Prevent Remote Desktop Services Interactive Logon but allow RemoteApps to run

When you enable remoteapps to run using Microsoft’s Remote Desktop Services, it is usually desirable to prevent users to logon into their Remote Desktops. A workaround of this issue is to terminate the Remote Desktop session when someone tries to login. To accomplish this, run the “Remote Desktop Session Host Configuration” application, select and right click the properties of the RDP-Tcp connection name.

Remote Desktop Session Host Configuration

Remote Desktop Session Host Configuration

Then go to Environment tab and select the “Start the following program when the user logs on:” bullet, finally type in the path of logoff.exe file, c:\windows\system32\logoff.exe.

RDP-Tcp Properties

RDP-Tcp Properties

Now, try to connect by Remote Desktop Connection to your RDS server.

Microsoft just released Remote Desktop App for iOS and Android

iOS Remote Desktop App

iOS Remote Desktop App

At last, Microsoft Remote Desktop App is available free and provides high quality remote connection to Remote Desktop Services with or without RDS Gateway implementations, RemoteApp support, Network Layer Authentication (NLA), multi-touch experience and windows gestures.

I tested remoteapps via an SSL RDS gateway (Windows 2008 R2 setup) and remote desktop connections via VPN on my iPhone and everything worked flawlessly! Good job Microsoft!

photo 1

photo 2

photo 3

Of course iPhone’s screen is very small for desktops, but iPad’s 10 inches display is ok. There is a usable zoom/touchpad function and a keyboard with windows keys as well. Check out the above pictures.

Get it now at Apple’s App Store or at Google’s Play Store. Have fun!

Enabling CredSSP Protocol and Network Level Authentication on Windows XP SP3 RemoteApps

RemoteApp is an application delivery method of Windows 2008 Remote Services using remote desktop mechanism. It’s in primitive state and there are security concerns, but it is fast and promising. When we setup this service for the first time, some users could not connect to the remoteapp and a pop up error occurred saying “The remote computer requires Network Level Authentication“. This error occurred only in Windows XP SP3 clients.

The error message

The error message

Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created. After some investigation, we found out that to use Network Level Authentication, you must meet the following requirements:

  • The client computer must be using at least Remote Desktop Connection 6.0.
  • The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol.
  • The RD Session Host server must be running Windows Server 2008 R2 or Windows Server 2008.

Since our clients were fully patched, it seemed that CredSSP protocol was not enabled in our XP clients. Looking further on this, we find out a related article from Microsoft at http://support.microsoft.com/kb/951608.

You can download a Microsoft Fix it executable at http://go.microsoft.com/?linkid=9758284 to turn on CredSSP protocol on Windows XP SP3 or try the registry modification mentioned in Microsoft’s article.