As it turns out: In my case, the root CA was added as a trusted root authority via GPO (I used self-signed certs from a Linux CA, not an MS CA). In the IE Trusted sites, we have *.,my-local.domain, so all local sites are trusted. And - most importantly, I think - I have the thumbprint of the domain certificate I installed on my RD Web Access server listed as a "trusted thumbprint" in the GPO "The setting is located under: Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client Setting: Specify SHA1 thumbprints of certificates representing trusted .rdp publishers" < http://morgansimonsen.wordpress.com/2011/03/21/sha1-thumbprints-for-trusted-rdp-publishers/ > Once I did all 3, I was not prompted to install the Active X control. Nor was I prompted when running my published RemoteApps. So that is looking good ... On Fri, Feb 7, 2014 at 9:41 AM, Greg Reese <gareese@xxxxxxxxx> wrote: > my past experience with this was a couple years ago and the answer from MS > was that the user must explicitly choose to allow and there is no turning it > off. It will present to the user at least once, after that it is fine. > > > On Fri, Feb 7, 2014 at 8:37 AM, Raffensberger, Stephen D > <sraffens@xxxxxxxxxxx> wrote: >> >> Wow. I thought all kinds of people who know more than I do would have >> chimed in by now. >> My only suggestion is to make sure that https://rds-server-FQDN is in the >> users' IE trusted sites zone. >> >> >> Steve Raffensberger >> Citrix Administrator >> Produban US >> sraffens@xxxxxxxxxxx >> >> -----Original Message----- >> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On >> Behalf Of Michael Leone >> Sent: Thursday, February 06, 2014 3:42 PM >> To: thin@xxxxxxxxxxxxx; ntsysadm@xxxxxxxxxxxxxxxxxxx >> Subject: [THIN] Win2012 RDS RD Web Access - Allow Active X installation - >> GPO setting? >> >> I'm having a devil of a time trying to figure this out. We are preparing >> to roll out Windows 2012 RDS; we are going to be using published RemoteApps >> to our users in their web browsers. However, the first time a user accesses >> the site, they are prompted to run an Active X control "Microsoft Remote >> Desktop Services Web Access Control". I am trying to set our Group Policy to >> allow the automatic installation of this particular Active X control. And I >> can't seem to figure out what settings to change. >> >> I've looked at "Computer, Administrative Templates, Windows >> Components,Active X Installer Service". I enabled "Approved Installation >> Sites", and put in the URL of "https://rds-server-FQDN/RDWeb";, and value >> "2,2,1,0". This should allow the installation (I thought) of this control. >> Turns out, the user is still being prompted. >> >> Anybody know what else I have to enable, so my user isn't prompted to >> install the Active X control, and it just installs automatically? Just the >> controls from my one site should be allowed. >> >> Thanks >> ************************************************ >> For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation >> mode use the below link: >> //www.freelists.org/list/thin >> ************************************************ >> >> We recently changed our email addresses to reflect the Bank's new name, >> Santander. Please update your records accordingly. >> This message contains information which may be confidential and >> privileged. Unless you are the addressee (or authorized to receive for the >> addressee), you may not use, copy or disclose to anyone the message or any >> information contained in the message. If you have received the message in >> error, please advise the sender by reply e-mail, and delete or destroy the >> message. Thank you. >> ________________________________ >> >> P Please consider the environment before printing this email >> >> > ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************