[THIN] Re: Win2012 RDS - digitally sign a RemoteApp?
- From: Michael Leone <oozerdude@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Mon, 21 Oct 2013 14:38:11 -0400
Anyone? I am trying to use a Win2012 RDS server with RemoteApps, in a
Win2008 R2 AD forest/domain. I would like to either sign my RemoteApp,
or push out the default connection URL via GPO. However, all the links
I am finding speak of a GPO setting called "“RemoteApp and Desktop
Connections”", which I do not have on my GPO list. I only have "Remote
Desktop Connection Client", which does not have a key to "Specify
default connection URL".
I need a way to push out the connection URL via GPO, and also to make
it so that my clients don't get prompted to run an untrusted
RemoteApp. And none of the MS TechNet articles I am finding are
showing me that. They either assume a Win2012 AD (judging from the
extra GPO settings), or list Win2008 RDS settings (such as using
RemoteApp Manager to sign an app) that don't exist on my Win2012 RDS
server.
Can anyone assist in this?
Thanks
On Fri, Oct 18, 2013 at 1:04 PM, Michael Leone <oozerdude@xxxxxxxxx> wrote:
> I have set up a couple of Win2012 servers with RDS - one session
> host, one web access host. (these are virtual machines, running on
> VMware ESXi 5.1). I have published some apps (following example web
> tutorials, I have published WordPad, NotePad, etc as RemoteApps). When
> accessing this server with a web browser and log in, and then clicking
> on one of these RemoteApps, I get a warning:
>
> A website is trying to run a RemoteApp program. The publisher of this
> RemoteApp program can't be identified.
>
> All the tutorials I've found speak of Win2008 R2, and using the
> RemoteApp Manager program to digitally sign an app. However, this
> apparently doesn't exist anymore in Win 2012, and I haven't been able
> to determine what has replaced it. I have found references to 3 GPO
> settings I can change, to trust unsigned apps, but nothing on how to
> actually sign the app itself.
>
> Can anyone point out where I am going wrong, and what the path to the
> right way is? :-) I can probably make those 3 GPO changes, but if
> there's another way, I'd prefer that. Each of my Win2012 servers has
> our own self-published certificates, if that is what is needed to sign
> an app. Or I can create a cert to use to sign the app (we have our own
> Linux box, with our own Certificate Authority set up).
>
> Thanks. Soon I will have the (what will be the actual production) app
> I will be using. (this is all a proof-of-concept, at the moment. When
> it's ready, I will make an actual test environment. Then a production
> environment).
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
