may prompt them to change their passwords, but we want to give them a link on the main page. Minimize IIS and open Windows Explorer.

By default, the web page is in %windir%\web\rdweb\pages\<language-code>

This will also be the folder in which we will make most of the customizations discussed in this article.
Before continuing, make a backup copy of this entire folder %windir%\web\rdweb\pages\

We want to modify login.aspx. Right click on it and select edit.

We need to find an area that talks about userpass.

Scroll down and go to the end of the table and add a new code. We are going to add another tr (is for the row of the table), td (will keep this particular cell on the right side) and now we are going to add a hyperlink, so it’s a href. Everything in the tags will be what users will click on.

Save the file and go to your web page. You can now see a link on the main page and if you click on it, it will open the password page.