Windows RDS RemoteApp Launcher
PAM can be used to launch published RDS RemoteApps in a secure RDP session.
Using this feature, not only can it reduce the amount of effort one has to go through with traditional RemoteApp launching but it does so using the Privileged Session Management features of XTAM to enable video and event recording, auditing, permissions, workflow approval and notifications.
If you are looking to preserve your native RemoteApp functionality but to do so in a more controlled and audited nature, then XTAM is the solution for you.
For our Linux users, XTAM also supports a similar feature where remote commands like connecting to a MySQL database can be automatically sent upon login. Read more about it here.
Cases and scenarios
The following use cases and scenarios are covered when configuring System to use your Windows RemoteApp infrastructure.
- Provides end-users the ability to securely launch Remote Applications without having to use the traditional RDS Web Access portal.
- Easily capture video and keystroke recordings of all activity during their remote application sessions.
- Quickly share access using permissions and workflows to ensure users have access to the remote applications during the times when they need it the most.
Remote App Launcher Work
Remote App Launcher works with your existing Windows Desktop Services RemoteApp environment by:
- Creating a secure connection to your Windows Desktop Services RemoteApp host.
- Launching the defined published RemoteApp without requiring additional user input or authentication.
- Once launched, enabling controls (mouse and keyboard) for the user so they can utilize the remote application.
- Recording keystrokes and (optionally) video of the user’s session with the remote application.
- Retaining full support of native RDS Administrative Connections options including monitoring, Send Message, Shadow, Disconnect and Logout.
To use the RDS RemoteApp Launcher, the following pre-requisites are required:
- Fully implemented, configured and working Windows Remote Desktop Services deployment. If you have not deployed a Windows Remote Desktop Services host yet, there are many online tutorials available with this one being an example: http://www.concurrency.com/blog/w/rds8-quick-and-easy,-remoteapp-on-windows-server-2
- The credentials entered into the System record must be included in the Collections properties as a member of User Group.
- The credentials entered into the System record must be able to connect to the RDS host server using RDP.
- The RemoteApp must be Published and the RemoteApp program location must be defined in the System record.
- This feature only works when connecting to a Windows RDS host server using Published RemoteApps.
1. Configure System to RemoteApps
Step 1: To configure System to launch your published RemoteApps:
- Login to the System with a System Administrator account.
- Navigate to Administration > Record Types and click the New Record Type button.
- Enter the following values to create your new record type:
Name: Windows Remote App or another name of your choosing
Description: (optional) Enter a description of this record type
Session Manager: RDP
Parent Type: Windows Host
Click the Save button to save your new record type.
Now click the Add Field button to create a custom field for this new record type. Use the following values for this new field:
Field Type: String
Display Name: RemoteApp Program Location or another name of your choosing
Helper: (optional) Enter the full path to the published RemoteApp on the RDS server
Click the Save button to save your new field.
Click the Save button to save your new record type.
Your record type is now ready to be used to create your Windows RemoteApp records.
2. Create a record
Step 2: To create a record used to launch your published RemoteApps:
- Login to the System and navigate to the container where you will create your Windows Remote App record.
- Click the Add Record button and select your new Record Type from the dropdown menu.
- Create your record using the following values as guidance:
Name: Enter a name for your record
Description: (optional) Enter a description of your record
Host: Enter the host name or IP address of your Windows RDS host
Port: Enter the RDP port of your Windows RDS host (default is 3389)
User: Enter your domain user account. The same username you would use to login to the RD Web Access portal.
Password: Enter your domain password. The same password you would use to login to the RD Web Access portal.
RemoteApp Program Location: Enter the path of the published RemoteApp that will be launched on the RDS server from this record. For example, C:\Windows\system32\calc.exe or %SYSTEMDRIVE%\Windows\system32\calc.exe
Please consult with your Windows RDS Administrator if you need assistance with any of the values specific to your Remote App environment.
Click the Save and Return button to save your new record.
3. Testing Record
Step 3: Testing your Record
With the new record saved, you are ready to test your configuration. Return to this record’s View and click the Connect button to test this record’s function.
The expected result is that System will launch a remote RDP session to your RDS host, authenticating using the User and Password stored in the record.
Once the remote session is established, it will immediately launch the published RemoteApp that was defined in the RemoteApp Program Location field of the record.
You can now use the RemoteApp and when finished, simply Exit or Close the RemoteApp and the System session will complete.
Possible errors and decisions.
- The remote session to your RDS server fails with connection error 519
- This failure is usually caused by an incorrect host, port or domain credentials stored in the record. Please verify that your User and Password are accurate and confirm with your RDS Administrator that the Host and Port are accurate. You should also make sure that RDP access to this host is available and your domain account is permitted to connect with this RDP session.
- The remote session to your RDS server connects but the RemoteApp fails to launch with the error “The system cannot find the file specified. This initial program cannot be started:”
The remote session to your RDS server connects but the RemoteApp fails to launch with the error “Access is denied. This initial program cannot be started:”
This failure indicates that the Remote App that you attempted to launch is not published.
Please verify that this Remote App is published with your RDS Administrator.