FULL DESKTOP SESSIONS: The most common method of using Remote Desktop Services (RDS) in Windows Server 2016 or Windows Server 2019 is using full “desktop sessions” where each user has their own desktop session to modify/customize the desktop, open programs (usually in simultaneous, multi-user mode – i.e. split MS Access application where each user has their own front-end), save and share files, open MS Office documents (if Office is installed), etc. Users can share files with other users through the use of public folders. Desktop sessions are the default method in RDS and are typically easy to use from any device with the Microsoft Remote Desktop Connection client which is built-in on Windows PCs and can be downloaded for MACs, iPhone, android, etc. If you need to share and save files, interface with Office, install several applications, or have full desktop features, you will likely want to use regular/full desktop sessions without adding the advanced configurations and complexity of RemoteApp/RDWeb. A RDS setup with full desktop sessions can be setup within a few hours.
START PROGRAM AUTOMATICALLY UPON LOGON: If you want some (or all) users to only open one particular program/application when logging into the server and don’t want to provide a full desktop session, you can set this up within each individual user’s profile settings in the environments tab under properties. This is easy to setup and you can do it on a user-by-user basis. Starting with Windows Server 2016, there is a registry key that must be set for this to work so please contact Riptide Hosting to change this registry key. Using this will make it so your application will open automatically when a user logs into the server and when they close the application the entire session will close without ever providing a desktop session. This option may works if you have a single program for users to access and don’t want to provide a desktop session. This option probably will not work well for you if you have multiple applications, need users to save or share files, or export files to Excel, etc. (then you would want to have full desktop sessions). Contact us for a few screenshots on this option. For example, in the Environment tab of the particular user’s properties, enable the box by “start the following program at logon” and in the “program file name” field, use a path similar to this which would start a MS Access Application: “C:\Program Files (x86)\Microsoft Office\Office16\MSACCESS.EXE” “C:\users\xxx\xxx.mdb or .accde”
REMOTEAPP/REMOTEWEB: RemoteApp/RDWeb is a RDS role that can be installed separately where users login to a website (https://yourdomainname/rdweb or https://yourIPaddress/rdweb) and only see applications that you have published to them. RemoteApp/RDWeb is a great role to use when you don’t want to provide a desktop session, but it is much more complex to setup and requires the server to be connected to a domain (either domain joined or install the Active Directory Domain Services (ADDS) role on the server), and that you install the RD Connection Broker role and the RD Web Access role. If you install the ADDS role on the same/single server, you must install ADDS before you install the RDS roles (RD Session Host, RD Gateway, RD Connection Broker, RD License Server, and RD Web Access). With RemoteApp you will want to install trusted SSL certificates for use with all RDS roles. Historically RemoteApp did not work particularly good for MAC users and browsers beyond Internet Explorer (due to ActiveX requirements) but these limitations have gone away in newer versions Windows Server. With RemoteApp/RDweb, you would access your applications through a website at: https://IPADDRESSorFQDN/rdweb. We recommend you use an IT consultant/firm for setting up RemoteApp/RDWeb that has done it before and we can provide referrals if needed.
FULL DESKTOP SESSIONS WITH GROUP POLICIES: If you want to provide full desktop sessions but want to lock down what users can see or do more than what is provided by default, you can setup group policies that affect non-administrators users. Here is an old blog post on doing this on a workgroup server (if your server is domain joined, you can do this through the domain controller): https://www.riptidehosting.com/blog/how-to-create-group-policies-in-server-2012r2-that-only-affect-specified-users/ Setting up group polices is a very powerful method to locking down the server for regular users. That said, this is relatively complex and easy to accidently lock yourself out so we would recommend you have us take a snapshot first before applying group policies.