Share via

Deploying RemoteApp Programs to the Start Menu by Using RemoteApp and Desktop Connection Step-by-Step Guide

Applies To: Windows 7, Windows Server 2008 R2

About this guide

This step-by-step guide walks you through the process of setting up a working RemoteApp source accessible on the Start menu of a Windows® 7 computer by using RemoteApp and Desktop Connection in a test environment. During this process, you will create a test deployment that includes the following components:

  • A Remote Desktop Connection Broker (RD Connection Broker) server

  • A Remote Desktop Web Access (RD Web Access) server

This guide assumes that you previously completed the Installing Remote Desktop Session Host Step-by-Step Guide (, and that you have already deployed the following components (if you have previously configured the computers in the Installing Remote Desktop Session Host Step-by-Step Guide, you should repeat the steps in that guide with new installations):

  • A Remote Desktop Session Host (RD Session Host) server

  • A Remote Desktop Connection client computer

  • An Active Directory domain controller

This guide includes the following topics:

The goal of RemoteApp and Desktop Connection is to publish RemoteApp and Desktop Connection programs to the Start menu of a client computer.

What this guide does not provide

This guide does not provide the following:

Technology review

RemoteApp and Desktop Connection allows administrators to provide a set of resources, such as RemoteApp programs and virtual desktops, to their users. Users can connect to RemoteApp and Desktop Connection in two ways:

  • From a computer running Windows 7. In this case, resources that are part of RemoteApp and Desktop Connection, when set up, appear in the Start menu under All Programs in a folder called RemoteApp and Desktop Connections.

  • From a Web browser by signing in to the Web site provided by RD Web Access. In this case, a computer that is running Windows 7 is not required.

In this guide, we will look at accessing RemoteApp programs by using RemoteApp and Desktop Connection.

This guide also explains how to configure Single Sign On so that users are only prompted once for credentials. When you deploy Single Sign On, consider the following certificate requirements:

  • The certificate must be trusted explicitly or be from a trusted root certificate.

  • The certificate name or the Subject Alternative Name must match the fully qualified domain name of the server.

  • The certificate must support Server Authentication or Remote Desktop Authentication Extended Key Usage.

  • Indirect certificate revocation lists are not supported.

  • Certificate revocation checks are performed by default.

  • When you use CredSSP, you can turn off certificate revocation checks by configuring the following registry entry to a value of 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors

  • When you use Transport Layer Security (TLS), you can turn off certificate revocation checks by configuring the following registry entries to a value of 0: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\ CertChainRevocationCheck and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Terminal Server Client\ CertChainRevocationCheck

Scenario: Deploying RemoteApp programs to the Start menu by using RemoteApp and Desktop Connection in a test environment

We recommend that you first use the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Windows Server® features without additional deployment documentation and should be used with discretion as a stand-alone document.

Upon completion of this step-by-step guide, you will have a RemoteApp and Desktop connection available for a user account that can connect by using the RemoteApp and Desktop Connections folder in the Start menu. You can then test and verify this functionality by opening a RemoteApp program as a standard user.

The test environment described in this guide includes five computers connected to a private network using the following operating systems, applications, and services.

Computer name Operating system Applications and services


Windows Server 2008 R2

Active Directory Domain Services (AD DS), DNS


Windows Server 2008 R2

RD Session Host


Windows 7

Remote Desktop Connection


Windows Server 2008 R2

RD Connection Broker


Windows Server 2008 R2

RD Web Access

The computers form a private network and are connected through a common hub or Layer 2 switch. This step-by-step exercise uses private addresses throughout the test lab configuration. The private network ID is used for the network. The domain controller is named CONTOSO-DC for the domain named The following figure shows the configuration of the test environment.