Customizing Remote Desktop Web Access by Using Windows Sharepoint Services Step- By-Step Guide

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Step- by-Step Guide

Microsoft Corporation Published: July 2009 Updated: September 2009

Abstract Remote Desktop Web Access (RD Web Access) is a role service in the Windows Server® 2008 R2 operating system that enables users to access RemoteApp programs, session- based desktops, or virtual desktops from a Web site. By default, the RD Web Access Web site enables you to point to a single Remote Desktop Session Host (RD Session Host) server or to a single RD Session Host server farm to populate the list of RemoteApp programs that appear on the site. If you have multiple RD Session Host servers or multiple RD Session Host server farms, you can use Windows® SharePoint® Services to create a single Web access point for RemoteApp programs, session-based desktops, or virtual desktops.

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, and is the confidential and proprietary information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the recipient and Microsoft. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Active Directory, RemoteApp, Windows, and Windows Server are trademarks of the Microsoft group of companies.

All other trademarks are property of their respective owners.

Contents

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Step-by-Step Guide ...... 5 About this guide ...... 5 What this guide does not provide ...... 5 Technology review ...... 6 Scenario: Customizing Remote Desktop Web Access by Using Windows SharePoint Services in a test environment ...... 6

Step 1: Setting Up the Contoso Domain ...... 7 Configure the RD Web Access server (RDWA-SRV) ...... 8 Configure RemoteApp ...... 11

Step 2: Configuring Windows SharePoint Services ...... 12 Register the Web Part's assembly and namespace as a Safe Control ...... 12 Create folders to store the Web Part image files ...... 13 Add the Web Part to the default Windows SharePoint Services site ...... 14 Add Morgan Skinner to the Team Site Members group ...... 14

Step 3: Verifying Customization of Remote Desktop Web Access ...... 15

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Step- by-Step Guide

About this guide This step-by-step guide walks you through the process of setting up a working RemoteApp source accessible by using Remote Desktop Web Access (RD Web Access) in a test environment. During this process, you will create a test deployment that includes the following: An RD Web Access server This guide assumes that you previously completed the Installing Remote Desktop Session Host Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=147292), and that you have already deployed the following (if you have previously configured the computers in the Installing Remote Desktop Session Host Step-by-Step Guide, you should repeat the steps in that guide with new installations): An RD Session Host server A Remote Desktop Connection client computer An Active Directory domain controller As you complete the steps in this guide, you will: Set up the necessary servers in the CONTOSO domain. Customize RD Web Access. Verify that your customized version of RD Web Access is functioning correctly. The goal of customizing RD Web Access is to provide users with a customized Web portal specific to your organization. Additionally, you can use Windows® SharePoint® Services to integrate RD Web Access into an existing Windows SharePoint site.

What this guide does not provide This guide does not provide the following: Installing Windows SharePoint Services as a Web front-end server for a Windows SharePoint Services farm. For more information about farm configuration, see the article "Deploy a simple farm on the Windows Server 2008 operating system (Windows SharePoint Services)" in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=106516). An overview of Remote Desktop Services. Guidance for setting up Active Directory Domain Services or an RD Session Host server. For more information, see the Installing Remote Desktop Session Host Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=147292). For a downloadable version of this

document, see the Installing Remote Desktop Session Host Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=147293) in the Microsoft Download Center. Guidance for customizing RD Web Access by using Windows SharePoint Services in a production environment. Complete technical reference for Remote Desktop Services.

Technology review RD Web Access is a role service in the Windows Server 2008 R2 operating system that enables users to access RemoteApp programs, session-based remote desktops, or virtual desktops from Web sites. By default, the RD Web Access Web site enables you to point to RD Session Host servers or RD Session Host server farms to populate the list of RemoteApp programs that appear on the site. If you have multiple RD Session Host servers or multiple RD Session Host server farms, you can create a single Web access point for RemoteApp programs, session-based remote desktops, and virtual desktops.

Scenario: Customizing Remote Desktop Web Access by Using Windows SharePoint Services in a test environment We recommend that you first use the steps provided in this guide in a test lab environment. Step- by-step guides are not necessarily meant to be used to deploy Windows Server® features without additional deployment documentation and should be used with discretion as a stand-alone document. Upon completion of this step-by-step guide, you will have customized an RD Web Access Web portal that is using Windows SharePoint Services. You can then test and verify this functionality by opening the Web portal as a standard user. The test environment described in this guide includes four computers connected to a private network using the following operating systems, applications, and services.

Computer name Operating system Applications and services

CONTOSO-DC Windows Server 2008 R2 Active Directory Domain Services (AD DS), DNS

RDSH-SRV Windows Server 2008 R2 RD Session Host

CONTOSO-CLNT Windows® 7 Remote Desktop Connection

RDWA-SRV Windows Server 2008 R2 RD Web Access

The computers form a private network and are connected through a common hub or Layer 2 switch. This step-by-step exercise uses private addresses throughout the test lab configuration.

The private network ID 10.0.0.0/24 is used for the network. The domain controller is named CONTOSO-DC for the domain named contoso.com. The following figure shows the configuration of the test environment.

Step 1: Setting Up the Contoso Domain

To customize your RD Web Access test environment in the CONTOSO domain, you must complete the following tasks: Configure the RD Web Access server (RDWA-SRV). Use the followings table as a reference when setting up the appropriate computer names, operating systems, and network settings that are required to complete the steps in this guide.

Important Before you configure your computers with static Internet Protocol (IP) addresses, we recommend that you first complete Windows product activation while each of your computers still has Internet connectivity. You should also install any available critical security updates from Windows Update (http://go.microsoft.com/fwlink/?LinkID=47370).

Computer name Operating system IP settings DNS settings requirement

CONTOSO-DC Windows IP address: Configured by DNS Server 2008 R2 10.0.0.1 server role Subnet mask: 255.255.255.0 Default gateway:

Computer name Operating system IP settings DNS settings requirement 10.0.0.1

RDSH-SRV Windows IP address: Preferred: Server 2008 R2 10.0.0.2 10.0.0.1 Subnet mask: 255.255.255.0 Default gateway: 10.0.0.1

CONTOSO-CLNT Windows 7 IP address: Preferred: 10.0.0.3 10.0.0.1 Subnet mask: 255.255.255.0 Default gateway: 10.0.0.1

RDWA-SRV Windows IP address: Preferred: Server 2008 R2 10.0.0.6 10.0.0.1 Subnet mask: 255.255.255.0 Default gateway: 10.0.0.1

Configure the RD Web Access server (RDWA-SRV) To configure the RD Web Access server by using Windows Server 2008 R2, you must: Install Windows Server 2008 R2. Configure TCP/IP properties. Join RDWA-SRV to the contoso.com domain. Install the RD Web Access role service. Install .NET Framework 3.5. Install Windows SharePoint Services. First, install Windows Server 2008 R2 on a stand-alone server.

To install Windows Server 2008 R2 1. Start your computer by using the Windows Server 2008 R2 product CD.

2. When prompted for a computer name, type RDWA-SRV. 3. Follow the rest of the instructions that appear on your screen to finish the installation. Next, configure TCP/IP properties so that RDWA-SRV has an IPv4 static IP address of 10.0.0.6.

To configure TCP/IP properties 1. Log on to RDWA-SRV with the RDWA-SRV\Administrator account. 2. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, click Change adapter settings, right-click Local Area Connection, and then click Properties. 3. On the Networking tab, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 4. Click Use the following IP address. In the IP address box, type 10.0.0.6. In the Subnet mask box, type 255.255.255.0. In the Default gateway box, type 10.0.0.1. 5. Click Use the following DNS server addresses. In the Preferred DNS server box, type 10.0.0.1. 6. Click OK, and then close the Local Area Connection Properties dialog box. Next, join RDWA-SRV to the contoso.com domain.

To join RDWA-SRV to the contoso.com domain 1. Click Start, right-click Computer, and then click Properties. 2. Under Computer name, domain, and workgroup settings, click Change settings. 3. On the Computer Name tab, click Change. 4. In the Computer Name/Domain Changes dialog box, under Member of, click Domain, and then type contoso.com. 5. Click More, and in the Primary DNS suffix of this computer box, type contoso.com. 6. Click OK, and then click OK again. 7. When a Computer Name/Domain Changes dialog box appears prompting you for administrative credentials, provide the credentials for CONTOSO\Administrator, and then click OK. 8. When a Computer Name/Domain Changes dialog box appears welcoming you to the contoso.com domain, click OK. 9. When a Computer Name/Domain Changes dialog box appears telling you that the computer must be restarted, click OK, and then click Close. 10. Click Restart Now. Next, install the RD Web Access role service by using Server Manager.

To install the RD Web Access role service

1. Log on to RDWA-SRV as CONTOSO\Administrator. 2. Click Start, point to Administrative Tools, and then click Server Manager. 3. Under the Roles Summary heading, click Add Roles. 4. On the Before You Begin page, click Next. 5. On the Select Server Roles page, select the Remote Desktop Services check box, and then click Next. 6. On the Remote Desktop Services page, click Next. 7. On the Select Role Services page, select the Remote Desktop Web Access check box. 8. Review the information about adding Web Server (IIS) and the Remote Server Administration Tools, click Add Required Role Services, and then click Next. 9. On the Web Server (IIS) page, click Next. 10. On the Select Role Services page, click Next. 11. On the Confirm Installation Selections page, click Install. 12. After installation is complete, click Close. Next, install .NET Framework 3.5.

To install .NET Framework 3.5 1. Log on to RDWA-SRV as CONTOSO\Administrator. 2. Click Start, point to Administrative Tools, and then click Server Manager. 3. Under the Features Summary heading, click Add Features. 4. Select the .NET Framework 3.5.1 check box. 5. Click Add Required Role Services, and then click Next. 6. On the Introduction to Web Server (IIS) page, click Next. 7. On the Select Role Services page, accept the default selections by clicking Next. 8. Click Install, and then click Close. Finally, install Windows SharePoint Services. You must download Windows SharePoint Services 3.0 with Service Pack 2 (SP2) before proceeding with this procedure. Windows SharePoint Services 3.0 with SP2 is available on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=159831).

To install Windows SharePoint Services 1. Log on to RDWA-SRV as CONTOSO\Administrator. 2. Double-click SharePoint.exe. 3. On the Read the Microsoft Software License Terms page, select the I accept the terms of this agreement check box, and then click Continue.

4. Click Basic. 5. When Setup finishes, a dialog box prompts you to complete the configuration of your server. Ensure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected, and then click Close to continue. 6. On the Welcome to SharePoint Products and Technologies page, click Next. 7. When you receive a warning message about services having to be restarted, click Yes to continue. 8. On the Configuration Successful page, click Finish. 9. When you are prompted to enter your credentials to access the Windows SharePoint Services site, click Cancel, and then close Internet Explorer.

Configure RemoteApp Windows SharePoint Services displays the RemoteApp programs that are configured on the RD Session Host server. Use the following steps to configure RemoteApp: Add the RDWA computer account object to the TS Web Access Computers security group on RDSH-SRV. Add a RemoteApp program by using RemoteApp Manager. First, you must add the RDWA-SRV computer account object to the TS Web Access Computers security group on RDSH-SRV.

To add RDCB-SRV to the TS Web Access Computers group on RDSH-SRV 1. Log on to RDSH-SRV as CONTOSO\Administrator. 2. Click Start, point to Administrative Tools, and then click Computer Management. 3. Expand Local Users and Groups, and then click Groups. 4. Right-click TS Web Access Computers, and then click Add to Group. 5. Click Add. 6. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types. 7. In the Object Types dialog box, select the Computers check box, and then click OK. 8. In the Enter the object names to select box, type rdwa-srv and then click OK. 9. Click OK to close the TS Web Access Computers dialog box. Finally, you must add a RemoteApp program to RDSH-SRV by using RemoteApp Manager.

To add a RemoteApp program by using RemoteApp Manager 1. Log on to RDSH-SRV as CONTOSO\Administrator. 2. Click Start, point to Administrative Tools, point to Remote Desktop Services, and then click RemoteApp Manager.

3. In the Action pane, click Add RemoteApp Programs. 4. On the Welcome to the RemoteApp Wizard page, click Next. 5. On the Choose programs to add to the RemoteApp Program list page, select the Calculator check box, and then click Next. 6. On the Review Settings page, click Finish.

Step 2: Configuring Windows SharePoint Services

In this step, you will configure Windows SharePoint Services so that users in the CONTOSO domain can access RD Web Access by using Windows SharePoint Services. Use the following steps to configure Windows SharePoint Services: Register the Web Part's assembly and namespace as a Safe Control. Create folders to store the Web Part image files. Add the Web Part to the default Windows SharePoint Services site. Add Morgan Skinner to the Team Site Members group.

Register the Web Part's assembly and namespace as a Safe Control As a security measure, Windows SharePoint Services requires that you register the RD Web Access Web Part's assembly and namespace as a Safe Control in the Web.config file of the server. The following procedure shows how to register the Web Part's assembly as a Safe Control for Windows SharePoint Services sites that use the default port 80.

To register the Web Part's assembly and namespace as a Safe Control 1. Log on to RDWA-SRV as CONTOSO\Administrator. 2. Open an elevated command prompt. To do this, click Start, right-click Command Prompt, and then click Run as administrator. 3. At the command prompt, type notepad %Systemdrive%\inetpub\wwwroot\wss\VirtualDirectories\80\web.config and then press ENTER. 4. In the section of the Web.config file, add the following line under the other SafeControl Assembly entries (as a single line):

Namespace="Microsoft.TerminalServices.Publishing.Portal"TypeName="*" Safe="True" AllowRemoteDesigner="True" /> 5. On the File menu, click Save, and then close the file.

Note The port_number placeholder represents the random port number that the SharePoint Central Administration site is configured to use; for example, port 36950. To determine the port number, either browse to the VirtualDirectories folder, or open Internet Information Services (IIS) Manager, locate and then click the SharePoint Central Administration v3 site, click Bindings in the Actions pane, and then view the port number in the Port column. (To open IIS Manager, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.)

Create folders to store the Web Part image files The icons shown in the Web part are cached on the RD Web Access server in a folder named Images and a folder named rdp. You must create these folders and give the Network Service account full control permissions so that the icons for the RemoteApp programs show up.

To create folders to store the Web Part image files 1. Log on to RDWA-SRV as CONTOSO\Administrator. 2. Open an elevated command prompt. To do this, click Start, right-click Command Prompt, and then click Run as administrator. 3. Type mkdir "%SystemDrive%\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\TSPortalWebPart\6.1.0.0__31bf3856ad364e35\images" and then press ENTER. 4. Type mkdir "%SystemDrive%\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\TSPortalWebPart\6.1.0.0__31bf3856ad364e35\rdp" and then press ENTER. 5. Type cacls "%SystemDrive%\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\TSPortalWebPart\6.1.0.0__31bf3856ad364e35\images” /T /E /P NetworkService:F and then press ENTER. 6. Type cacls "%SystemDrive%\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\TSPortalWebPart\6.1.0.0__31bf3856ad364e35\rdp” /T /E /P NetworkService:F and then press ENTER. 7. Close the Command Prompt window.

Add the Web Part to the default Windows SharePoint Services site To add the RD Web Access Web Part to a Windows SharePoint Services site, you must first add the Web Part to the Web Part Gallery for the site. Then, you can add the Web Part and configure it to point to a specific Remote Desktop Session Host (RD Session Host) server or RD Session Host server farm. If you have multiple RD Session Host servers, you can add multiple Web Parts to the page, each pointing to a different RD Session Host server or RD Session Host server farm. Use the following procedure to add the Web part to the default Windows SharePoint Services site.

To add the Web Part to a Windows SharePoint Services site 1. Log on to RDWA-SRV as CONTOSO\Administrator. 2. In Internet Explorer, open the default Windows SharePoint Services site at the following location: http://localhost/. 3. When you are prompted, enter the account credentials for CONTOSO\Administrator, and then click OK. 4. In the upper-right corner, on the Site Actions tab, click Site Settings. 5. Under Galleries, click Web Parts. 6. Under the Web Part Gallery heading, click New. 7. Select the check box next to Microsoft.TerminalServices.Publishing.Portal.TSPortalWebPart, and then click Populate Gallery. 8. Click the Home tab. 9. On the Site Actions tab, click Edit Page. 10. Choose the location where you want to add the Web Part, and then click Add a Web Part. 11. In the Add Web Parts -- Webpage Dialog dialog box, under the All Web Parts heading, select the TSPortalWebPart check box, and then click Add. The TSPortalWebPart Web Part will appear on the page. 12. To configure the Web Part, click edit in the upper-right corner of the Web Part, and then click Modify Shared Web Part. 13. In the RD Session Host server(s) or RemoteApp and Desktop Connection Management server name box, type rdsh-srv and then click OK. 14. Click Exit Edit Mode.

Add Morgan Skinner to the Team Site Members group In order for Morgan Skinner to be able to open the default Windows SharePoint Services Web site, you must add his user account to the Team Site Members group.

To add Morgan Skinner to the Team Site Members group 1. Log on to RDWA-SRV as CONTOSO\Administrator. 2. In Internet Explorer, open the default Windows SharePoint Services site at the following location: http://localhost/. 3. When you are prompted, enter the account credentials for CONTOSO\Administrator, and then click OK. 4. In the upper-right corner, on the Site Actions tab, click Site Settings. 5. Under the Users and Permissions heading, click People and Groups. 6. Click New, and then click Add Users. 7. In the Users/Groups box, type contoso\mskinner and then click OK.

Step 3: Verifying Customization of Remote Desktop Web Access

To verify the functionality of a RemoteApp program deployment, log on as Morgan Skinner and connect to the RemoteApp program by using RD Web Access.

To connect to the Windows SharePoint Services default Web site 1. Log on to CONTOSO-CLNT as Morgan Skinner (CONTOSO\mskinner). 2. Click Start, point to All Programs, and then click Internet Explorer. 3. In the Address bar, type http://rdwa-srv.contoso.com and then press ENTER. 4. In the Domain\user name box, type CONTOSO\mskinner. 5. In the Password box, type the password that you specified for Morgan Skinner, and then click Sign in.

Note In you receive a prompt asking you to install the Microsoft Remote Desktop Services Web Access Control, click Run Add-on, and then click Run. 6. Ensure that the RD Web Access Web Part is showing on the home page of the SharePoint Web site. 7. Click Calculator, and then click Connect. 8. When prompted, enter the credentials for Morgan Skinner, and then click OK. You have successfully customized RD Web Access by using a Windows SharePoint Services Web Part and verified the functionality by navigating to the default Windows SharePoint Web site

and then connecting to Calculator. You can also use this deployment to explore some of the additional capabilities of personal virtual desktops through additional configuration and testing.