Tag Archives: collection

Windows Server 2012 R2 – Deploying Remote Desktop Services

Posted on by
Reply

KB ID 0001136 

Problem

I’ve had to do a rollout of Remote Desktop Services on Server 2012 R2, and publish it with Active Directory Federation Services and Web Application Proxy. I’m a little rusty on RDS and needed to deploy a few roles, so for my proof of concept I deployed RDS on TWO servers. Below is a run though and my notes on deploying RDS ONLY (I’ll put the links to other articles at the bottom of this post as I write them).

Solution

To save yourself some hassle, visit every server that will be in the Remote Desktop Server deployment, and add all the others into each others ‘server manager’ console.

Manage > Add Roles and Features > Next > Remote Desktop Services Installation > Next.

Standard Deployment. Note: If you choose Quick Start it puts all the roles on one server  > Next.

Session-based desktop deployment > Next.

Next.

Select the server that will host the Connection Broker Rule and add it  > Next.

Add the server that will host the Remote Desktop Web Access role > Next.

Add the server that will host the Remote Desktop Session Host role > Next.

Tick the ‘restart the destination server automatically if required’ > Deploy.

Finish. (Note: There will be a licensing error, we will address that in a minute).

In Server Manager > Remote Desktop Services > Overview > Note: There are two options yet to be configured, (shown in green). Select ‘RD Gateway’.

Add in the server that will host the RD Gateway role > Next.

Add in the public name of the RD Gateway server, this will generate a self signed certificate, (you can replace this with a proper one later).

Add.

Close

Now Add RD Licensing.

Add in the server that will host the licensing role > Next.

Add

Close

All the nodes should now be displayed..

In production you would now add your Remote Desktop Licences, If you don’t,  the whole thing will run for 120 days, (though it continues to nag you about adding licences). I’m content with the 120 day licence for my test deployment. But I will still ‘Activate’ my licensing server.

Follow the instructions

Now you need to create a ‘Collection‘, this is a group of host servers that host applications you can publish. Server Manager > Remote Desktop Services > Collection > Task > Create Session Collection.

Next.

Give the collection a name  > Next.

Add in the server(s) running the RD Host role that will be included in this collection > Next.

Select the user groups that you want to grant access to. Here Im simply using the domain users group  > Next.

If you want to deploy ‘profile disks’ enter a UNC path to the share > Next.

Create.

Close.

To actually publish applications, select the collection you just created > RemoteApp Programs > Tasks  >Publish RemoteApp Programs.

Select the applications, (or add them in if they are not displayed)  > Next.

Publish.

Note: You can change certificates from within Server Manger, but I prefer the manual approach, on the RD Gateway Server > Launch the IIS Manager > Select the server > Server Certificates.

Import > Import your publicly signed certificate, (you can use a self signed certificate but DON’T FORGET your remote client needs to be able to check your CRL, and trust your issuing CA if you do).

Sites > Default Web Site > Edit Bindings.

Select ‘https’ > Edit > Add in your certificate > OK > Close.

Bounce the services with an ‘iisreset‘ command.

Update 070316 You also will need to restart the Remote Desktop Services Service!

Connect to the server on the https://{FQDN}/RDWeb address, and you can check the correct certificate is used.

You should now be able to log into Remote Desktop Services Web Access.

Related Articles, References, Credits, or External Links

Server 2008 R2 Install and Configure Remote Desktop Services (Web Access)

Publishing Remote Desktop Services With Web Application Gateway

Deploy ODBC Settings via Group Policy

Posted on by

KB ID 0000805 

Problem

I’ve briefly mentioned this before when I wrote about Group Policy Preferences so when I had to do this on-site this week, I jumped straight into the group policy management console, and found that because my ODBC connection was using SQL authentication (with the SQL sa account), this would NOT WORK, (it only works with Windows authentication and even then it needs a tweak). If you are using SQL authentication jump down to the bottom of the article.

Solution

NOTE: Below I’m dealing with user DSN ODBC connections, so I’m looking at User Policies, if you want to send out Machine DSN ODBC connections then you need to be looking at Computer Policies.

Deploy ODBC Settings via Group Policy Preferences (Windows Authentication)

The GPP is pretty easy to locate you will find it in;

[box]

User Configuration > Preferences > Control Panel Settings > Data Sources

OR

Computer Configuration > Preferences > Control Panel Settings > Data Sources

[/box]

However you will find there is a bug in the system which means it does not deploy.

ODBC Settings fail to Deploy via GPO

1. Locate the ODBC connection that you are trying to deploy > right click > Copy.

2. Right click your desktop and ‘paste’ > You will get an XML file > Open it with notepad > Delete the username and the cpassword information > Save the file.

3. Then delete the original ODBC file from your group policy.

4. Drag the XML file into the policy, in its place > Select ‘Yes’ to import it.

WARNING: Do not open its settings/properties from this point forward, or it will break again.

Getting ODBC Settings from a Clients Registry

1. You may wish to locate and extract the ODBC settings from a working client, you can locate the settings in a working client machines registry and simply export them so you can import them on a target machine, or deploy them via GPP or logon script.

[box]

User DSN's
Computer>HKEY_CURRENT_USER>Software>ODBC>ODBC.INI
Machine DSN's 
Computer>HKEY_LOCAL_MACHINE>Software>ODBC>ODBC.INI

[/box]

2. Simply right click the key that corresponds to the ‘name’ of the ODBC connector that you wish to export, > right click > Export > Save.

Deploy ODBC Settings via Group Policy Preferences (SQL Authentication)

In this example I’ve merged the ODBC connection details into the registry, you could just as easily set them up manually, as long as they exist, either on the machine you are creating the policy on, or another machine you have ‘remote registry’ rights to.

1. Create or edit a group policy and navigate to;

[box]User Configuration > Preferences > Windows Settings > Registry > Collection
[/box]

Select New > Registry Wizard.

2. Select where you want to collect the registry information from > Next.

3. Navigate to;

[box]

User DSN's
Computer>HKEY_CURRENT_USER>Software>ODBC>ODBC.INI
Machine DSN's 
Computer>HKEY_LOCAL_MACHINE>Software>ODBC>ODBC.INI

[/box]

Select the OBDC name that corresponds to the one you want to collect, then select all the settings within that key > Finish.

4. The finished GPP should look like this > Close the policy editor.

 

Related Articles, References, Credits, or External Links

NA