Citrix Web Access and Grouping allows Citrix users to do the same, but this article I am going to focus on Window 2008 Terminal Services. I am going to describe how you could publish certain application to specific users or groups via RDP files.

To control published applications you could deploy:

• MSI files via GPO or
• or simply inform end users about RDP files they need to run

MSI approach works OK in the domains but in case you do not have a domain or you do not know how to configure group policies you will have to use RDP files. Distributing RDP files to your users might be a tricky business as these change over time and it might be too complicated to make sure everyone has the latest version.

Publishing files to a centralized portal

Now you are ready to deploy your RDP files from Program Files > Packed Programs (note you will need to create .rdp file in TS RemoteApp Manager for every published application) to root or some virtual directories on the IIS server.

In order to run the application go to the http://yourservername/application123.rdp or http://remoteapp.yourdomain.com/application123.rdp and you will be able to start the published application.

Configuring Portal Security

Problem: All applications are visible to the entire organization

When your RDP files are published to the server this might be a problem. Now every employee can connect to your server and run any RDP file you posted there.

In order to allow only a group of users to run an applications you will have to divide your applications to different subportals (virtual directories). As an example I created the following subportals:

• http://yourservername/sales
• http://yourservername/support
• http://yourservername/management

These portals will be used by different groups of people. Each portal will contain different set applications as on picture below.

In order to secure your applications you will need configure security for these virtual folders. I have been using Basic Authentication but you may forms authentication, windows authentication or other.

When a user opens the http:// servername/management he(she) will be prompted for a username and password.

Upon authentication the following screen will be shown to him:

So what’s shown at the picture above? It is a customized TSWeb Access portal that shows the list of applications you are allowed to use. In the next post I am going to describe how to build one on your own.

Conclusion

Currently you cannot filter published applications by particular users. To overcome that limitation I created an RDP file for each published application and deployed these to a custom portal on your IIS. This method allows you to easily filter application by group or user.

In the next post I am going to describe how to build this portal step-by-step.