Terminal Services Log

In my previous post I described how you could add filtering for RemoteApps. This post contains step-by-step instructions on how to build the portal.

Step 1. Create RemoteApp applications and .RDP files

I will assume you have Terminal Server with RemoteApp installed so I will skip that step.

1. Open TS RemoteApp Manager

2. Publish all Applications you want your users to see.

3. Select all Applications and then click “Create .RDP files”

4. All RDP files will be stored to Program Files > Packed applications

We are going to redistribute all these files to our portal.

Step 2. Creating security groups for accessing web portal.

I have created two Security groups Management and Sales. I added user user_management to the Management group and user_sales to Sales group. user_sales and user_management are also part of the Remote Desktop Users security group.

It is much easier to use security groups, later you will be able to add user to another group or a new user to the existing group. We will be using groups to configure permissions over virtual folders.

Step 3. Configure IIS security settings

For the purpose of this post I created two folders on my Default web site. These will be used to host RDP files and application images (icons).

Step 3.1. Copy all the RDP files of published applications for members of Management group

Step 3.2. Create default.asp file in the Management folder and paste the following code:

<%@ Language=VBScript %>
    <HTML>
    <head><title>Welcome to RemoteApp Portal</title></head>
    <BODY>
    <b>Welcome to RemoteApp Portal</b> <br><br><br>

    <%
    Dim objFileScripting, objFolder
    Dim filename, filename2, filecollection, strDirectoryPath, strUrlPath
        strDirectoryPath="c:\inetpub\wwwroot\Management\Applications\"
        strUrlPath="\Management\Applications\" 

        'get file scripting object
        Set objFileScripting = CreateObject("Scripting.FileSystemObject")
        'Return folder object
        Set objFolder = objFileScripting.GetFolder("c:\inetpub\wwwroot\Management\Applications\")
        'return file collection In folder
        Set filecollection = objFolder.Files
        'create the links
        For Each filename In filecollection
            filename=right(filename,len(Filename)-InStrRev(filename, "\"))
            filename2=replace(filename, ".rdp", "")
            Select Case filename2
            Case "Calc"
            Response.Write "<A HREF=""" & strUrlPath & filename & """>" & "<img src=""images/calculator.png"" ALIGN=center BORDER=0 >" & filename2 & "</A><BR><BR>"
            Case "EXCEL"
            Response.Write "<A HREF=""" & strUrlPath & filename & """>" & "<img src=""images/excel.gif"" ALIGN=center BORDER=0 >" & filename2 & "</A><BR><BR>"
        Case "WORD"
            Response.Write "<A HREF=""" & strUrlPath & filename & """>" & "<img src=""images/word.gif"" ALIGN=center BORDER=0 >" & filename2 & "</A><BR><BR>"
            Case Else
        Response.Write "<A HREF=""" & strUrlPath & filename & """>" & filename2 & "</A><BR><BR>"
        End Select
        Next
    %>
    </BODY>
    </HTML>

Download here the script, images and example RDP files: remoteapp_user_filtering_example

The script lists all the RDP files in the current folder, and it displays each file with a small icon along with it. In case you would like to add additional icons just add them to images folder and tweak the code to display these.

Your application portal will look like this:

When a user clicks on one of these links new RDP application will start. (User will be prompted for username and password)

Step 4. Configuring authentication

In order to make sure that only members of Management group can see these applications do the following:

Step 4.1. – Permissions

1. Open IIS management

2. Choose Management Virtual Directory and then select Edit Permissions and then Security

3. In the security there are several users that we don’t want to access Management portal

4. Disable inheritable permission

5. In the Security tab choose Advanced, then Edit

6. Disable include inheritable permission from this object’s parent and choose to copy parent permission

7. Confirm this by choosing Apply

8. Now remove following users:  Everyone, Trusted Installed, Users, Creator Owner

9. Add Management security group that we created in step 2

10. Confirm everything

Step 5.2. – Authentication

11. Now we will need to add authentication for the management group.

12. Click Management virtual directory and then choose Authentication

13. Disable Anonymous Authentication and enable Basic Authentication

Repeat the steps above for every group on your server.

To audit which application is being used by each user use Terminal Services Log !

Tags: remoteApp, scenarios, Terminal services

This entry was posted on Tuesday, June 30th, 2009 at 9:40 am and is filed under remoteApp. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.