Forum Discussion
Remote Desktop Services
Hi Marius_Roma,
yes, it is considered normal for users to connect to the full desktop of the RD Session Host using the Remote Desktop Connection client (mstsc.exe). The Remote Desktop Services role allows users to access either the full desktop or individual RemoteApp programs based on the configuration and user permissions.
If you wish to restrict users to using only RemoteApp programs without full desktop access, you can follow these steps:
1. User Configuration: Navigate to User Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Remote Desktop Session Environment. Enable and configure "Start program on connection" while disabling "Always show desktop on connection".
2. AppLocker: Use AppLocker to restrict unwanted applications.
3. RemoteApp User Assignment: Consider RemoteApp User Assignment, which displays a customized list of RemoteApp programs specific to the logged-on user in RD Web Access and RemoteApp and Desktop Connections.
Introducing RemoteApp and Desktop Connections - Microsoft Community Hub
RDS 2019 Server: ways to restrict Full RDP, Allow RemoteApp only. - Microsoft Remote Desktop Services (spiceworks.com)
Introducing RemoteApp User Assignment - Microsoft Community HubPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
Hi Marius_Roma,
yes, it is considered normal for users to connect to the full desktop of the RD Session Host using the Remote Desktop Connection client (mstsc.exe). The Remote Desktop Services role allows users to access either the full desktop or individual RemoteApp programs based on the configuration and user permissions.
If you wish to restrict users to using only RemoteApp programs without full desktop access, you can follow these steps:
1. User Configuration: Navigate to User Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Remote Desktop Session Environment. Enable and configure "Start program on connection" while disabling "Always show desktop on connection".
2. AppLocker: Use AppLocker to restrict unwanted applications.
3. RemoteApp User Assignment: Consider RemoteApp User Assignment, which displays a customized list of RemoteApp programs specific to the logged-on user in RD Web Access and RemoteApp and Desktop Connections.
Introducing RemoteApp and Desktop Connections - Microsoft Community Hub
RDS 2019 Server: ways to restrict Full RDP, Allow RemoteApp only. - Microsoft Remote Desktop Services (spiceworks.com)
Introducing RemoteApp User Assignment - Microsoft Community Hub
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)