Windows Server 2008 Terminal Services RemoteApp Step-by-Step Guide

Microsoft Corporation Published: January 2008 Writer: Tessa Wooley Editor: Linda Caputo

Abstract
Terminal er!ices "emote#pp$ %T "emote#pp& is a feature that enables users to access pro'rams remotely throu'h Terminal er!ices( The remote pro'rams appear as if they are runnin' on the user)s local computer( *sers can run "emote#pp pro'rams side+by+side ,ith their local pro'rams( -f a user is runnin' more than one "emote#pp pro'ram on the same terminal ser!er. the "emote#pp pro'rams ,ill share the same Terminal er!ices session( /ou can use Terminal er!ices Web #ccess %T Web #ccess& to ma0e "emote#pp pro'rams a!ailable throu'h a Web site(

Copyrig t !n"ormation
This document supports a preliminary release of a soft,are product that may be chan'ed substantially prior to final commercial release. and is the confidential and proprietary information of Microsoft Corporation( -t is disclosed pursuant to a non+disclosure a'reement bet,een the recipient and Microsoft( This document is pro!ided for informational purposes only and Microsoft ma0es no ,arranties. either e1press or implied. in this document( -nformation in this document. includin' *"L and other -nternet Web site references. is sub2ect to chan'e ,ithout notice( The entire ris0 of the use or the results from the use of this document remains ,ith the user( *nless other,ise noted. the e1ample companies. or'ani3ations. products. domain names. e+mail addresses. lo'os. people. places. and e!ents depicted herein are fictitious. and no association ,ith any real company. or'ani3ation. product. domain name. e+mail address. lo'o. person. place. or e!ent is intended or should be inferred( Complyin' ,ith all applicable copyri'ht la,s is the responsibility of the user( Without limitin' the ri'hts under copyri'ht. no part of this document may be reproduced. stored in or introduced into a retrie!al system. or transmitted in any form or by any means %electronic. mechanical. photocopyin'. recordin'. or other,ise&. or for any purpose. ,ithout the e1press ,ritten permission of Microsoft Corporation( Microsoft may ha!e patents. patent applications. trademar0s. copyri'hts. or other intellectual property ri'hts co!erin' sub2ect matter in this document( E1cept as e1pressly pro!ided in any ,ritten license a'reement from Microsoft. the furnishin' of this document does not 'i!e you any license to these patents. trademar0s. copyri'hts. or other intellectual property( 4 2005 Microsoft Corporation( #ll ri'hts reser!ed( Active Directory, Microsoft, MS-DOS, RemoteApp, Visual Basic, Visual Studio, Windows, Windows N , and Windows Server are either re'istered trademar0s or trademar0s of Microsoft Corporation in the *nited tates and6or other countries( #ll other trademar0s are property of their respecti!e o,ners(

Contents
Windo,s er!er 2008 Terminal er!ices "emote#pp tep+by+ tep 7uide((((((((((((((((((((((((((((((((((((8 #bstract((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((8 Copyri'ht -nformation((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2 Contents((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((9 Windo,s er!er 2008 Terminal er!ices "emote#pp tep+by+ tep 7uide((((((((((((((((((((((((((((((((((((: What are "emote#pp pro'rams;((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((: Client re<uirements((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((: Who should use T "emote#pp;((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((= >ey scenarios for T "emote#pp((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((= ?o, should - deploy "emote#pp pro'rams;((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((5 #bout deployin' "emote#pp pro'rams throu'h T Web #ccess((((((((((((((((((((((((((((((((((((((((((((8 #bout deployin' "emote#pp pro'rams throu'h a file share or other distribution mechanism( @ Confi'ure the ser!er that ,ill host "emote#pp pro'rams((((((((((((((((((((((((((((((((((((((((((((((((((((((((((80 -nstall the Terminal er!er role ser!ice(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((80 -nstall pro'rams on the terminal ser!er((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((88 Aerify remote connection settin's(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((82 #dd "emote#pp pro'rams and confi'ure 'lobal deployment settin's((((((((((((((((((((((((((((((((((((((82 #dd pro'rams to the "emote#pp Pro'rams list(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((89 Confi'ure 'lobal deployment settin's((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((8B Confi'ure terminal ser!er settin's((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((8B Confi'ure T 7ate,ay settin's((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((8: Confi'ure common "CP settin's %optional&((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((8= Confi'ure custom "CP settin's %optional&((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((85 Confi'ure di'ital si'nature settin's %optional&(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((88 Mana'e "emote#pp pro'rams and settin's((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((20 Chan'e or delete a "emote#pp pro'ram(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((20 E1port or import "emote#pp pro'rams and settin's((((((((((((((((((((((((((((((((((((((((((((((((((((((((((28 Ceploy "emote#pp pro'rams to users((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((22 Ceploy "emote#pp pro'rams throu'h T Web #ccess(((((((((((((((((((((((((((((((((((((((((((((((((((((((((22 -nstall the T Web #ccess role ser!ice(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((22 Populate the T Web #ccess Computers security 'roup((((((((((((((((((((((((((((((((((((((((((((((((((((29 Confi'ure the data source for T Web #ccess(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2B Connect to T Web #ccess((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2: Ceploy "emote#pp pro'rams throu'h file sharin' or other distribution methods(((((((((((((((((((2= Create an (rdp file from a "emote#pp pro'ram((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2= Create a Windo,s -nstaller pac0a'e from a "emote#pp pro'ram(((((((((((((((((((((((((((((((((((((25 Ma0e "emote#pp pro'rams a!ailable from the -nternet((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((2@

Confi'ure the T Web #ccess ser!er to allo, access from the -nternet((((((((((((((((((((((((((((((((90 #dditional information((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((98 Confi'ure er!er Mana'er and -nitial Tas0s not to run in administrator)s "emote#pp session ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((98 Confi'ure "emote Ces0top Web Connection beha!ior((((((((((((((((((((((((((((((((((((((((((((((((((((((((((98 Chan'e the install location of the default T Web #ccess Web site(((((((((((((((((((((((((((((((((((((((99

Windows Server 2008 Terminal Services RemoteApp Step-by-Step Guide

With Terminal er!ices. or'ani3ations can pro!ide access to Windo,sD+based pro'rams from almost any location to almost any computin' de!ice( Terminal er!ices in Windo,s er!erD 2008 includes Terminal er!ices "emote#pp$ %T "emote#pp&( /ou can use se!eral different methods to deploy "emote#pp pro'rams. such as Terminal er!ices Web #ccess %T Web #ccess&( With T Web #ccess. you can pro!ide access to "emote#pp pro'rams throu'h a Web pa'e o!er the -nternet or o!er an intranet( T Web #ccess is also included in Windo,s er!er 2008(

W at are RemoteApp programs#

"emote#pp pro'rams are pro'rams that are accessed remotely throu'h Terminal er!ices and appear as if they are runnin' on the end user)s local computer( -nstead of bein' presented to the user in the des0top of the remote terminal ser!er. the "emote#pp pro'ram is inte'rated ,ith the client)s des0top. runnin' in its o,n resi3able ,indo, ,ith its o,n entry in the tas0bar( *sers can run "emote#pp pro'rams side+by+side ,ith their local pro'rams( -f a user is runnin' more than one "emote#pp pro'ram on the same terminal ser!er. the "emote#pp pro'rams ,ill share the same Terminal er!ices session( -n Windo,s er!er 2008. users can access "emote#pp pro'rams in se!eral ,ays. dependin' on the deployment method that you choose( They can: #ccess a lin0 to the pro'ram on a Web site by usin' T Web #ccess( Couble+clic0 a "emote Ces0top Protocol %(rdp& file that has been created and distributed by their administrator( Couble+clic0 a pro'ram icon on their des0top or Start menu that has been created and distributed by their administrator ,ith a Windo,s -nstaller %(msi& pac0a'e( Couble+clic0 a file ,here the file name e1tension is associated ,ith a "emote#pp pro'ram( This can be confi'ured by their administrator ,ith a Windo,s -nstaller pac0a'e( The (rdp files and Windo,s -nstaller pac0a'es contain the settin's that are needed to run "emote#pp pro'rams( #fter openin' a "emote#pp pro'ram on their local computer. the user can interact ,ith the pro'ram that is runnin' on the terminal ser!er as if it ,ere runnin' locally(

Client re$uirements
To access "emote#pp pro'rams that are deployed as (rdp files or as Windo,s -nstaller pac0a'es. the client computer must be runnin' "emote Ces0top Connection %"CC& =(0 or "CC =(8( # supported !ersion of the "CC client is included ,ith Windo,s er!er 2008 and Windo,s AistaD( To do,nload "CC =(0 for Windo,s er!er 2009 ,ith er!ice Pac0 8 % P8& or

Windo,s EP ,ith er!ice Pac0 2 % P2&. see article @2:85= in the MicrosoftD >no,led'e Fase %http:66'o(microsoft(com6f,lin06;Lin0-dG5@959&( %ote "CC =(8 %=(0(=008& supports "emote Ces0top Protocol =(8( To access "emote#pp pro'rams throu'h T Web #ccess. the client computer must be runnin' "CC =(8( "CC =(8 is included ,ith the follo,in' operatin' systems: Windo,s er!er 2008 Windo,s Aista ,ith er!ice Pac0 8 % P8& Feta and Windo,s Aista ,ith P8 "elease Candidate %"C& Windo,s EP ,ith er!ice Pac0 9 % P9& Feta and Windo,s EP ,ith P9 "C

W o s ould use TS RemoteApp#

This 'uide is intended for the follo,in' audiences: -T planners and analysts ,ho are e!aluatin' the product Enterprise architects

-T professionals ,ho deploy or administer terminal ser!ers. line+of+business %LHF& applications. or applications that can be more efficiently deployed ,ith T "emote#pp

&ey scenarios "or TS RemoteApp

T "emote#pp is especially useful in scenarios such as the follo,in': Remote users' *sers often need to access pro'rams from remote locations. such as ,hile ,or0in' from home or ,hile tra!elin'( -f you ,ant users to access "emote#pp pro'rams o!er an -nternet connection. you can allo, access throu'h a Airtual Pri!ate Iet,or0 %API&. or you can deploy T "emote#pp to'ether ,ith Terminal er!ices 7ate,ay %T 7ate,ay& to help secure remote access to the pro'rams( (ranc o""ices' -n a branch office en!ironment. there may be limited local -T support and limited net,or0 band,idth( Fy usin' T "emote#pp. you can centrali3e the mana'ement of your applications and impro!e remote pro'ram performance in limited band,idth scenarios( )ine-o"-business *)+(, applications deployment' Companies often need to run consistent LHF applications on computers that are runnin' different Windo,s !ersions and confi'urations( -nstead of deployin' the LHF applications to all the computers in the company. ,hich can be e1pensi!e in terms of time and cost. you can install the LHF applications on a terminal ser!er and ma0e them a!ailable throu'h T "emote#pp( Application deployment' With T "emote#pp you do not ha!e to deploy and maintain different !ersions of the same pro'ram for indi!idual computers( -f employees need to use multiple !ersions of a pro'ram. you can install those !ersions on one or more terminal ser!ers. and users can access them throu'h T "emote#pp( Roaming users' -n a company ,ith a fle1ible des0 policy. users can ,or0 from different computers( -n some cases. the computer ,here a user is ,or0in' may not ha!e the
6

necessary pro'rams installed locally( Fy usin' T "emote#pp. you can install the pro'rams on a terminal ser!er and ma0e them a!ailable to users as if those pro'rams ,ere installed locally(

-ow s ould ! deploy RemoteApp programs#

Fefore you confi'ure T "emote#pp. you should decide ho, you ,ant to distribute "emote#pp pro'rams to users( /ou can use either of the follo,in' deployment methods: /ou can ma0e "emote#pp pro'rams a!ailable on a Web site by distributin' the "emote#pp pro'rams throu'h T Web #ccess( /ou can distribute "emote#pp pro'rams as (rdp files or Windo,s -nstaller pac0a'es throu'h a file share. or throu'h other distribution mechanisms such as Microsoft ystems Mana'ement er!er or #cti!e Cirectory soft,are distribution(

RemoteApp deployment components

About deploying RemoteApp programs t roug TS Web Access

-f you use T Web #ccess. you can deploy "emote#pp pro'rams from a sin'le terminal ser!er or farm. or a lin0 to the full terminal ser!er des0top. directly throu'h T Web #ccess( #ll "emote#pp pro'rams on the terminal ser!er or farm that are confi'ured for T Web #ccess ,ill appear on the T Web #ccess Web site( %ote #dditionally. T Web #ccess includes the "emote Ces0top Web Connection feature. ,hich allo,s users to connect from a Web bro,ser to the remote des0top of any ser!er
8

or client computer ,here they ha!e "emote Ces0top access( /ou can determine ,hether you ,ant this feature to be a!ailable to users( Jor more information. see Confi'ure "emote Ces0top Web Connection Feha!ior( To deploy "emote#pp pro'rams by usin' T Web #ccess. you must complete the follo,in' tas0s(
Tas. Re"erence

8( Confi'ure the ser!er that ,ill host "emote#pp pro'rams( This includes installin' Terminal er!er. installin' pro'rams. and !erifyin' remote connection settin's( 2( *se T "emote#pp Mana'er to add "emote#pp pro'rams that are enabled for T Web #ccess. and to confi'ure 'lobal deployment settin's( 9( -nstall T Web #ccess on the ser!er that you ,ant users to connect to o!er the Web to access "emote#pp pro'rams( B( #dd the computer account of the T Web #ccess ser!er to the T Web #ccess Computers 'roup on the terminal ser!er( :( Confi'ure the T Web #ccess ser!er to populate its list of "emote#pp pro'rams from a sin'le terminal ser!er or sin'le farm(

Confi'ure the ser!er that ,ill host "emote#pp pro'rams

#dd "emote#pp pro'rams and confi'ure 'lobal deployment settin's

-nstall the T Web #ccess role ser!ice

Populate the T Web #ccess Computers security 'roup Confi'ure the data source for T Web #ccess

About deploying RemoteApp programs t roug a "ile s are or ot er distribution mec anism
/ou can also deploy "emote#pp pro'rams throu'h (rdp files or Windo,s -nstaller pac0a'es that are made a!ailable throu'h file sharin'. or throu'h other distribution mechanisms such as Microsoft ystems Mana'ement er!er or #cti!e Cirectory soft,are distribution( These methods enable you to distribute "emote#pp pro'rams to users ,ithout usin' T Web #ccess( %ote -f you distribute "emote#pp pro'rams throu'h Windo,s -nstaller pac0a'es. you can also confi'ure ,hether the terminal ser!er ,ill ta0e o!er client file name e1tensions for the "emote#pp pro'rams( -f this is the case. a user can double+clic0 a file ,here the file name e1tension is associated ,ith a "emote#pp pro'ram( /ou must complete the follo,in' tas0s to prepare "emote#pp pro'rams for distribution throu'h a file share or some other distribution mechanism(

Tas.

Re"erence

8( Confi'ure the ser!er that ,ill host "emote#pp pro'rams( This includes installin' Terminal er!er. installin' pro'rams. and !erifyin' remote connection settin's( 2( *se T "emote#pp Mana'er to add "emote#pp pro'rams and to confi'ure 'lobal deployment settin's( 9( *se T "emote#pp Mana'er to create (rdp files or Windo,s -nstaller pac0a'es from "emote#pp pro'rams(

Confi'ure the ser!er that ,ill host "emote#pp pro'rams

#dd "emote#pp pro'rams and confi'ure 'lobal deployment settin's Create an (rdp file from a "emote#pp pro'ram Create a Windo,s -nstaller pac0a'e from a "emote#pp pro'ram

#fter you create (rdp files or Windo,s -nstaller pac0a'es. you can distribute them to users(

Con"igure t e server t at will ost RemoteApp programs

Fefore you can deploy "emote#pp pro'rams to users. you must confi'ure the ser!er to host "emote#pp pro'rams( The follo,in' procedures are co!ered: -nstall the Terminal er!er role ser!ice -nstall pro'rams on the terminal ser!er Aerify remote connection settin's

%ote These procedures apply to an en!ironment ,here you are usin' a sin'le terminal ser!er to host "emote#pp pro'rams( To perform these procedures. you must be a member of the Administrators 'roup on the terminal ser!er(

!nstall t e Terminal Server role service

To install t e Terminal Server role service 8( Hpen er!er Mana'er( To open er!er Mana'er. clic0 Start. point to Administrative Tools. and then clic0 Server /anager( 2( *nder Roles Summary. clic0 Add Roles( 9( Hn the (e"ore 0ou (egin pa'e of the #dd "oles Wi3ard. clic0 %e1t( B( Hn the Select Server Roles pa'e. select the Terminal Services chec0 bo1. and then clic0 %e1t(
10

:( Hn the Terminal Services pa'e. clic0 %e1t( =( Hn the Select Role Services pa'e. select the Terminal Server chec0 bo1. and then clic0 %e1t( 5( Hn the 2ninstall and Reinstall Applications "or Compatibility pa'e. re!ie, the information. and then clic0 %e1t( 8( Hn the Speci"y Aut entication /et od "or Terminal Server pa'e. select the desired authentication method. and then clic0 %e1t( @( Hn the Speci"y )icensing /ode pa'e. select the licensin' mode that applies to your Terminal er!ices en!ironment. and then clic0 %e1t( 80( Hn the Select 2ser Groups Allowed Access To T is Terminal Server pa'e. add any users or 'roups that you ,ant to add to the "emote Ces0top *sers 'roup. and then clic0 %e1t( 88( Hn the Con"irm !nstallation Selections pa'e. !erify that the Terminal er!er role ser!ice ,ill be installed. and then clic0 !nstall( 82( Hn the !nstallation Results pa'e. you are prompted to restart the ser!er to finish the installation process( Clic0 Close. and then clic0 0es to restart the ser!er( 89( #fter the ser!er restarts. the "esume Confi'uration Wi3ard completes the installation( When you see an !nstallation succeeded status messa'e on the !nstallation Results pa'e. clic0 Close(

!nstall programs on t e terminal server

We recommend that you install pro'rams on the terminal ser!er after you ha!e installed the Terminal er!er role ser!ice( -f you install a pro'ram from a Windo,s -nstaller pac0a'e. the pro'ram ,ill automatically install in Terminal er!er -nstall mode( -f you are installin' from another 0ind of etup pac0a'e. use either of the follo,in' methods to put the ser!er into -nstall mode: *se the !nstall Application on Terminal Server option in Control Panel to install the pro'ram( Fefore you install a pro'ram. run the c ange user 3install command from the command line( #fter the pro'ram is installed. run the c ange user 3e1ecute command to e1it from -nstall mode( -f you ha!e pro'rams that are related to each other or ha!e dependencies on each other. ,e recommend that you install the pro'rams on the same terminal ser!er( Jor e1ample. ,e recommend that you install Microsoft Hffice as a suite instead of installin' indi!idual Hffice pro'rams on separate terminal ser!ers( /ou should consider puttin' indi!idual pro'rams on separate terminal ser!ers in the follo,in' circumstances: The pro'ram has compatibility issues that may affect other pro'rams( # sin'le pro'ram and the number of associated users may fill ser!er capacity(

11

4eri"y remote connection settings

Fy default. remote connections are enabled after you install the Terminal er!er role ser!ice( /ou can use the follo,in' procedure to add users and 'roups that need to connect to the terminal ser!er. and to !erify or to chan'e remote connection settin's( To veri"y remote connection settings 8( tart the ystem tool( To do this. clic0 Start. clic0 Run. type control system in the +pen bo1. and then clic0 +&( 2( *nder Tas.s. clic0 Remote settings( 9( -n the System 5roperties dialo' bo1. on the Remote tab. ensure that the "emote Ces0top connection settin' is confi'ured correctly. dependin' on your en!ironment( /ou can select either of the follo,in' options: Allow connections "rom computers running any version o" Remote 6es.top *less secure, Allow connections only "rom computers running Remote 6es.top wit %etwor. )evel Aut entication *more secure, Jor more information about the t,o options. on the Remote tab. clic0 the -elp me c oose lin0( B( To add the users and 'roups that need to connect to the terminal ser!er by usin' "emote Ces0top. clic0 Select 2sers. and then clic0 Add( The users and 'roups that you add are added to the "emote Ces0top *sers 'roup( %ote Members of the local #dministrators 'roup can connect e!en if they are not listed( :( When you are finished. clic0 +& to close the System 5roperties dialo' bo1(

Add RemoteApp programs and con"igure global deployment settings

#fter you ha!e prepared the terminal ser!er to host "emote#pp pro'rams. you can use T "emote#pp Mana'er to do the follo,in': #dd pro'rams to the "emote#pp Pro'rams list Confi'ure 'lobal deployment settin's

-n T "emote#pp Mana'er. you can also delete. modify. import "emote#pp pro'rams and settin's from another terminal ser!er. or e1port "emote#pp pro'rams and settin's to another terminal ser!er( Jor more information. see Mana'e "emote#pp pro'rams and settin's(

12

Add programs to t e RemoteApp 5rograms list

To ma0e a "emote#pp pro'ram a!ailable to users throu'h any distribution mechanism. you must add the pro'ram to the RemoteApp 5rograms list( Fy default. pro'rams that you add to the list are confi'ured to be a!ailable throu'h T Web #ccess( To add a program to t e RemoteApp 5rograms list 8( tart T "emote#pp Mana'er( To do this. clic0 Start. point to Administrative Tools. point to Terminal Services. and then clic0 TS RemoteApp /anager( 2( -n the Actions pane. clic0 Add RemoteApp 5rograms( 9( Hn the Welcome to t e RemoteApp Wi7ard pa'e. clic0 %e1t( B( Hn the C oose programs to add to t e RemoteApp 5rograms list pa'e. select the chec0 bo1 ne1t to each pro'ram that you ,ant to add to the RemoteApp 5rograms list( /ou can select multiple pro'rams( %ote The pro'rams that are sho,n on the C oose programs to add to t e RemoteApp 5rograms list pa'e are the pro'rams that are found on the #ll *sers Start menu on the terminal ser!er( -f the pro'ram that you ,ant to add to the RemoteApp 5rograms list is not in the list. clic0 (rowse. and then specify the location of the pro'ram)s (e1e file( :( To confi'ure the properties for a "emote#pp pro'ram. clic0 the pro'ram name. and then clic0 5roperties( /ou can confi'ure the follo,in': The pro'ram name that ,ill appear to users( To chan'e the name. type a ne, name in the RemoteApp program name bo1( The path of the pro'ram e1ecutable file( To chan'e the path. type the ne, path in the )ocation bo1. or clic0 (rowse to locate the (e1e file( %ote /ou can use system en!ironment !ariables in the path name( Jor e1ample. you can substitute K,indirK for the e1plicit path of the Windo,s folder %such as C:LWindo,s&( /ou cannot use per user en!ironment !ariables( The alias for the "emote#pp pro'ram( The alias is a uni<ue identifier for the pro'ram that defaults to the pro'ram)s file name %,ithout the e1tension&( We recommend that you do not chan'e this name( Whether the "emote#pp pro'ram is a!ailable throu'h T Web #ccess( Fy default. the RemoteApp program is available t roug TS Web Access settin' is enabled( To chan'e the settin'. select or clear the chec0 bo1( Whether command+line ar'uments are allo,ed. not allo,ed. or ,hether to al,ays use the same command+line ar'uments( The pro'ram icon that ,ill be used( To chan'e the icon. clic0 C ange !con( =( When you are finished confi'urin' pro'ram properties. clic0 +&. and then clic0 %e1t(
13

5( Hn the Review Settings pa'e. re!ie, the settin's. and then clic0 8inis ( The pro'rams that you selected should appear in the RemoteApp 5rograms list(

Con"igure global deployment settings

/ou can confi'ure 'lobal deployment settin's that apply to all "emote#pp pro'rams in the RemoteApp 5rograms list( These settin's ,ill apply to any "emote#pp pro'ram that you ma0e a!ailable throu'h T Web #ccess( #dditionally. these settin's ,ill be used as the default settin's if you create (rdp files or Windo,s -nstaller pac0a'es from any of the listed "emote#pp pro'rams( %ote #ny chan'es to deployment settin's that you ma0e ,hen you use T "emote#pp Mana'er to create (rdp files or Windo,s -nstaller pac0a'es ,ill o!erride the 'lobal settin's( These 'lobal deployment settin's include: Terminal ser!er settin's T 7ate,ay settin's Common "emote Ces0top Protocol %"CP& settin's Custom "CP settin's Ci'ital si'nature settin's

Con"igure terminal server settings

To define ho, users ,ill connect to the terminal ser!er %or terminal ser!er farm& to access "emote#pp pro'rams. you can confi'ure terminal ser!er deployment settin's( To con"igure terminal server settings 8( -n the Actions pane of T "emote#pp Mana'er. clic0 Terminal Server Settings( %Hr. in the +verview pane. ne1t to Terminal Server Settings. clic0 C ange(& 2( Hn the Terminal Server tab. under Connection settings. accept or modify the ser!er or farm name. the "CP port number. and ser!er authentication settin's( !mportant -f the Re$uire server aut entication chec0 bo1 is selected. consider the follo,in': -f any client computers are runnin' Windo,s er!er 2009 ,ith P8 or Windo,s EP ,ith P2. you must confi'ure the terminal ser!er to use a ecure oc0ets Layer % L& certificate( %/ou cannot use a self+si'ned certificate(& -f the "emote#pp pro'ram is for intranet use. and all client computers are runnin' either Windo,s er!er 2008 or Windo,s Aista. you do not ha!e to confi'ure the terminal ser!er to use an L certificate( -n this case. Iet,or0 Le!el #uthentication is used(
14

9( To pro!ide a lin0 to the full terminal ser!er des0top throu'h T Web #ccess. under Remote des.top access. select the S ow a remote des.top connection to t is terminal server in TS Web Access chec0 bo1( B( *nder Access to unlisted programs. choose either of the follo,in': 6o not allow users to start unlisted program on initial connection *Recommended, To help protect a'ainst malicious users. or a user unintentionally startin' a pro'ram from an (rdp file on initial connection. ,e recommended that you select this settin'( !mportant This settin' does not pre!ent users from startin' unlisted pro'rams remotely after they connect to the terminal ser!er by usin' the "emote#pp pro'ram( Jor e1ample. if Microsoft Word is in the RemoteApp 5rograms list and Microsoft -nternet E1plorer is not. if a user starts a remote Word session. and then clic0s a hyperlin0 in a Word document. they can start -nternet E1plorer( Allow users to start bot listed and unlisted programs on initial connection Caution -f you choose this option. users can start any pro'ram remotely from an (rdp file on initial connection. not 2ust those pro'rams in the RemoteApp 5rograms list( To help protect a'ainst malicious users. or a user unintentionally startin' a pro'ram from an (rdp file. ,e recommend that you do not select this settin'( :( When you are finished. clic0 +&(

Con"igure TS Gateway settings

To define ,hether users ,ill connect to the terminal ser!er across a fire,all throu'h T 7ate,ay. you can confi'ure T 7ate,ay deployment settin's( Jor more information about T 7ate,ay. see the T 7ate,ay tep+by+ tep 7uide %http:66'o(microsoft(com6f,lin06;Lin0-dG8:852&( To con"igure TS Gateway settings 8( -n the Actions pane of T "emote#pp Mana'er. clic0 TS Gateway Settings( %Hr. in the +verview pane. ne1t to TS Gateway Settings. clic0 C ange(& 2( Hn the TS Gateway tab. confi'ure the desired T 7ate,ay beha!ior( /ou can confi'ure ,hether to automatically detect T 7ate,ay ser!er settin's. to use T 7ate,ay ser!er settin's that you specify. or to not use a T 7ate,ay ser!er( -f you select Automatically detect TS Gateway server settings. the client tries to use 7roup Policy settin's to determine the beha!ior of client connections to T 7ate,ay( %ote Jor more information about client 7roup Policy settin's. see the ?elp topic M*sin' 7roup Policy to Mana'e Client Connections Throu'h T 7ate,ay(M %To
15

open T 7ate,ay ?elp on a Windo,s er!er 2008+based ser!er. clic0 Start. clic0 Run. type ts9gateway'c m. and then clic0 +&(& -f you select 2se t ese TS Gateway server settings. do the follo,in': a( Confi'ure the T 7ate,ay ser!er name and the lo'on method( !mportant The ser!er name must match ,hat is specified in the T 7ate,ay ser!er( L certificate for the

b( -f you ,ant the connection to try to use the same user credentials to access both the T 7ate,ay ser!er and the terminal ser!er. select the 2se t e same user credentials "or TS Gateway and terminal server chec0 bo1( ?o,e!er. users may still recei!e t,o prompts for credentials if conflictin' credentials e1ist from any source such as 7roup Policy settin's. and those credentials do not ,or0( They may also recei!e t,o prompts for credentials if default credentials are used for the connection and those credentials do not ,or0( c( -f you ,ant the client computer to automatically detect ,hen T 7ate,ay is re<uired. select the (ypass TS Gateway server "or local addresses chec0 bo1( % electin' this option optimi3es client performance(& To al,ays use a T 7ate,ay ser!er for client connections. clear the (ypass TS Gateway server "or local addresses chec0 bo1( 9( When you are finished. clic0 +&(

Con"igure common R65 settings *optional,

/ou can specify common "emote Ces0top Protocol %"CP& settin's for "emote#pp connections. such as de!ice and resource redirection. and some user display settin's( These settin's ,ill apply ,hen a user connects to a "emote#pp pro'ram throu'h T Web #ccess. or ,hen you create an (rdp file or a Windo,s -nstaller pac0a'e from an e1istin' "emote#pp pro'ram( To con"igure common R65 settings 8( -n the +verview pane of T "emote#pp Mana'er. ne1t to R65 Settings. clic0 C ange( 2( *nder 6evices and resources. confi'ure ,hich de!ices and resources on the client computer you ,ant to ma0e a!ailable in the remote session( 9( *nder 2ser e1perience. choose ,hether to enable font smoothin' and the desired color depth( B( When you are finished. clic0 Apply( %ote To confi'ure additional "CP settin's. such as audio redirection. clic0 the Custom R65 Settings tab( Jor more information. see Confi'ure Custom "CP ettin's( :( To close the RemoteApp 6eployment Settings dialo' bo1. clic0 +&(
16

%ote -f you do not si'n (rdp files ,ith a di'ital si'nature. or if you si'n (rdp files ,ith a di'ital si'nature that clients do not reco'ni3e %such as a certificate from a pri!ate certification authority&. some redirection settin's that you specify in T "emote#pp Mana'er may be o!erridden by the client( Jor e1ample. if you enable all redirection settin's on the Common R65 Settings tab. and a user connects to an (rdp file that is not si'ned. dis0 dri!es. and supported Plu' and Play de!ices ,ill not be redirected automatically( These de!ices and resources ,ill only be redirected if the user enables these redirection settin's in the RemoteApp ,arnin' dialo' bo1 that appears ,hen they try to connect( This default beha!ior helps to reduce potential security !ulnerabilities( %Iote that the same beha!ior occurs if you enable serial port redirection on the Custom R65 Settings tab(&

Con"igure custom R65 settings *optional,

/ou can specify custom "CP settin's for "emote#pp connections. such as audio redirection( These settin's ,ill apply ,hen a user connects to a "emote#pp pro'ram throu'h T Web #ccess. or ,hen you create a Windo,s -nstaller pac0a'e or (rdp file from an e1istin' "emote#pp pro'ram( %ote /ou can use custom "CP settin's to confi'ure the ,or0in' directory for "emote#pp pro'rams( Fy default. the ,or0in' directory for a "emote#pp pro'ram is the same location as the pro'ram e1ecutable file( -f you confi'ure the ,or0in' directory as a custom "CP settin'. the settin' ,ill apply to all "emote#pp pro'rams that are a!ailable throu'h T Web #ccess. and to any (rdp files or Windo,s -nstaller pac0a'es that you create from a "emote#pp pro'ram( -f you ,ant to customi3e the ,or0in' directory for "emote#pp pro'rams that you plan to distribute as (rdp files or Windo,s -nstaller pac0a'es. you can add the ,or0in' directory as a custom "CP settin'. create the files from the "emote#pp pro'rams. and then clear the ,or0in' directory custom "CP settin'( To speci"y custom R65 settings 8( -n the +verview pane of T "emote#pp Mana'er. ne1t to R65 Settings. clic0 C ange( 2( Hn the Custom R65 Settings tab. type or copy the custom "CP settin's that you ,ant to use into the Custom R65 settings bo1( To copy settin's from an e1istin' (rdp file. open the file in a te1t editor such as Iotepad. and then copy the desired settin's( !mportant /ou cannot o!erride settin's that are a!ailable in the 'lobal deployment settin's in T "emote#pp Mana'er( -f you do so. you ,ill be prompted to remo!e those settin's ,hen you clic0 Apply( To create an (rdp file to copy the settin's from. follo, these steps:
17

a( Hpen the "CC client. and then clic0 +ptions( b( Confi'ure the settin's that you ,ant. such as audio redirection( c( When you are finished. on the General tab. clic0 Save As. and then sa!e the (rdp file( d( Hpen the (rdp file in Iotepad. and then copy the desired settin's into the Custom R65 settings bo1 on the Custom R65 Settings tab( 9( When you ha!e finished addin' the settin's that you ,ant. clic0 Apply( B( -f the :rror wit Custom R65 Settings dialo' bo1 appears. do the follo,in': a( Clic0 Remove to automatically remo!e the settin's that are either not !alid or cannot be o!erridden. or clic0 +& to remo!e the settin's manually( b( #fter the settin's are remo!ed. clic0 Apply a'ain( :( To close the RemoteApp 6eployment Settings dialo' bo1. clic0 +&(

Con"igure digital signature settings *optional,

/ou can use a di'ital si'nature to si'n (rdp files that are used for "emote#pp connections to the terminal ser!er( This includes the (rdp files that are used for connections throu'h T Web #ccess to "emote#pp pro'rams on the terminal ser!er and to the terminal ser!er des0top( !mportant To connect to a "emote#pp pro'ram by usin' a di'itally si'ned (rdp file. the client must be runnin' "CC =(8( %The "CC =(8 N=(0(=008O client supports "emote Ces0top Protocol =(8(& -f you use a di'ital certificate. the crypto'raphic si'nature on the connection file pro!ides !erifiable information about your identity as its publisher( This enables clients to reco'ni3e your or'ani3ation as the source of the "emote#pp pro'ram or the remote des0top connection. and allo,s them to ma0e more informed trust decisions about ,hether to start the connection( This helps protect a'ainst the use of (rdp files that ,ere altered by a malicious user( /ou can si'n (rdp files that are used for "emote#pp connections by usin' a er!er #uthentication certificate % L certificate& or a Code i'nin' certificate( /ou can obtain L and Code i'nin' certificates from public certification authorities %C#s&. or from an enterprise C# in your public 0ey infrastructure hierarchy( -f you are already usin' an L certificate for terminal ser!er or T 7ate,ay connections. you can use the same certificate to si'n (rdp files( ?o,e!er. if users ,ill connect to "emote#pp pro'rams from public or home computers. you must use either of the follo,in': # certificate from a public certification authority %C#& that participates in the Microsoft "oot Certificate Pro'ram Members pro'ram %http:66'o(microsoft(com6f,lin06;Lin0-CG:@:B5&( -f you are usin' an enterprise C#. your enterprise C#+issued certificate must be co+ si'ned by a public C# that participates in the Microsoft "oot Certification Pro'ram Members pro'ram(

18

To con"igure t e digital certi"icate to use 8( -n the Actions pane of T "emote#pp Mana'er. clic0 6igital Signature Settings( %Hr. in the +verview pane. ne1t to 6igital Signature Settings. clic0 C ange(& 2( elect the Sign wit a digital certi"icate chec0 bo1( 9( -n the 6igital certi"icate details bo1. clic0 C ange( B( -n the Select Certi"icate dialo' bo1. select the certificate that you ,ant to use. and then clic0 +&( %ote The Select Certi"icate dialo' bo1 is populated by certificates that are located in the local computer)s certificates store or in your personal certificate store( The certificate that you ,ant to use must be located in one of these stores( Group 5olicy settings to control client be avior w en opening a digitally signed 'rdp "ile /ou can use 7roup Policy to confi'ure clients to al,ays reco'ni3e "emote#pp pro'rams from a particular publisher as trusted( /ou can also confi'ure ,hether clients ,ill bloc0 "emote#pp pro'rams and remote des0top connections from e1ternal or un0no,n sources( Fy usin' these policy settin's. you can reduce the number and comple1ity of security decisions that users face( This reduces the chances of inad!ertent user actions that may lead to security !ulnerabilities( The rele!ant 7roup Policy settin's are located in the Local 7roup Policy Editor at the follo,in' location. in both the Computer Confi'uration and in the *ser Confi'uration node: Administrative Templates;Windows Components;Terminal Services;Remote 6es.top Connection Client The a!ailable policy settin's are: Speci"y S-A< t umbprints o" certi"icates representing trusted 'rdp publis ers This policy settin' allo,s you to specify a list of ecure ?ash #l'orithm 8 % ?#8& certificate thumbprints that represent trusted (rdp file publishers( -f you enable this policy settin'. any certificate ,ith an ?#8 thumbprint that matches a thumbprint on the list ,ill be considered trusted( Allow 'rdp "iles "rom valid publis ers and user=s de"ault 'rdp settings This policy settin' allo,s you to specify ,hether users can run (rdp files from a publisher that si'ned the file ,ith a !alid certificate( This policy settin' also controls ,hether the user can start an "CP session by usin' default (rdp settin's. such as ,hen a user directly opens the "CC client ,ithout specifyin' an (rdp file( Allow 'rdp "iles "rom un.nown publis ers This policy settin' allo,s you to specify ,hether users can run unsi'ned (rdp files and (rdp files from un0no,n publishers on the client computer( !mportant To use these 7roup Policy settin's. the client computer must be runnin' "CC =(8(

19

Jor more information about these policy settin's. !ie, the 7roup Policy E1plain te1t in the Local 7roup Policy Editor(

/anage RemoteApp programs and settings

-n T "emote#pp Mana'er. you can ma0e chan'es to an e1istin' "emote#pp pro'ram. or you can remo!e the pro'ram from the list( #dditionally. you can e1port or import the RemoteApp 5rograms list and the 'lobal deployment settin's to or from another terminal ser!er( Chan'e or delete a "emote#pp pro'ram E1port or import "emote#pp pro'rams and settin's

C ange or delete a RemoteApp program

#fter you ha!e added a pro'ram to the RemoteApp 5rograms list. you can chan'e the deployment settin's for all "emote#pp pro'rams. chan'e the properties of a sin'le "emote#pp pro'ram. or delete the "emote#pp pro'ram from the list( To chan'e deployment settin's for all "emote#pp pro'rams. in the Actions pane of T "emote#pp Mana'er. clic0 Terminal Server Settings. TS Gateway Settings. or 6igital Signature Settings( %Hr. clic0 one of the C ange options in the +verview pane( /ou can also chan'e custom "CP settin's in the +verview pane(& !mportant -f you ma0e any chan'es. the chan'es ,ill not affect (rdp files or Windo,s -nstaller pac0a'es that you already created by usin' T "emote#pp Mana'er( To chan'e the properties of a sin'le "emote#pp pro'ram. clic0 the pro'ram in the RemoteApp 5rograms list. and then in the Actions pane for the pro'ram. clic0 5roperties( %ote /ou cannot chan'e the properties of an e1istin' (rdp file or Windo,s -nstaller pac0a'e by usin' T "emote#pp Mana'er( -nstead. you must clic0 Create 'rdp 8ile or Create Windows !nstaller 5ac.age in the Actions pane to create a ne, (rdp file or Windo,s -nstaller pac0a'e that has the desired properties( To chan'e ,hether the "emote#pp pro'ram ,ill be a!ailable from T Web #ccess. clic0 the pro'ram. and then clic0 S ow in TS Web Access or -ide in TS Web Access in the Actions pane( To delete a pro'ram in the RemoteApp 5rograms list. clic0 the "emote#pp pro'ram. and then in the Actions pane for the pro'ram. clic0 Remove( Clic0 0es to confirm the deletion( %ote When you delete a pro'ram in the RemoteApp 5rograms list. any (rdp files or Windo,s -nstaller pac0a'es that you created from the "emote#pp pro'ram are not deleted(

20

:1port or import RemoteApp programs and settings

/ou can copy the RemoteApp 5rograms list and deployment settin's from one terminal ser!er to another terminal ser!er( /ou mi'ht ,ant to do this if you ,ant to confi'ure multiple terminal ser!ers identically to host "emote#pp pro'rams. such as in a terminal ser!er farm( To e1port t e RemoteApp 5rograms list and deployment settings 8( 9( tart T "emote#pp Mana'er( elect either of the follo,in' options: :1port t e RemoteApp 5rograms list and settings to anot er terminal server -f you select this option. in the Terminal server name bo1. enter the name of the terminal ser!er that you ,ant to e1port the settin's to. and then clic0 +&( %Jor the e1port operation to succeed. the source terminal ser!er must ha!e Windo,s Mana'ement -nstrumentation %WM-& access to the tar'et terminal ser!er(& !mportant When you clic0 +&. the RemoteApp 5rograms list and deployment settin's ,ill be automatically o!er,ritten on the tar'et terminal ser!er( :1port t e RemoteApp 5rograms list and settings to a "ile -f you select this option. clic0 +&( -n the Save As dialo' bo1. specify a location to sa!e the (tspub file. and then clic0 Save( To import t e RemoteApp 5rograms list and deployment settings 8( 9( tart T "emote#pp Mana'er( elect either of the follo,in' options: !mport t e RemoteApp 5rograms list and settings "rom anot er terminal server -f you select this option. in the Terminal server name bo1. enter the name of the terminal ser!er that you ,ant to import the settin's from. and then clic0 +&( The settin's are imported directly into T "emote#pp Mana'er( %Jor the import operation to succeed. the source terminal ser!er must ha!e WM- access to the tar'et terminal ser!er(& !mport t e RemoteApp 5rograms list and settings "rom a "ile -f you select this option. clic0 +&( -n the +pen dialo' bo1. locate and then clic0 the (tspub file that you ,ant to import. and then clic0 +pen( -f you import a confi'uration. and the tar'et terminal ser!er does not ha!e a pro'ram in the RemoteApp 5rograms list installed or the pro'ram is installed in a different folder. the pro'ram

2( -n the Actions pane. clic0 :1port RemoteApp Settings(

2( -n the Actions pane. clic0 !mport RemoteApp Settings(

21

,ill appear in the RemoteApp 5rograms list( ?o,e!er. the name ,ill be displayed ,ith stri0ethrou'h te1t( %ote Hnly the RemoteApp 5rograms list and deployment settin's are e1ported or imported( #ny (rdp files or Windo,s -nstaller pac0a'es that ,ere created from the pro'rams ,ill not be e1ported or imported( /ou must create ne, (rdp files or Windo,s -nstaller pac0a'es on each terminal ser!er unless the ser!er is a member of a terminal ser!er farm( -f you specified a farm name ,hen you created the (rdp files or Windo,s -nstaller pac0a'es. and the ser!er ,here you ,ant to copy the files to is a member of the same terminal ser!er farm. you can manually copy the files(

6eploy RemoteApp programs to users

The follo,in' section includes instructions about ho, to deploy "emote#pp pro'rams to users throu'h T Web #ccess or throu'h a file share or other distribution mechanism(

6eploy RemoteApp programs t roug TS Web Access

With T Web #ccess. users can access "emote#pp pro'rams from a Web site o!er the -nternet or from an intranet( To start a "emote#pp pro'ram. they 2ust clic0 the pro'ram icon( T Web #ccess pro!ides a solution that ,or0s ,ith minimal confi'uration( The default T Web #ccess Web pa'e includes a customi3able Web Part. ,hich can be incorporated into a customi3ed Web pa'e( %ote Jor information about client re<uirements. see Client re<uirements and confi'uration( To use T Web #ccess to deploy "emote#pp pro'rams. you must do the follo,in': 8( -nstall the T Web #ccess role ser!ice( 2( Populate the T Web #ccess Computers security 'roup( 9( pecify the terminal ser!er from ,hich to populate the list of "emote#pp pro'rams that ,ill appear in the T Web #ccess Web Part(

!nstall t e TS Web Access role service

/ou must install the T Web #ccess role ser!ice on the ser!er that you ,ant users to connect to o!er the Web to access "emote#pp pro'rams( When you install the T Web #ccess role ser!ice. Microsoft -nternet -nformation er!ices %-- & 5(0 is also installed( The ser!er ,here you install T Web #ccess acts as the Web ser!er( The ser!er does not ha!e to be a terminal ser!er( %ote Fy default. ,hen you install T Web #ccess. the T Web #ccess Web site installs to the Cefault Web ite in -- ( To chan'e the default install location of the site. you can confi'ure a different location in the re'istry( /ou must do this before you install the
22

T Web #ccess role ser!ice( Jor more information. see the Chan'e the install location of the default T Web #ccess Web site section later in this 'uide( Membership in the local Administrators 'roup is the minimum re<uired to complete this procedure( To install TS Web Access 8( Hpen er!er Mana'er( To open er!er Mana'er. clic0 Start. point to Administrative Tools. and then clic0 Server /anager( 2( -f the Terminal er!ices role is already installed: a( *nder Roles Summary. clic0 Terminal Services' b( *nder Role Services. clic0 Add Role Services' c( Hn the Select Role Services pa'e. select the TS Web Access chec0 bo1( -f the Terminal er!ices role is not already installed: a( *nder Roles Summary. clic0 Add Roles( b( Hn the (e"ore 0ou (egin pa'e. clic0 %e1t( c( Hn the Select Server Roles pa'e. select the Terminal Services chec0 bo1. and then clic0 %e1t( d( "e!ie, the Terminal Services pa'e. and then clic0 %e1t( e( Hn the Select Role Services pa'e. select the TS Web Access chec0 bo1( 9( "e!ie, the information about the re<uired role ser!ices. and then clic0 Add Re$uired Role Services( B( Clic0 %e1t( :( "e!ie, the Web Server *!!S, pa'e. and then clic0 %e1t( =( Hn the Select Role Services pa'e. ,here you are prompted to select the role ser!ices that you ,ant to install for -- . clic0 %e1t( 5( Hn the Con"irm !nstallation Selections pa'e. clic0 !nstall( 8( Hn the !nstallation Results pa'e. confirm that the installation succeeded. and then clic0 Close(

5opulate t e TS Web Access Computers security group

-f the T Web #ccess ser!er and the terminal ser!er that hosts the "emote#pp pro'rams are separate ser!ers. you must add the computer account of the T Web #ccess ser!er to the T Web #ccess Computers security 'roup on the terminal ser!er( To add t e computer account o" t e TS Web Access server to t e security group 8( Hn the terminal ser!er. clic0 Start. point to Administrative Tools. and then clic0 Computer /anagement( 2( -n the left pane. e1pand )ocal 2sers and Groups. and then clic0 Groups( 9( -n the ri'ht pane. double+clic0 TS Web Access Computers(
23

B( -n the TS Web Access Computers 5roperties dialo' bo1. clic0 Add( :( -n the Select 2sers> Computers> or Groups dialo' bo1. clic0 +b?ect Types( =( -n the +b?ect Types dialo' bo1. select the Computers chec0 bo1. and then clic0 +&( 5( -n the :nter t e ob?ect names to select bo1. specify the computer account of the T Web #ccess ser!er. and then clic0 +&( 8( Clic0 +& to close the TS Web Access Computers 5roperties dialo' bo1(

Con"igure t e data source "or TS Web Access

/ou can confi'ure T Web #ccess to populate the list of "emote#pp pro'rams that appear in the Web Part from a specific terminal ser!er or terminal ser!er farm( Speci"y t e data source "or TS Web Access Fy default. T Web #ccess populates its list of "emote#pp pro'rams from a sin'le terminal ser!er. and points to the local host( The Web Part is populated by all "emote#pp pro'rams that are enabled for T Web #ccess on that terminal ser!er)s RemoteApp 5rograms list( To complete this procedure. you must lo' on to the T Web #ccess ser!er by usin' the local Administrator account or an account that is a member of the TS Web Access Administrators 'roup on the T Web #ccess ser!er( To speci"y w ic terminal server to use as t e data source 8( Connect to the T Web #ccess Web site( To do this. use either of the follo,in' methods: Hn the T Web #ccess ser!er. clic0 Start. point to Administrative Tools. point to Terminal Services. and then clic0 TS Web Access Administration( *se -nternet E1plorer to connect to the T Web #ccess Web site( Fy default. the Web site is located at the follo,in' address. ,here server!name is the name of the T Web #ccess ser!er: http:66server!name6ts 2( Lo' on to the site by usin' either the local #dministrator account. or an account that is a member of the local T Web #ccess #dministrators 'roup( %-f you are already lo''ed on to the computer as one of these accounts. you are not prompted for credentials(& 9( Hn the title bar. clic0 the Con"iguration tab( %ote -f you access the T Web #ccess Web site by usin' the T Web #ccess #dministration option. the pa'e automatically opens to the Con"iguration tab( B( -n the :ditor @one area. in the Terminal server name bo1. enter the name of the terminal ser!er that you ,ant to use as the data source( :( Clic0 Apply to apply the chan'es( To test T Web #ccess. see Connect to T Web #ccess(
24

Connect to TS Web Access

Fy default. you can access the T Web #ccess Web site at the follo,in' location. ,here server!name is the IetF-H name or the fully <ualified domain name of the Web ser!er ,here you installed T Web #ccess: http:66server!name6ts -f you connect to T Web #ccess from a public computer. such as a computer in an M-nternet cafP.M you should clear the ! am using a private computer t at complies wit my organi7ationAs security policy chec0 bo1 that appears in the lo,er+ri'ht corner of the Web Part( -n public mode. you are not pro!ided ,ith the option to sa!e your credentials. and the cachin' of bitmaps is not enabled( Client re$uirements and con"iguration To connect to T Web #ccess. the client computer must be runnin' "CC =(8( "CC =(8 is included ,ith the follo,in' operatin' systems: Windo,s er!er 2008 Windo,s Aista ,ith P8 Feta or Windo,s Aista ,ith P8 "C Windo,s EP ,ith P9 Feta or Windo,s EP ,ith P9 "C

#dditionally. the Terminal er!ices #cti!eE Client control must be enabled( The #cti!eE control is included ,ith "CC =(8( -f you are runnin' Windo,s er!er 2008. Windo,s Aista ,ith P8 Feta. or Windo,s Aista ,ith P8 "C. and you recei!e a ,arnin' messa'e on the -nternet E1plorer -nformation bar about the site bein' restricted from sho,in' certain content. clic0 the messa'e line. point to Add-on 6isabled. and then clic0 Run ActiveB Control( When you do this. you may see a security ,arnin'( Ma0e sure that the publisher for the #cti!eE control is MMicrosoft CorporationM before you clic0 Run( %ote -f the -nternet E1plorer -nformation bar does not appear. and you cannot connect to T Web #ccess. you can enable the Terminal er!ices #cti!eE control by usin' the /anage Add-ons tool on the Tools menu of -nternet E1plorer( The add+on appears as /icroso"t Terminal Services Client Control( -f you are runnin' Windo,s EP ,ith P9 "C. you must modify the re'istry to enable the #cti!eE control( To do this. follo, these steps: Caution erious problems mi'ht occur if you modify the re'istry incorrectly by usin' "e'istry Editor or by usin' another method( These problems mi'ht re<uire that you reinstall the operatin' system( Microsoft cannot 'uarantee that these problems can be sol!ed( Modify the re'istry at your o,n ris0( To enable t e ActiveB control in Windows B5 wit S5C RC by modi"ying t e registry 8( tart "e'istry Editor( To do this. clic0 Start. clic0 Run. type regedit in the +pen bo1.
25

and then clic0 +&( 2( Locate the follo,in' re'istry sub0ey: -&:09C2RR:%T92S:R;So"tware;/icroso"t;Windows;Current4ersion;:1t;Settings 9( -n case you need to restore. ,e recommend that you bac0 up the Settings sub0ey( To do this. ri'ht+clic0 Settings. clic0 :1port. type a file name in the 8ile name bo1. and then clic0 Save( B( *nder the Settings sub0ey. delete the follo,in' sub0eys( %To delete a sub0ey. ri'ht+ clic0 the sub0ey. clic0 6elete. and then clic0 0es to confirm(& DEeb8F""E-G"G8-Ea0"-8b8d-2b"02eFEeEb2H DGCF0"Cd8-0ECF-Ec0I-F<eC-c"Icb2F0cCd0H

:( Close "e'istry Editor( =( "efresh the T Web #ccess Web pa'e( The T Web #ccess Web pa'e should display correctly( %ote Cependin' on your -nternet E1plorer security settin's. you may recei!e a ,arnin' messa'e on the -nternet E1plorer -nformation bar that as0s if you ,ant to allo, the add+on to run( -f you recei!e the messa'e. clic0 the messa'e line. and then clic0 Run ActiveB Control( When you do this. you may see a security ,arnin'( Ma0e sure that the publisher for the #cti!eE control is MMicrosoft CorporationM before you clic0 Run(

6eploy RemoteApp programs t roug "ile s aring or ot er distribution met ods

/ou can deploy "emote#pp pro'rams to users by ma0in' (rdp files or Windo,s -nstaller pac0a'es a!ailable from a file share or throu'h other distribution mechanisms( /ou can use T "emote#pp Mana'er to create the (rdp files or Windo,s -nstaller pac0a'es from "emote#pp pro'rams that are in the RemoteApp 5rograms list(

Create an 'rdp "ile "rom a RemoteApp program

/ou can use the "emote#pp Wi3ard to create an (rdp file from any pro'ram in the RemoteApp 5rograms list( To create an 'rdp "ile 8( tart T "emote#pp Mana'er( To do this. clic0 Start. point to Administrative Tools. point to Terminal Services. and then clic0 TS RemoteApp /anager( 2( -n the RemoteApp 5rograms list. clic0 the pro'ram that you ,ant to create an (rdp file for( To select multiple pro'rams. press and hold the CT"L 0ey ,hen you clic0 each pro'ram name( 9( -n the Actions pane for the pro'ram or selected pro'rams. clic0 Create 'rdp "ile(
26

%ote -f you selected multiple pro'rams. the settin's described in the rest of this procedure apply to all of the selected pro'rams( # separate (rdp file is created for each pro'ram( B( Hn the Welcome to t e Remote App Wi7ard pa'e. clic0 %e1t( :( Hn the Speci"y 5ac.age Settings pa'e. do the follo,in': a( -n the :nter t e location to save t e pac.ages bo1. accept the default location or clic0 (rowse to specify a ne, location to sa!e the (rdp file( b( -n the Terminal server settings area. clic0 C ange to modify the terminal ser!er or farm name. the "CP port number. and the Re$uire server aut entication settin'( %Jor more information about these settin's. see Confi'ure terminal ser!er settin's(& When you are finished. clic0 +&( c( -n the TS Gateway settings area. clic0 C ange to modify or to confi'ure ,hether clients ,ill use a T 7ate,ay ser!er to connect to the tar'et terminal ser!er across a fire,all( %Jor more information about these settin's. see Confi'ure T 7ate,ay settin's(& When you are finished. clic0 +&( %ote Jor more information about T 7ate,ay. see the T 7ate,ay tep+by+ tep 7uide %http:66'o(microsoft(com6f,lin06;Lin0-dG8:852&( d( To di'itally si'n the (rdp file. in the Certi"icate Settings section. clic0 C ange to select or to chan'e the certificate to use( elect the certificate that you ,ant to use. and then clic0 +&( %Jor more information about these settin's. see Confi'ure di'ital si'nature settin's %optional&(& =( When you are finished. clic0 %e1t( 5( Hn the Review Settings pa'e. clic0 8inis ( When the ,i3ard is finished. the folder ,here the (rdp file ,as sa!ed opens in a ne, ,indo,( /ou can confirm that the (rdp file ,as created(

Create a Windows !nstaller pac.age "rom a RemoteApp program

/ou can use the "emote#pp Wi3ard to create a Windo,s -nstaller %(msi& pac0a'e from any pro'ram in the RemoteApp 5rograms list( To create a Windows !nstaller pac.age 8( tart T "emote#pp Mana'er( To do this. clic0 Start. point to Administrative Tools. point to Terminal Services. and then clic0 TS RemoteApp /anager( 2( -n the RemoteApp 5rograms list. clic0 the pro'ram that you ,ant to create a Windo,s -nstaller pac0a'e for( To select multiple pro'rams. press and hold the CT"L 0ey ,hen you clic0 each pro'ram name( 9( -n the Actions pane for the pro'ram or selected pro'rams. clic0 Create Windows
27

!nstaller pac.age( %ote -f you selected multiple pro'rams. the settin's described in the rest of this procedure apply to all of the selected pro'rams( # separate Windo,s -nstaller pac0a'e is created for each pro'ram( B( Hn the Welcome to t e RemoteApp Wi7ard pa'e. clic0 %e1t( :( Hn the Speci"y 5ac.age Settings pa'e. do the follo,in': a( -n the :nter t e location to save t e pac.ages bo1. accept the default location or clic0 (rowse to specify a ne, location to sa!e the Windo,s -nstaller pac0a'e( b( -n the Terminal server settings area. clic0 C ange to modify the terminal ser!er or farm name. the "CP port number. and the Re$uire server aut entication settin'( %Jor more information about these settin's. see Confi'ure terminal ser!er settin's(& When you are finished. clic0 +&( c( -n the TS Gateway settings area. clic0 C ange to modify or to confi'ure ,hether clients ,ill use a T 7ate,ay ser!er to connect to the tar'et terminal ser!er across a fire,all( %Jor more information about these settin's. see Confi'ure T 7ate,ay settin's(& When you are finished. clic0 +&( %ote Jor more information about T 7ate,ay. see the T 7ate,ay tep+by+ tep 7uide %http:66'o(microsoft(com6f,lin06;Lin0-dG8:852&( d( To di'itally si'n the file. in the Certi"icate Settings section. clic0 C ange to select or to chan'e the certificate to use( elect the certificate that you ,ant to use. and then clic0 +&( %Jor more information about these settin's. see Confi'ure di'ital si'nature settin's %optional&(& =( When you are finished. clic0 %e1t( 5( Hn the Con"igure 6istribution 5ac.age pa'e. do the follo,in': a( -n the S ortcut icons area. specify ,here the shortcut icon for the pro'ram ,ill appear on client computers( b( -n the Ta.e over client e1tensions area. confi'ure ,hether to ta0e o!er client file name e1tensions for the pro'ram( -f you associate the file name e1tensions on the client computer ,ith the "emote#pp pro'ram. all file name e1tensions that are handled by the pro'ram on the terminal ser!er ,ill also be associated on the client computer ,ith the "emote#pp pro'ram( Jor e1ample. if you add Microsoft Word as a "emote#pp pro'ram. and you confi'ure the option to ta0e o!er client file name e1tensions. any file name e1tensions on the client computer that Word ta0es o!er ,ill be associated ,ith "emote Word( This means that any e1istin' pro'ram on the client computer ,ill no lon'er handle file name e1tensions such as (doc and (dot( Iote that users are not prompted ,hether the terminal ser!er should ta0e o!er file e1tensions for the pro'ram( To !ie, ,hat file name e1tensions are associated ,ith a pro'ram on the terminal
28

ser!er. clic0 Start. clic0 Control 5anel. and then double+clic0 6e"ault 5rograms( Clic0 Associate a "ile type or protocol wit a program to !ie, the file name e1tensions and their default associated pro'ram( Caution Co not install Windo,s -nstaller pac0a'es that ,ere created ,ith this settin' enabled on the terminal ser!er itself( -f you do. clients that use the Windo,s -nstaller pac0a'e may not be able to start the associated "emote#pp pro'ram( 8( #fter you ha!e confi'ured the properties of the distribution pac0a'e. clic0 %e1t( @( Hn the Review Settings pa'e. clic0 8inis ( When the ,i3ard is finished. the folder ,here the Windo,s -nstaller pac0a'e ,as sa!ed opens in a ne, ,indo,( /ou can confirm that the Windo,s -nstaller pac0a'e ,as created(

/a.e RemoteApp programs available "rom t e !nternet

Fy usin' T "emote#pp to'ether ,ith T 7ate,ay. you can enable users to connect from the -nternet to indi!idual pro'rams on a terminal ser!er ,ithout ha!in' to first establish a !irtual pri!ate net,or0 %API& connection( %#lternati!ely. if you do not ,ant to deploy T 7ate,ay. you can ma0e "emote#pp pro'rams a!ailable throu'h a API solution(& Cependin' on the deployment method that you choose. remote users can connect to a pro'ram by openin' an (rdp file. by clic0in' a shortcut to a Windo,s -nstaller pac0a'e on their des0top or Start menu. or by accessin' a "emote#pp pro'ram on a Web pa'e throu'h T Web #ccess( To ma0e "emote#pp pro'rams a!ailable from the -nternet throu'h T 7ate,ay. follo, these steps: 8( Ensure that you meet the follo,in' prere<uisites: /ou must ha!e already deployed "emote#pp pro'rams on the terminal ser!er( -f you ,ant to ma0e "emote#pp pro'rams a!ailable from the -nternet throu'h T Web #ccess. you must ha!e successfully deployed T Web #ccess in an intranet en!ironment( 2( "e!ie, the T 7ate,ay tep+by+ tep 7uide %http:66'o(microsoft(com6f,lin06; Lin0-dG8:852&( 9( Jollo,in' the procedures in the T 7ate,ay tep+by+ tep 7uide. deploy and confi'ure T 7ate,ay( When you do so. ma0e sure that you do the follo,in': a( Create a Terminal er!ices connection authori3ation policy %T C#P& to define the list of user 'roups that can connect to the terminal ser!ers that host the "emote#pp pro'rams( Jor more information. see the MCreate a T C#P for the T 7ate,ay ser!erM section of the T 7ate,ay tep+by+ tep 'uide(

29

b( Create a Terminal er!ices resource authori3ation policy %T "#P& that pro!ides access to the terminal ser!ers that host the "emote#pp pro'rams( When you create the T "#P. add the user 'roups that you defined in the T C#P( #lso. create a ne, T 7ate,ay+mana'ed computer 'roup that contains both the IetF-H names and the fully <ualified domain names %JQCIs& of the terminal ser!ers that host the "emote#pp pro'rams( %ote -f you are usin' a terminal ser!er farm. specify the name of the farm. and not the indi!idual farm members( Jor more information. see the MCreate a T "#P and specify computers that users can connect to throu'h the T 7ate,ay ser!erM section of the T 7ate,ay tep+by+ tep 7uide( B( Confi'ure T 7ate,ay settin's in T "emote#pp Mana'er %either in the 'lobal deployment settin's or ,hen you create an (rdp file or Windo,s -nstaller pac0a'e&( When you do so. ma0e sure that you specify the JQCI of the T 7ate,ay ser!er( When you confi'ure 'lobal deployment settin's. the chan'es ,ill be reflected immediately on the T Web #ccess Web site( %ote -f you ha!e pre!iously created (rdp files and Windo,s -nstaller pac0a'es. the ne, settin's ,ill not be reflected in those pac0a'es( /ou must create ne, pac0a'es ,ith the correct settin's. and then distribute them to users( :( To allo, -nternet access to "emote#pp pro'rams throu'h T Web #ccess. confi'ure fire,all and authentication settin's( Jor more information. see Confi'ure the T Web #ccess ser!er to allo, access from the -nternet in the follo,in' section(

Con"igure t e TS Web Access server to allow access "rom t e !nternet

To allo, users to access the T Web #ccess ser!er from the -nternet throu'h T 7ate,ay. the recommended confi'uration is to place both the T 7ate,ay ser!er and the T Web #ccess ser!er in the perimeter net,or0. ,ith the terminal ser!ers that host "emote#pp pro'rams behind the internal fire,all( #lternati!ely. you can deploy T Web #ccess on the internal net,or0. and then ma0e the Web site a!ailable throu'h Microsoft -nternet ecurity and #cceleration %- #& er!er( Jor more information about Web publishin' throu'h - # er!er 200=. !isit the MPublishin' Concepts in - # er!er 200=M Web site %http:66'o(microsoft(com6f,lin06;Lin0-dG8=9:@&( -f you deploy T Web #ccess in the perimeter net,or0. you must confi'ure your fire,all to allo, Windo,s Mana'ement -nstrumentation %WM-& traffic from the T Web #ccess ser!er to the terminal ser!er( #dditionally. the T Web #ccess Web site must be confi'ured to use Windo,s authentication( Fy default. Windo,s authentication is enabled for the T Web #ccess Web site(
30

To veri"y t at Windows aut entication is enabled 8( Hn the T Web #ccess ser!er. clic0 Start. point to Administrative Tools. and then clic0 !nternet !n"ormation Services *!!S, /anager( 2( -n the left pane of -nternet -nformation er!ices %-- & Mana'er. e1pand the ser!er name. e1pand Sites. e1pand 6e"ault Web Site. and then clic0 TS( 9( -n the middle pane. under !!S. double+clic0 Aut entication( B( Ensure that Windo,s #uthentication is set to :nabled( -f it is not. ri'ht+clic0 Windows Aut entication. and then clic0 :nable( %ote -f you placed T Web #ccess in a custom Web site. you must ensure that the authentication method that is used for the Web site can map to the user)s Windo,s account( /ou can do this by usin' inte'rated Windo,s authentication on the custom Web site(

Additional in"ormation
Con"igure Server /anager and !nitial Tas.s not to run in administratorAs RemoteApp session
-f a user has administrati!e access to the terminal ser!er ,here the "emote#pp pro'rams are installed. ,hen the user starts a "emote#pp pro'ram. the er!er Mana'er tool and -nitial Confi'uration Tas0s also start in the "emote#pp session( /ou can control this beha!ior by usin' the follo,in' 7roup Policy settin's in the Computer Con"iguration;Administrative Templates;System;Server /anager node of the Local 7roup Policy Editor on the terminal ser!er: 6o not display !nitial Con"iguration Tas.s window automatically at logon /ou must enable this policy settin' to pre!ent the -nitial Confi'uration Tas0s ,indo, from openin' ,hen a user ,ith administrati!e access starts a "emote#pp session( 6o not display Server /anager automatically at logon /ou must enable this policy settin' to pre!ent er!er Mana'er from openin' ,hen a user ,ith administrati!e access starts a "emote#pp session(

Con"igure Remote 6es.top Web Connection be avior

Terminal er!ices "emote Ces0top Web Connection enables a user to connect to the des0top of a remote computer from the T Web #ccess Web site( To connect to a remote computer. the follo,in' conditions must be true: The remote computer must be confi'ured to accept "emote Ces0top connections( The user must be a member of the "emote Ces0top *sers 'roup on the remote computer(
31

# user can access "emote Ces0top Web Connection by clic0in' the Remote 6es.top tab on the T Web #ccess pa'e( #s an administrator. you can confi'ure ,hether the Remote 6es.top tab is a!ailable to users( #dditionally. you can confi'ure settin's such as ,hich T 7ate,ay ser!er to use. and the default de!ice and resource redirection options( Membership in the local Administrators 'roup. or e<ui!alent. is the minimum re<uired to complete this procedure( To con"igure Remote 6es.top Web Connection be avior 8( Hn the T Web #ccess ser!er. start -nternet -nformation er!ices %-- & Mana'er( To do this. clic0 Start. point to Administrative Tools. and then clic0 !nternet !n"ormation Services *!!S, /anager( 2( -n the left pane. e1pand the ser!er name. e1pand Sites. e1pand 6e"ault Web Site. and then clic0 TS( 9( -n the middle pane. under AS5'%:T. double+clic0 Application Settings( B( To chan'e "emote Ces0top Web Connection settin's. modify the !alues in the Application Settings pane( To confi'ure a default T 7ate,ay ser!er. double+clic0 6e"aultTSGateway. enter the fully <ualified domain name of the ser!er in the 4alue bo1 %for e1ample. server<'contoso'com&. and then clic0 +&( To specify the T 7ate,ay authentication method. double+clic0 GatewayCredentialsSource. type the number that corresponds to the desired authentication method in the 4alue bo1. and then clic0 +&( The possible !alues include: 0 G #s0 for pass,ord %ITLM& < G mart card E G #llo, user to select later To confi'ure ,hether the Remote 6es.top tab appears on the T Web #ccess pa'e. double+clic0 S ow6es.tops( -n the 4alue bo1. type true to sho, the Remote 6es.top tab. or type "alse to hide the Remote 6es.top tab( When you are finished. clic0 +&( To confi'ure default de!ice and resource redirection settin's. double+clic0 the settin' that you ,ant to modify %1Clipboard. 16riveRedirection. 15n5Redirection. 15ortRedirection. or 15rinterRedirection&( -n the 4alue bo1. type true to enable the redirection settin' by default. or type "alse to disable the redirection settin' by default. and then clic0 +&( :( When you are finished. close -- Mana'er( /our chan'es should ta0e effect immediately on the T Web #ccess Web site( -f the Web pa'e is open. refresh the pa'e to !ie, the chan'es(

32

%ote /ou can also confi'ure these settin's by modifyin' the K,indirKLWebLtsLWeb(confi' file directly by usin' a te1t editor such as Iotepad(

C ange t e install location o" t e de"ault TS Web Access Web site

Fy default. ,hen you install T Web #ccess. the T Web #ccess Web site installs to the Cefault Web ite in -- %to the 6T !irtual path&( To specify a different Web site to install T Web #ccess. you can confi'ure a different tar'et Web site in the re'istry( /ou must do this before you install the T Web #ccess role ser!ice( Caution erious problems mi'ht occur if you modify the re'istry incorrectly by usin' "e'istry Editor or by usin' another method( These problems mi'ht re<uire that you reinstall the operatin' system( Microsoft cannot 'uarantee that these problems can be sol!ed( Modify the re'istry at your o,n ris0( To c ange t e location o" t e TS Web Access Web site 8( -f you do not already ha!e -- installed. install -- ( To do this. follo, these steps: a( tart er!er Mana'er( To open er!er Mana'er. clic0 Start. point to Administrative Tools. and then clic0 Server /anager( b( *nder Roles Summary. clic0 Add Roles( c( Hn the (e"ore 0ou (egin pa'e. clic0 %e1t( d( Hn the Select Server Roles pa'e. select the Web Server *!!S, chec0 bo1. clic0 Add Re$uired 8eatures. and then clic0 %e1t( e( Hn the Web Server *!!S, pa'e. clic0 %e1t( f( Hn the Select Role Services pa'e. clic0 %e1t( '( Hn the Con"irm !nstallation Selections pa'e. clic0 !nstall( h( Hn the !nstallation Results pa'e. !erify that the installation succeeded. and then clic0 Close( 2( Clic0 Start. point to Administrative Tools. and then clic0 !nternet !n"ormation Services *!!S, /anager( 9( -n -nternet -nformation er!ices %-- & Mana'er. e1pand the ser!er name. ri'ht+clic0 Sites. and then clic0 Add Web Site( B( -n the Add Web Site dialo' bo1. add the information for the ne, Web site. such as the site name( Ensure that you do the follo,in': -n the 5 ysical pat bo1. specify the path CJ;Windows;Web. ,here MC:M represents the dri!e ,here you installed Windo,s( To not conflict ,ith the Cefault Web ite. you should either specify a different -P address in the !5 address list. or specify a port other than port 80 in the 5ort bo1( %-f
33

you specify another port. ensure that the fire,all is confi'ured to permit ?TTP or ?TTP traffic on that port. dependin' on your confi'uration(& :( When you are finished. clic0 +&( =( tart "e'istry Editor( To do this. clic0 Start. type regedit in the Start Searc bo1. and then press EITE"( 5( Locate the follo,in' re'istry sub0ey: -&:09)+CA)9/AC-!%:;S+8TWAR:;/icroso"t 8( To specify a ne, install location for the T Web #ccess Web site. do the follo,in': a( "i'ht+clic0 /icroso"t. point to %ew. and then clic0 &ey( b( Type Terminal Server Web Access as the sub0ey name. and then press EITE"( c( "i'ht+clic0 Terminal Server Web Access. point to %ew. and then clic0 String 4alue( d( Type Website as the entry name. and then press EITE"( e( "i'ht+clic0 Website. and then clic0 /odi"y( f( -n the 4alue data bo1. type the name of the Web site ,here you ,ant to install the T Web #ccess Web site %the site name that you specified in step B of this procedure&. and then clic0 +&( @( Close "e'istry Editor( 80( -nstall T Web #ccess( Jor more information. see -nstall the T Web #ccess role ser!ice earlier in this 'uide(

34