Hi,
Some considerations should be paid attention to when installing the app on an RD Session Host server like: application compatibility and dependencies, capacity and Licensing related requirements and so on.
Basically when trying to install the app on the remote session host server, we shall use change user /install command to allow each user has a unique copy of the .ini files for an application.
This prevents instances where different users might have incompatible application configurations. The installation related the registry key files will be shadowed to Terminal server path as explained below and copied to users' home directory.
"
When the system is running change user /install, several things occur. All registry entries that are created are shadowed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Terminal Server\Install, in either the \SOFTWARE subkey or the \MACHINE subkey. Subkeys added to HKEY_CURRENT_USER are copied under the \SOFTWARE subkey, and subkeys added to HKEY_LOCAL_MACHINE are copied under the \MACHINE subkey. If the application queries the Windows directory by using system calls, such as GetWindowsdirectory, the rd Session Host server returns the systemroot directory. If any .ini file entries are added by using system calls, such as WritePrivateProfileString, they are added to the .ini files under the systemroot directory.
When the system returns to change user /execute, and the application tries to read a registry entry under HKEY_CURRENT_USER that does not exist, Remote Desktop Services checks to see whether a copy of the key exists under the \Terminal Server\Install subkey. If it does, the subkeys are copied to the appropriate location under HKEY_CURRENT_USER. If the application tries to read from an .ini file that does not exist, Remote Desktop Services searches for that .ini file under the system root. If the .ini file is in the system root, it is copied to the \Windows subdirectory of the user's home directory. If the application queries the Windows directory, the rd Session Host server returns the \Windows subdirectory of the user's home directory.
"
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/change-user
The "change user /install" procedure, still matters?
https://social.technet.microsoft.com/Forums/en-US/f89bd9ab-1657-4314-ba85-c26cd495165f/the-quotchange-user-installquot-procedure-still-matters?forum=winserverTS
----------
Hope this helps and please help to accept as Answer if the response is useful.
Thanks,
Jenny
I don't believe this is documented anywhere officially, it is more of known fact that Remote Desktop sessions are something of a security risk as they are easier to hijack than a system that’s being managed by PowerShell Remoting or traditional RPC-based tools such as Hyper-V Manager.
The best option is of course to have these tools like Hyper-V Manager/PowerShell on a client that is highly secured and connections are only opened from that one specific computer and not from every administrator machine.