Applies to: Microsoft Server 2008 R2

Microsoft has a set of features that allow you to remotely access applications that appear as if they are running on your local computer. This is very useful if users need to access programs remotely when away from the office or if you need multiple versions of a program but multiple versions installed locally would cause conflicts. These features will need to be set up on Windows server 2008 R2 or Server 2012. You can even make these applications more easily accessible by using Remote Desktop Web Access which enables users to access RemoteApp and Desktop connection through a web browser.

In order to be able to use RemoteApp’s, you will need to have a few other features installed and configured on your windows 2008 R2 Server. In this example, we will have all services needed, installed on one single server, but you may need to divide the roles to multiple servers in a large production environment.

We will start by adding the Remote Desktop services role on server that is joined to the domain. From server manager (ServerManager.msc), click Roles on the left-hand side and then Add Roles from the middle pane > Next > Remote Desktop Services >

Next > Next.

The role services needed are Remote Desktop session Host, Remote Desktop Licensing, Remote Desktop Gateway, and Remote Desktop Web Access.

You will receive a prompt to “add required role services” when selecting the role services, please add the required roles.

Click next, specify whether Network Level Authentication is required. Select the second option if you have clients that are running an older version of RDP.

Click next, select the licensing mode you would like to use that best fits your needs or you can choose to configure later which allows you 120 days to configure the licensing mode.

Next, add which user or groups you would like to allow access to the RD Session host server and then click next.

Now decide the functionality you would want to provide to your users so it could be similar to Windows 7. The more functionality you add, the more system and bandwidth resources are required.

The Discovery Scope for RD Licensing should only be configured if RD Session Host servers are running on server 2008 or older so this page can be skipped if you are only using Server 2008 R2.

Continue on and specify a certificate for SSL encryption if you have one available, create a self-signed certificate, or choose one later.

Select “Now” to create an authorization policy on the Authorization Policies for RD Gateway page.

Next, add in which groups you would like to allow through the Remote desktop Gateway and then click next.

On the RD CAP page, specify which authentication method you would like to use and the name for the RD CAP, the default name can be used.

Now, specify the name for the RD RAP and which computers you would like to be accessible from the RD RAP.

Now, continue on until you reach the summary page leaving the defaults for the remaining pages and then click install. After this is complete it will ask to reboot the server which should reboot twice.

The installation will continue after you log back into windows and can click on close once it is complete.

Now, we can go into IIS start > Administrative tools > Internet Information Services Manager and then select the server name on the right-hand side and double-click server certificates in the middle pane.

From here you can create a certificate request, complete a certificate request, import a certificate, or create a self-signed certificate if you have not already done so.

Now, we will enable the certificate by right clicking on the “Default Web Site” and click on edit bindings.


Edit the https entry and select our SSL certificate and click ok and then close on the other window.

Now we restart the IIS website by clicking on restart on the right-hand side while we still have the default web site selected.

Now we will configure RemoteApp’s by going to start > Administrative tools > Remote Desktop Services > RemoteApp Manager.

Here, we can see the remaining items needed to be configured are shown with a yellow warning triangle or a red cross next to it.

One of the items listed that is needed, states that the “TS Web access computers” Group is empty.

This is just a local group on this server and this can be fixed by going to server manager > configuration > local users and groups > groups > TS Web Access Computers and adding the computers or groups that you want.

We can now go back to the RemoteApp Manager to finish the configuration of Remote App’s. Open the RemoteApp Deployment settings by clicking on the change link next to RD Session Host server setting in order to verify the connection settings. The server name under connection settings on the RD Session Host server settings tab should be the public name which should be the CN on your digital certificate(e.g.,

Any applications you want to give your access users to would have to be installed on the server which could be done at this moment. Now, we will be able to add those application’s to Remote Apps by selecting “Add RemoteApp Programs”  and following the wizard that appears. Once you have gone through the wizard and added the applications that you wanted, the RemoteApp Manager should look similar to the screenshot shown below.

We will now test RDWeb to verify that everything is working properly by going to Error! Hyperlink reference not valid. in Internet Explorer and logging in.

Once you successfully log in, you should see the applications you selected listed here. You should be able to give one of them a try and will see a warning appear as shown below.

The application will appear as if is actually running on your computer after you hit continue on the dialog box.

If no applications appear once you log in then all you need to do is add the server that is providing the remote desktop services to the “Windows Authorization Access Group” in Active Directory Users and Computers on a Domain Controller. Go to your domain controller and then Click on start > Administrative Tools > Active Directory Users and Computers, expand the domain and click on the “Built in” folder then open the properties for the group and go to the members tab. You may need to add 'Computer' as an object type before you can search for the server name. When the groups is added you will need to restart the Remote Desktop server and then try again when it comes back up.

If everything is configured correctly you should also be able to use RD Web externally by navigating to (or whatever your external name is) when you are outside of the network to access these applications. You can also distribute an rdp file to users so they can use to connect to the applications . You can create these rdp files in RemoteApp Manager by selecting the application you would like to create the rdp file for and then click on “Create .rdp File”, as shown below.

The RemoteApp Wizard will appear, click next on the welcome page. On the next page, it will ask you for the save location of the file so you should save it in a location most easily accessible to you so you can copy the files and distribute them. It will also ask you for the RD Session Host server settings which will be the external name of the RD server or the internal name if you have to specify the RD Gateway server.

Click next, and then finish to complete the wizard. You can now navigate to the save location of the files in order to distribute them as needed.

You should now be able to run applications on your computer internally or externally as if they are actually installed on the local computer but they are actually installed on the Remote Desktop server. The RemoteApp program runs in its own resizable window, can be dragged between multiple monitors, and has its own entry in the taskbar. If a user is running more than one RemoteApp program on the same RD Session Host server, the RemoteApp program will share the same Remote Desktop Services session. RemoteApp can also help distribute your applications to multiple user’s  without having to install them on each computer.