This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I implemented Remote Desktop Services on a Windows Server 2019 member of an Active Directory domain.
On The "RD session host" I created a session collection to publish some applications.
Now the "Resource type" of the collection is "RemoteApp Programs".
From a client I start Remote Desktop Connection (mstsc.exe) and I see that I can create a Remote Desktop session, enter the username and password of a generic domain user and access the whole of the desktop of the RD Session Host.
As a generic domain user i would expect to be able to connect only via Web Access, not via Remote Desktop Connection.
Is it a normal behavior?
Is there any error in the configuration of the RD session host or of the Collection?
Regards
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello,
Yes, this behavior is by default. Your RDS deployment is correct. Both RemoteApp and full remote desktop sessions leverage the underlying Remote Desktop Protocol and associated technologies to facilitate remote access.
There is no straightforward way If you are expecting to restrict users from accessing full desktop, for workarounds, you could refer to this thread.
Best regards,
Karlie
