RDP Start a Program in Server 2016 with AD

asked 2020-09-27T12:06:13.21+00:00
GregPW 1 Reputation point

Hi Community,

I have an old Server 2003 box that accepts RDP connections and runs a single program without the desktop allowing any other interaction (really important point). It works great but I am migrating to Server 2016 and am struggling with the 'start a program'. This is a single box set up and though a good programmer, my system admin knowledge is small. I have

  1. Installed RD Manager, set up licenses, created a collection of users and can log in using RDP to the server's desktop
  2. I created an AD domain on this box and put this server in the domain since otherwise I couldn't utilize the RD Connection Manager to see active users. I guess Microsoft only allows this utility if the computer is in a domain (not a workgroup).
  3. My only remaining issue... the 'start a program' threads I have read lose me. I apologize that I know little in this topic in that I just opened AD group policy manager for the first time and can't quite figure out how to have all users who connect via RDP run the program. I don't want this program to run if the user logs directly on the server's keyboard so that I can continue to access it as the admin.

Thanks so much for help,

Greg

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
3,031 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. answered 2020-09-27T21:07:08.837+00:00
    GregPW 1 Reputation point

    Clarification... I wish the user to be able to interact with the program that starts at RDP initiation but not let the users have access to other desktop (i.e. Start, other programs, etc.)

    No comments

  2. answered 2020-09-28T02:04:54.77+00:00
    Jenny Yan-MSFT 9,201 Reputation points

    Hi,
    The workaround I've seen before was like to use Group Policy to set the user's shell to be "logoff.exe" such that if they attempted to access the machine's desktop they'd be immediately logged-off.
     
    You could try either options below for the logoff.exe workaround mentioned above.
     

    1. Use Group Policy to set User Configuration/Policies/Administrative Templates/System/Custom User Interface/ to c:\windows\system32\logoff.exe
       
    2. Go to the RDP properties on Terminal Services Configuration Console.
       
      In environment tab, select the option "Start the following program when the user....":
       
      Path: c:\windows\system32\logoff.exe
       
      Start in: c:\windows\system32
       
      Reference Links66:
      https://social.technet.microsoft.com/Forums/lync/en-US/7438d6e3-23da-4cda-9678-448ce34889e2/allow-access-to-remoteapps-and-deny-full-desktop-for-non-admins?forum=winserverTS

    https://social.technet.microsoft.com/Forums/en-US/e3ea424b-40ab-4924-95a9-dbc91e7697ba/how-to-allow-rdp-connection-via-remoteapp-rdp-shortcuts-but-prevent-normal-remote-dektop-login?forum=winserverTS

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny

    No comments