With Windows Server 2008 and 2012 you can now stream applications from the server to each user’s desktop. This means that the application looks like it is running locally on the user’s machine, when in fact it is running from the server.
RemoteApp is great for centralizing applications in a corporate environment, and simplifies maintenance since the applications are running on a single machine optimized to host them rather than from each user’s machine (each possibly with different hardware, a different Operating System, and an almost unlimited number of different configuration settings).
How Does RemoteApp Work?
Behind the scenes, each client computer is using Remote Desktop (formerly called Terminal Services) to authenticate the user to the server and then stream the application back to the client.
If you are looking to set up this sort of a system for the applications in your company, then here is a step-by-step article about how to set up a Windows 2008 Server to serve Remote Applications:
This link below is also a great guide for setting up and configuring Remote Apps
Setting up Automatic Authentication
Things get a bit tricky once you want to update your authentication system. By default users will be prompted to enter their passwords when they click to access an application that you have distributed to them via .RPD or .MSI file.
If you want the user to have a seamless experience in which the user credentials are passed to the server directly without the user needing to type in their password, you will have to set the user’s Local Group Policy settings. Here are the steps you need to take to do so in Windows 7:
- On the user’s computer, type gpedit.msc into the start menu or into a DOS command prompt.
- You will now see the Local Group Policy Editor window.
- On the left hand side, use the tree-view navigation to expand the following folders:
- Local Computer Policy
- Administrative Templates
- Credentials Delegation
- In Credentials Delegation you will need to edit and enable the two settings titled:
- Allow Delegating Default Credentials with NTLM-only Server Authentication
- Allow Delegating Default Credentials
- In each, first click the Enabled radio button
- Then enter a comment (such as the word Enabled)
- Now comes the important part… you will need to click the Show button beside the label ‘Add servers to the list‘
- When you have clicked the button you will see a text input area where you can enter the name of the server that will serve up the applications
- The naming that happens behind the scenes can get tricky. For starters, try:
- As you can see, even though Terminal Services has been renamed Remote Desktop, the old syntax remains the same.
- Don’t forget the star at the end, it is a wildcard match that will accept anything further that may be appended to your server name.
- If you just want to test the connection and don’t care much about how, you can enter another entry into the servers list where you place the wildcard after TERMSRV:
- Setting the TERMSRV/* setting is less secure, but is a good way to test if your seamless sign-on will work. You can test narrowing down the naming later.
- Click the OK button to save your list.
- On the Enable page, make sure that the checkbox titled ‘Concatenate OS defaults with input above‘ is checked.
- Click the Apply button
- ** Now enable the other credentials setting exactly the same way. **
- Next you will need to open up a command prompt (or the Address bar text input area) and type in gpupdate in order for your changes to the Local Group Policy to take effect.
- Finally, click on your .RDP file to test connecting to your server.
If you entered the name of your server correctly, then you should not see a password prompt… authentication should be invisible and your application should appear to start automatically.