Scenarios | Terminal Services Log

Building a custom RemoteApp Portal for Windows 2008 – Part 2

In my previous post I described how you could add filtering for RemoteApps. This post contains step-by-step instructions on how to build the portal.

Step 1. Create RemoteApp applications and .RDP files

I will assume you have Terminal Server with RemoteApp installed so I will skip that step.

1. Open TS RemoteApp Manager

2. Publish all Applications you want your users to see.

3. Select all Applications and then click “Create .RDP files”

ts-configuration2

4. All RDP files will be stored to Program Files > Packed applications

We are going to redistribute all these files to our portal.

Step 2. Creating security groups for accessing web portal.

I have created two Security groups Management and Sales. I added user user_management to the Management group and user_sales to Sales group. user_sales and user_management are also part of the Remote Desktop Users security group.

It is much easier to use security groups, later you will be able to add user to another group or a new user to the existing group. We will be using groups to configure permissions over virtual folders.

Step 3. Configure IIS security settings

iis-virtual-directories

For the purpose of this post I created two folders on my Default web site. These will be used to host RDP files and application images (icons).

Step 3.1. Copy all the RDP files of published applications for members of Management group

file-management

Step 3.2. Create default.asp file in the Management folder and paste the following code:

<%@ Language=VBScript %>
    <HTML>
    <head><title>Welcome to RemoteApp Portal</title></head>
    <BODY>
    <b>Welcome to RemoteApp Portal</b> <br><br><br>

    <%
    Dim objFileScripting, objFolder
    Dim filename, filename2, filecollection, strDirectoryPath, strUrlPath
        strDirectoryPath="c:\inetpub\wwwroot\Management\Applications\"
        strUrlPath="\Management\Applications\" 

        'get file scripting object
        Set objFileScripting = CreateObject("Scripting.FileSystemObject")
        'Return folder object
        Set objFolder = objFileScripting.GetFolder("c:\inetpub\wwwroot\Management\Applications\")
        'return file collection In folder
        Set filecollection = objFolder.Files
        'create the links
        For Each filename In filecollection
            filename=right(filename,len(Filename)-InStrRev(filename, "\"))
            filename2=replace(filename, ".rdp", "")
            Select Case filename2
            Case "Calc"
            Response.Write "<A HREF=""" & strUrlPath & filename & """>" & "<img src=""images/calculator.png"" ALIGN=center BORDER=0 >" & filename2 & "</A><BR><BR>"
            Case "EXCEL"
            Response.Write "<A HREF=""" & strUrlPath & filename & """>" & "<img src=""images/excel.gif"" ALIGN=center BORDER=0 >" & filename2 & "</A><BR><BR>"
        Case "WORD"
            Response.Write "<A HREF=""" & strUrlPath & filename & """>" & "<img src=""images/word.gif"" ALIGN=center BORDER=0 >" & filename2 & "</A><BR><BR>"
            Case Else
        Response.Write "<A HREF=""" & strUrlPath & filename & """>" & filename2 & "</A><BR><BR>"
        End Select
        Next
    %>
    </BODY>
    </HTML>

Download here script, images and example RDP files: remoteapp_user_filtering_example

The script lists all the RDP files in the current folder, and it displays each file with a small icon along with it. In case you would like to add additional icons just add them to images folder and tweak the code to display these.

Your application portal will look like this:

final-look

When a user clicks on one of these links new RDP application will start. (User will be prompted for username and password)

Step 4. Configuring authentication

In order to make sure that only members of Management group can see these applications do the following:

Step 4.1. – Permissions

1. Open IIS management

2. Choose Management Virtual Directory and then select Edit Permissions and then Security

3. In the security there are several users that we don’t want to access Management portal

4. Disable inheritable permission

5. In the Security tab choose Advanced, then Edit

6. Disable include inheritable permission from this object’s parent and choose to copy parent permission

7. Confirm this by choosing Apply

8. Now remove following users: Everyone, Trusted Installed, Users, Creator Owner

9. Add Management security group that we created in step 2

10. Confirm everything

Step 5.2. – Authentication

11. Now we will need to add authentication for the management group.

12. Click Management virtual directory and then choose Authentication

13. Disable Anonymous Authentication and enable Basic Authentication

Repeat the steps above for every group on your server.

To audit which application is being used by each user use Terminal Services Log !

June 30th, 2009 | Tags: remoteApp, scenarios, Terminal services
Posted in remoteApp | By: Frane Borozan | 1 Comment »

Terminal services log – usage scenarios

Terminal services log is the first and only application that will provide exact information about users activity on Terminal Server/Citrix, showing for how long an user was connected on server, how much of that time he was idle (not working anything) or active (working something on server).

TSL 2.0 provides information about application usage. Data collected is displayed in forms of charts and grids that can be exported to PDF and Excel.

By using our product you can have detailed usage reports of all terminal servers in your organization. Here are some business problems you might be facing in your own company.

Example of all users summary report (summary for total time, active/idle/disconnected)

Users and sessions

Let’s say you want to see all the users that connected to your server in a particular time frame:

Our application comes with a built in report that lists all the sessions on your TS/Citrix server, including the information about the time they started-ended and information about total time user spent in active / idle /disconnected state during that session.

What are my users doing on the server?

Now you want to check summary for all user activity on terminal server. This way you will have insight how much of the time users are really working something on the server. TSL will allow you to have precise time in how much of the particular user was active, idle or disconnected from the server.

If only desktop for the end user is remote desktop connection, and for 7 hours of the 8 working hours some of the users were idle or disconnected then you will know that something is not good with employee, maybe he is not satisfied, maybe he just don’t like to work.

Application summary

Summary of all applications usage (note on the screenshot there is summary for applications for Microsoft Office)

I would like to know if an employee is always late…
This want be a problem any more, TSL will allow you to capture exact time whan a user logged on your server. TSL will also capture the time user logged off.

If suspect that someone is connecting to your TS/Citrix server outside regular working hours you can use a built in report to see which users connected to your termianal server and processes they run during that session.

Conclusion

With TSL application logging you have powerful insight in all activities on your Terminal Server/Citrix. If you suspect that there is something fishy going on, TSL is the proper tool for you. It controls users and their sessions but also processes. With just one application you can monitor and anylze the productivity of your employees.

July 22nd, 2008 | Tags: scenarios
Posted in scenarios | By: Frane Borozan | 2 Comments »

Terminal Services Log

Posts Tagged ‘scenarios’

Building a custom RemoteApp Portal for Windows 2008 – Part 2

Step 1. Create RemoteApp applications and .RDP files

Step 2. Creating security groups for accessing web portal.

Step 3. Configure IIS security settings

Step 4. Configuring authentication

Terminal services log – usage scenarios

Recent Posts

Archives

Categories