how to "auto delete" rdp file after login using Webaccess using Microsoft Edge

Question

Hi

I have a question
Customer is using RDWebaccess (all server 2019), RDS Broker and Session server (3 different machines)
Also on their Workstations the new browser Microsoft Edge
GPO templates for November 2019 and Edge are available
We have published apps, not a published desktop
SSO is established for Webaccess. RDP piblisher are trusted (with the thumprint of the certificate)
User can see their apps and clicking on it, typing their password and the app is open
for Edge I have set a GPO that RDP file from a specified url (the webaccess) are auto-open. This works fine
But invisible the rdp files are still downloaded (only with Internet Explorer there are NO rdp files) and they can be used later instead of the Webaccess.
The customer wants to avoid this

My question is: how can I avoid these rdp files (auto delete?)
The files are always starting with cpup ..... .rdp

Any idea?

Best
Lutz

Answer 1

Hi,
Per my knowledge, the download of .rdp file is required to launch the connection of remote app. The workaround you've used should be a good idea to avoid users manually saving the file but open the app directly.

Just as you mentioned, only IE will not download .rpd files since it supports the Remote Desktop ActiveX control but others don't.

Here is a similar thread which explains the ActiveX with more details:
https://stackoverflow.com/questions/31000445/using-ts-remoteapps-on-chrome-firefox-without-downloading-rdp-file
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Hope this clarifies and please help to accept as Answer if the response is useful.

Thanks,
Jenny

Answer 2

Hi Jenny

Thank you for your answer
Yes, I know that IE was the ONLY one, who was able to start the rpd session without downloading the rdp file. (ActiveX)
But IE is discontinued by MS. Thats why this is not a practical solution.

The only Idea I have, is to delete the cpup*.rdp files using a GPO.
Unfortunately this is only done when the user logs into his workstation again....This could be after lunch, or next Monday, next year. Who knows........
(a 2nd GPO setting for logoff at 3:30 am maybe, but this is a problem, cause some of them let their programs still open - only a screenlock and the monitor is off)

Best,
Lutz

Answer 3

Hi,

The only Idea I have, is to delete the cpup*.rdp files using a GPO.
Unfortunately this is only done when the user logs into his workstation again

I was thinking about whether the file could be deleted when the user logoff the current session. After then, whenever the users log on again, the previous .rdp file has been removed.

Per further research, here is the logoff script for your reference:
Assign user logoff scripts
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc781354(v=ws.10)?redirectedfrom=MSDN
Scheduled Task at logoff
https://social.technet.microsoft.com/Forums/windows/en-US/f8ba86c0-6934-44ed-b0a0-4df3037dc7a4/scheduled-task-at-logoff?forum=winserverGP

Hope this helps and please help to accept as Answer if the response is useful.

Thanks,
Jenny

Answer 4

Hi Jenny

As I have said before, Internet Explorer and Active X is NO option (it is outdated)
Also Microsoft will end its support by this month (afaik)
So we will work with a GPO which will delete all cpub*.rdp files in the users download directory.
To make it safe, I also will add an "one time use only" for these files, so they are still useless

Best,
Lutz