Automatically launching a program or application upon login to a Remote Desktop Session. See below for methods to use the “start program at login” policy which can be configured per user. Another method to limit specific programs to a user is via RemoteApp. We have several other posts regarding RemoteApp and how to set it up and its limitations (i.e. RemoteApp setup is easier in 2008R2 (works in Workgroup mode) than 2012R2 but RDweb requires ActiveX (so IE only) and it doesn’t work for MAC users, while use of RemoteApp in 2012R2 requires joining to a Domain).
1) USING ENVIRONMENT TAB OF EACH USER’S PROPERTIES ON SERVER: If you want a program to automatically start when a user logs on to the RDP server instead of showing a full desktop session, you can configure this in the Environment tab of the Properties window for each particular user.
After you have made the changes, you should test that it works properly for your users by logging into the server using the accounts you changed/created including testing it with simultaneous sessions and to verify the sessions close properly when the application is closed.
We highly recommend enabling policy to log off disconnected sessions:
- Enable policy to log off disconnected sessions immediately or within a few minutes so you don’t have a blank screen if users don’t properly exist a program. Existing the program (instead of clicking X in upper right corner of program) will properly log off the session but enabling this policy will ensure that an improper disconnected session is automatically logged off. See block post here for instructions on how to enable this policy on both 2012R2 and 2008R2 http://www.riptidehosting.com/blog/how-to-set-time-limit-for-disconnected-sessions-windows-server-2012r2/
2) USING PROGRAMS TAB ON REMOTE DESKTOP CLIENT – Another method is to use the programs tab on your local remote desktop client prior to logging in to the server. On the programs tab, you can enter the path for program to start upon login. You can also create a RDP shortcut with this information saved on to your desktop. We have a video on our website on creating RDP shortcuts – https://youtu.be/iLKSMcIrfqE . A disadvantage to this method versus the first method above is that each user can edit the shortcut and change the settings. Your IT person can create these shortcuts and provide them to each user.
If you use this method on Windows 2008R2, you may have to change settings in RemoteApp under RDP Settings Change and allow access to unlisted programs.
3) USING GROUP POLICY – Another method to configure this is to configure programs to automatically start in the RD Session Host Configuration settings and in Group Policy, although then the logon settings could be applied universally to all users, including the Administrator (which means Administrator may not be able to access the desktop, start button, etc.) whereas the method above allows configuration by User. You could also create a separate group policy that would be applicable for a specific group, such as non-administrators, so the group policy change wouldn’t affect all users.
4) REMOTEAPP – Another method is to configure the RemoteApp feature in Remote Desktop Services (RDS). In 2008R2, this feature works great (either the RemoteApp distributable file or RD Web) for PC users but not for MAC users. In 2012R2, the RemoteApp features requires the Active Directory / Domain Controller service to be install on the server before RemoteApp can be used.
The most recent Windows Server 2016 Technical Preview iso is so large that only some DVDs readers can read it. Example try loading it on a Dell PowerEdge server. The iso was greater than 4.7GB and therefore was not burnable on the single layer DVDs we had. Simply copying the iso to a USB thumb drive will error when trying to boot because it is not a bootable device it is missing the boot loader so you will get the error message that boot file or bootmgr is missing. Note: to boot from USB on a Dell PowerEdge Server you much change settings in Dell bios to boot from USB. To work around this issue and properly boot a Windows Server Iso Image from a USB drive, we followed these steps for a windows machine:
- Have the .iso image on your local desktop/laptop or on a readable DVD.
- Download this Microsoft tool, “Windows USB/DVD Download Tool” (http://www.microsoft.com/en-us/download/windows-usb-dvd-download-tool), to your local desktop/laptop. We used this tool on a Windows 7 machine. We have seen posts where users says it works on a Windows 8 PC but have not verified it.
- Open the tool and follow prompts to copy the iso image from local machine to USB thumb driveInsert thumb drive in server and change bios boot options to boot from USB.
Use the steps below to schedule a task which can automatically reboot your Windows 2008 R2 server on a recurring basis. Please beware that users that are logged on will be kicked off when the server reboots.
- Go to administrative tools, task scheduler.
- Then right click on Task Scheduler and select Create Task
- Name the task, possibly something like “Reboot Weekly Saturday midnight”
- Change settings to run whether user is logged in or not. Change User/Group and type in SYSTEM.
- On the Triggers tab, select New and fill in your schedule and make sure to check Enabled at bottom of screen
- On the Actions tab, select New, Start a program, and browse to “c:windowssystem32shutdown.exe” and add “/r” in the arguments box
If users are logged on when the server is about to reboot, it will show a message “you are about to be logged off, windows will shut down in less than a minute”. It reboots in about 30 seconds from our experience. If you do this, you’ll want to schedule this when users are not in the server so unsaved data is not lost.
UPDATE FOR 2012 R2: The Desktop Experience feature is still required to be installed for Disk Cleanup to be available. The Desktop Experience feature is listed under “User Interfaces and Infrastructure” when installing the feature – see Microsoft TechNet link here: http://blogs.technet.com/b/rmilne/archive/2013/07/11/install-desktop-experience-on-windows-server-2012.aspx Disk Cleanup can then be found on the Tools menu in Server Manager.
As noted on the Microsoft technet link below, a Disk Cleanup option on Windows Server 2008 R2 is available to clean up the WinSxS directory which will reduce its size by cleaning up previous versions of Windows Update files.
Disk Cleanup is a component of the Desktop Experience feature which is not installed by default on Windows Server 2008 R2 so if you haven’t installed it already, you are generally required to do so (see alternative below although MS recommends installing Desktop Experience).
Here is a link to an overview of Desktop Experience on Windows Server 2008 R2 https://technet.microsoft.com/en-us/library/dd759187.aspx
(Note: You can run cleanmgr.exe by following the steps in this article without installing Desktop Experience. https://technet.microsoft.com/en-us/library/ff630161%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
SEE LINK – Cleanmgr.exe should go in c:WindowsSystem32.
SEE LINK – Cleanmgr.exe.mui should go in c:WindowsSystem32en-US.
After copying files, you can run cleanmgr.exe by typing it into the start box. This may be a good option to get Disk Cleanup without all the other components of Desktop Experience.)
To Cleanup WinSxS directory:
Run Disk Cleanup
Select c: and click on Clean Up System Files
You should see a row labeled “Windows Update Cleanup” with potential space savings of X GB.
Run – takes several minutes to clean up files.
Then on reboot (which was not forced immediately), it reboots to a Windows screen message “cleaning up” for several minutes
From our experience,
- We have seen it reboot twice on occasion during the process.
- This often reduces the WinSxS folder by 3 GB to 5GB.
- For us, the reboot process at “cleaning up” screen has taken anywhere from 5-15+ minutes
- One time while performing this, we noticed that the DNS fields on the network connection were changed back to default and internet access didn’t work properly until it was updated.
Generally we don’t recommend installing FTP on a server unless it is necessary. In some cases, it can be easier to transfer files through RDP. If installing FTP on a remote desktop terminal server and after installation it seems like it is still blocked even though the ports were open on the Windows firewall, try restarting the FTP service. Restarting the FTP service solved this issue. If you are having a similar situation, checks to see that the FTP service is started/running and try restarting it. Also, you should check that the required ports are open on any firewalls used which may be internal and external to the server.
If you are using a remote desktop terminal server, you can transfer files through RDP, by redirecting your local hard drive or via clipboard (cut & paste from local machine to server) without having to install FTP, etc.
We work with many IT consultants/firms that use our hosting services for their clients. Our premium hosting services are a good fit for IT consultants with clients looking to migrate servers to a datacenter/cloud, upgrade from older operating systems such as Windows 2003 or move to a hosting provider with superior bandwidth, infrastructure and redundancy. The IT firm/company has root access to load and configure as needed. The IT consultants can be our direct customer and bundle Riptide’s services with their own and mark it up as they wish, or we can directly invoice the referred end-user and pay the IT firm/consultant a recurring commission.
We provide many types of hosting services including remote desktop hosting (which can be utilized on a virtual server or a dedicated server). Remote desktop hosting is often used when a client wants to have applications hosted on a central server accessible by multiple user sessions. We also provide virtual server hosting, dedicated server hosting, colocation services, and monthly pricing on most Microsoft software (SQL, Office, RD user licenses, etc.) via the Microsoft SPLA program. Our agreement is month to month and our pricing includes the Windows standard operating system license in the base price. Windows VMs start at $90 for a virtual server (with root access) or $39/user, and full Dell dedicated servers start at only $225. Our premium, blended bandwidth (8 telecom carriers) is vastly superior to a single carrier bandwidth and designed to provide 100% network uptime.
We are always happy to discuss options, pricing, licensing, etc. for each specific situation since they all vary somewhat. We look forward to working with you!
When you add programs on a Terminal Server, you should follow the directions below by going to Control Panel -> Programs -> “Install Application on Remote Desktop…” You can see the Microsoft article on this here: http://technet.microsoft.com/en-us/library/cc742815.aspx (shown for 2008R2, same process in 2012R2)
Also see this: https://technet.microsoft.com/en-us/magazine/ff432698.aspx
See our RDP youtube video here: https://www.youtube.com/watch?v=G5Wx0i8Mv60
<iframe width=”854″ height=”480″ src=”https://www.youtube.com/embed/G5Wx0i8Mv60” frameborder=”0″ allowfullscreen></iframe>
If you don’t install your application using special install mode for multi-user environment, some applications will not work properly and you will see permission errors for non-admin users and other error.
Steps on Remote Desktop Server (Terminal Server) Windows Server 2008 R2 and Windows Server 2012 R2
- Login to server as Administrator
- Download your application (executable file) to the desktop or other location on the server and make a note of that location (alternatively can place media in your local CD/DVD drive if drive re-direction is on). If you are downloading your application file from the internet, you may need to turn off “Internet Explorer Enhanced Security Configuration” (IE ESC) if using Internet Explorer (or add URLs to trusted sites) or use a different browser such as FireFox or Chrome.
- Open Control Panel, then Programs, then click on “Install Application on Remote Desktop…”
- Click ‘next’ and browse to location to where your application file is located
- Let application install and click “finish”
Our remote desktop hosting (terminal server hosting) servers are designed to provide access to your applications from anywhere. Using Windows remote desktop protocol, you can access your business applications, Access databases and other programs running on the server from any device using the remote desktop connection client (already installed on all windows PCs, see blog post here for free download of RDP client on macs http://www.riptidehosting.com/blog/remote-desktop-connection-client-for-macs/). Some clients install applications that interface with Microsoft Office or need Office installed for other purposes. Riptide Hosting offers Microsoft Office or stand-alone Excel or Access (2010 or 2013, Standard or Professional Plus) on a per user basis for $8-$16 per month. For the best user experience, we highly recommend Microsoft Office to limit compatibility issues or errors working with your existing applications that interface with Office.
Although we recommend Office and can provide the licensing on a monthly basis, some users wish to consider alternatives to Office that are fee. Below is a discussion of some alternatives:
According to its website, “Apache OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It is available in many languages and works on all common computers. It stores all your data in an international open standard format and can also read and write files from other common office software packages. It can be downloaded and used completely free of charge for any purpose.”
You can download the most recent version of Open-Office here: https://www.openoffice.org/
Remember when installing programs on a Remote Desktop Server, you should follow these steps: Go to Control Panel -> Programs -> “Install Application on Remote Desktop…” You can see the Microsoft article on this here: http://technet.microsoft.com/en-us/library/cc742815.aspx
This sets the programs up to run for all the users.
Export to .csv file and copy to your local desktop
If you only have Office installed on your local machine, another option is to export reports from applications running on the remote desktop (terminal) server in Common Separate Values (.csv) format when it’s an option. Then you can copy the file to your local desktop and open using Office on your local machine. This often works for excel documents. This may not always be an option and does add additional steps versus having Microsoft Office or Excel installed on the server itself.
Excel and Word Viewers
If you don’t need to modify or save the document, you could use Excel Viewer and/or Word Viewer. These viewers allow you to open an excel/word document but not modify or save the document. Since this provides limited functionality, we recommend that you license Excel or Office through Riptide Hosting on a monthly, per-user basis.
EXCEL VIEWER http://www.microsoft.com/en-us/download/details.aspx?id=10
WORD VIEWER http://www.microsoft.com/en-us/download/details.aspx?id=4
Update for Windows Server 2016 – Windows Defender is built-in to Windows Server 2016 and is provided at no charge. If you have Windows Server 2012 R2, we can install MS System Center Endpoint Protection on your server for a nominal monthly fee (Windows Defender does not exist for Windows Server 2012r2). You are always free to install and use your own AV / malware / security software product as you see fit. Before installing software, you should verify it is supported on the Windows Server OS you have as well as on a RDS/Terminal Server if that role is installed.
Original Blog Post – Appropriate security measures should be taken on all hosted servers of which one component is using an anti-virus program. If you have a RDP hosted server with users who surf and download from the web, anti-virus is a must. Having the server backed up is another key to ensure you keep all your data safe.
Riptide Hosting can provide the licensing for MS Endpoint Protection stand-alone for $20 per server (or $5 per user if you are utilizing our per user terminal server application hosting offering – https://www.riptidehosting.com/Terminal-Server-Application-Hosting.aspx). Our licensing is provided on a monthly basis with no long-term commitment.
You can also choose to use your own anti-virus software which you may have more familiarity with or already own licenses for. You should verify that the software will work with the Windows Server OS that you have as well as with the remote desktop services (RDS) / terminal services role if installed (and any configuration changes necessary for install on a RDS / terminal server). Also, remember to install programs on a remote desktop server (terminal server) through control panel, install programs on remote desktop server.
If you would like to utilize our licensing for MS Endpoint Protection and have us install it on your server, please let us know.
Other AV offerings that you can research for pricing, compatibility and specifications include: eset, avg, malewarebytes, and many more.
Windows Server comes with Internet Explorer (you are also free to download another browser of your choice such as Chrome or Firefox). Internet Explorer Enhanced Security Configuration (IE ESC) is a security feature that can be enabled or disabled. If enabled, when you open IE you will see something like this “Internet Explorer Enhanced Security Configuration is enabled” and when you type in a website, you may see a popup with “Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration”. According to Microsoft, IE ESC “reduces the exposure of your server to potential attacks from Web-based content”. IE ESC will typically block your ability to download programs or applications to the server.
If you need to temporarily disable this feature, you can do so using the following steps:
- Open “Server Manager” – click on the icon that looks like a ‘tower computer with toolbox next to it’ in taskbar next to the start button
- In Server Manager, go to the “local server” section in left side menu.
- Next, look for “IE Enhanced Security Configuration” in the right column, click on the OFF hyperlink.
- Here you can disable Internet Explorer Enhanced Security Configuration for “Administrators” or “Users” or Both. This is where you can enable IE ESC too. Usually the new settings will take place when you close out the existing IE sessions and reopen the browser; otherwise reboot the server for the changes to take effect.
To protect your hosted remote desktop server (terminal server), we recommend security measures such as anti-virus, backing up your data, requiring strong / complex passwords, etc. We also offer Veeam full server image backup that goes beyond just file/folder backup. Our licensing is monthly with no long-term commitment.