[THIN] Re: Win2012 RDS RD Web Access - Allow Active X installation - GPO setting?
- From: Michael Leone <oozerdude@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 11 Feb 2014 09:30:30 -0500
As it turns out:
In my case, the root CA was added as a trusted root authority via GPO
(I used self-signed certs from a Linux CA, not an MS CA).
In the IE Trusted sites, we have *.,my-local.domain, so all local
sites are trusted.
And - most importantly, I think - I have the thumbprint of the domain
certificate I installed on my RD Web Access server listed as a
"trusted thumbprint" in the GPO
"The setting is located under:
Computer Configuration\Policies\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop Connection Client
Setting:
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers"
<
http://morgansimonsen.wordpress.com/2011/03/21/sha1-thumbprints-for-trusted-rdp-publishers/
>
Once I did all 3, I was not prompted to install the Active X control.
Nor was I prompted when running my published RemoteApps. So that is
looking good ...
On Fri, Feb 7, 2014 at 9:41 AM, Greg Reese <gareese@xxxxxxxxx> wrote:
> my past experience with this was a couple years ago and the answer from MS
> was that the user must explicitly choose to allow and there is no turning it
> off. It will present to the user at least once, after that it is fine.
>
>
> On Fri, Feb 7, 2014 at 8:37 AM, Raffensberger, Stephen D
> <sraffens@xxxxxxxxxxx> wrote:
>>
>> Wow. I thought all kinds of people who know more than I do would have
>> chimed in by now.
>> My only suggestion is to make sure that https://rds-server-FQDN is in the
>> users' IE trusted sites zone.
>>
>>
>> Steve Raffensberger
>> Citrix Administrator
>> Produban US
>> sraffens@xxxxxxxxxxx
>>
>> -----Original Message-----
>> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
>> Behalf Of Michael Leone
>> Sent: Thursday, February 06, 2014 3:42 PM
>> To: thin@xxxxxxxxxxxxx; ntsysadm@xxxxxxxxxxxxxxxxxxx
>> Subject: [THIN] Win2012 RDS RD Web Access - Allow Active X installation -
>> GPO setting?
>>
>> I'm having a devil of a time trying to figure this out. We are preparing
>> to roll out Windows 2012 RDS; we are going to be using published RemoteApps
>> to our users in their web browsers. However, the first time a user accesses
>> the site, they are prompted to run an Active X control "Microsoft Remote
>> Desktop Services Web Access Control". I am trying to set our Group Policy to
>> allow the automatic installation of this particular Active X control. And I
>> can't seem to figure out what settings to change.
>>
>> I've looked at "Computer, Administrative Templates, Windows
>> Components,Active X Installer Service". I enabled "Approved Installation
>> Sites", and put in the URL of "https://rds-server-FQDN/RDWeb";, and value
>> "2,2,1,0". This should allow the installation (I thought) of this control.
>> Turns out, the user is still being prompted.
>>
>> Anybody know what else I have to enable, so my user isn't prompted to
>> install the Active X control, and it just installs automatically? Just the
>> controls from my one site should be allowed.
>>
>> Thanks
>> ************************************************
>> For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
>> mode use the below link:
>> //www.freelists.org/list/thin
>> ************************************************
>>
>> We recently changed our email addresses to reflect the Bank's new name,
>> Santander. Please update your records accordingly.
>> This message contains information which may be confidential and
>> privileged. Unless you are the addressee (or authorized to receive for the
>> addressee), you may not use, copy or disclose to anyone the message or any
>> information contained in the message. If you have received the message in
>> error, please advise the sender by reply e-mail, and delete or destroy the
>> message. Thank you.
>> ________________________________
>>
>> P Please consider the environment before printing this email
>>
>>
>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
