I was asked recently about Remote Desktop Protocol and how best to create a cheaper “Citrix-esque” way of hosting applications from a Windows server, so I’ve decided to transform some of my old instructions into more digestible content.
This article assumes you have Windows XP SP3, Vista SP1+, Windows 7, or Windows 8 installed. These instructions may or may not work for Windows Server installs; I have not tested this process on those platforms.
Step 1: Change your Remote Desktop security options to allow connections without Network-Level Authentication
Go into System Properties -> Remote -> Select “Allow connections from computers running any version of Remote Desktop”
Step 2: Add the application to the Terminal Services “App Allow” List
Open the registry editor (Disclaimer: The registry editor has the power to brick your Windows install when used incorrectly. Be careful.)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList
Under the “Applications” key of “TSAppAllowList” (which you can create if it’s not there), create a new key with some arbitrary name. The only requirement for the name is that it is unique within the children of the “Applications” key.
This new key, which I’ll just call “Notepad” for simplicity, must have two string values in it: “Name” and “Path”. “Name” is the name by which we will refer to the application later when configuring the client, and “Path” is the path to the application on the server.
Step 3: Enable the List
In the registry editor, look back at the “TSAppAllowList” key. In this key, there should be a REG_DWORD value named “fDisabledAllowList”. Set this to 1. If it doesn’t exist, create it.
Step 4: Create the RDP Configuration (Optional if you have an existing configuration)
Unless you already have an RDP configuration file handy, open up “mstsc” and configure as much of your connection as possible. Then, go to the first, “General”, tab, and click “Save As” to save a .RDP file to your computer. (If you can’t see any tabs, click “Options” at the bottom of the window.
Step 5: Modify the RDP Configuration
Scroll down in the RDP Configuration file until you find the line that starts with “remoteapplicationmode”. This will likely read “remoteapplicationmode:i:0”. Change this to “remoteapplicationmode:i:1”.
Below this, add the following lines:
remoteapplicationprogram:s:Notepad (replace "Notepad" with the content of the "Name" key used when adding the item to the "Applications" registry key on the server) disableremoteappcapscheck:i:1 alternate shell:s:rdpinit.exe
Step 6: Additional Touch-Ups
There are two things that may warrant changing, depending on your use case:
- When closing the application, the session on the server does not terminate with it. To fix this, on the guest’s operating system, edit the group policy with gpedit.msc and go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Session Host -> Session Time Limits. Set the “Set time limit for disconnected sessions” item to “Enabled”, and give it an appropriate timeout. (1-2 minutes is usually fine)
- When using multiple monitors on the guest, the application will bind itself to the monitor on which the RDP connection opens. In order to be able to move the application to different monitors on the guest, add the line “multimon:i:1” to the RDP configuration file.