RDP Start a Program in Server 2016 with AD

GregPW 1 Reputation point
2020-09-27T12:06:13.21+00:00

Hi Community,

I have an old Server 2003 box that accepts RDP connections and runs a single program without the desktop allowing any other interaction (really important point). It works great but I am migrating to Server 2016 and am struggling with the 'start a program'. This is a single box set up and though a good programmer, my system admin knowledge is small. I have

  1. Installed RD Manager, set up licenses, created a collection of users and can log in using RDP to the server's desktop
  2. I created an AD domain on this box and put this server in the domain since otherwise I couldn't utilize the RD Connection Manager to see active users. I guess Microsoft only allows this utility if the computer is in a domain (not a workgroup).
  3. My only remaining issue... the 'start a program' threads I have read lose me. I apologize that I know little in this topic in that I just opened AD group policy manager for the first time and can't quite figure out how to have all users who connect via RDP run the program. I don't want this program to run if the user logs directly on the server's keyboard so that I can continue to access it as the admin.

Thanks so much for help,

Greg

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,243 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. GregPW 1 Reputation point
    2020-09-27T21:07:08.837+00:00

    Clarification... I wish the user to be able to interact with the program that starts at RDP initiation but not let the users have access to other desktop (i.e. Start, other programs, etc.)

    0 comments
  2. Jenny Yan-MSFT 9,321 Reputation points
    2020-09-28T02:04:54.77+00:00

    Hi,
    The workaround I've seen before was like to use Group Policy to set the user's shell to be "logoff.exe" such that if they attempted to access the machine's desktop they'd be immediately logged-off.
     
    You could try either options below for the logoff.exe workaround mentioned above.
     

    1. Use Group Policy to set User Configuration/Policies/Administrative Templates/System/Custom User Interface/ to c:\windows\system32\logoff.exe
       
    2. Go to the RDP properties on Terminal Services Configuration Console.
       
      In environment tab, select the option "Start the following program when the user....":
       
      Path: c:\windows\system32\logoff.exe
       
      Start in: c:\windows\system32
       
      Reference Links66:
      https://social.technet.microsoft.com/Forums/lync/en-US/7438d6e3-23da-4cda-9678-448ce34889e2/allow-access-to-remoteapps-and-deny-full-desktop-for-non-admins?forum=winserverTS

    https://social.technet.microsoft.com/Forums/en-US/e3ea424b-40ab-4924-95a9-dbc91e7697ba/how-to-allow-rdp-connection-via-remoteapp-rdp-shortcuts-but-prevent-normal-remote-dektop-login?forum=winserverTS

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny

    0 comments