In RemoteApps for Windows Server 2012 the support for .RDP and .MSI file distribution has been discontinued in favor of using the Web portal method. In this article I will review how to allow single sign-on for users on a LAN for RemoteApps hosted by Windows Server 2012.
Configuring the Server
If you go with the default settings for RemoteApps in Windows Server 2012, then by default the Web portal will ask each user to authenticate to the server before being allowed to see the apps they have been granted access to. If you are on a LAN where each user is has already authenticated to Active Directory, you likely don’t want your users to have to go through the process of logging into their network accounts, since the already did this to log onto their PCs and authenticate to your network.
The plus side of things here is that the default settings for RDWeb (the default site where RemoteApps are hosted) can be managed in a Web.config file that you can update in IIS. As you are probably aware, you can bring up IIS on Windows Server 2012 from the Tools menu bar option (top right hand side) of the Server Manager tool.
Also, in my opinion, the Server Manager tool is actually pretty great in centralizing a lot of Server features that were previously scattered throughout the server before.
Once you have IIS up and running, you will need to open up the following path within IIS:
- Your Server Name
- Default Web Site
- Then, under RDWeb, (left) click on Pages
- In the IIS section of the management window you will see a category called Authentication. Double-click this to open it.
- Now make sure that you disable both Anonymous Authentication and Forms Authentication.
- Enable Windows Authentication.
Great, now that’s all that you have to do on the server side.
Configuring the Client Computers
- On each client computer, you will need to ensure that your Web server name is added to the trusted sites list in Internet Explorer:
https:// [My Server Name] .example .com
- Then you will need to click on the ‘Custom Level option under trusted sites.
- If you are using IE11, scroll the the very bottom of the Security Settings for Trusted Sites.
- Under the section: User Authentication: Logon, select the option:
Automatic logon with current user name and password
This should be enough to get your users single sign-on to the RemoteApps site. Once this is in place, I am sure that you will find it great that you can manage each user’s apps from a centralized server rather than having to manage .RDP or .MSI installations on each user’s machine.