Light-electric.com

IT Журнал
16 просмотров
Рейтинг статьи
1 звезда2 звезды3 звезды4 звезды5 звезд
Загрузка...

Rd web access

Установка службы роли RD Web Access

Для установки службы роли RD Web Access выполните следующие шаги.

  1. Войдите в нужный сервер с полномочиями локального администратора.
  2. Выберите в меню Start (Пуск) пункт Run (Выполнить).
  3. В диалоговом окне Run (Запуск программы) введите Serve г Man age г .msc и щелкни­те на кнопке ОК.
  4. В разделе Roles Summary (Сводка ролей) щелкните на задаче Add Roles (Добавление ролей).
  5. После загрузки мастера Add Roles Wizard (Мастер добавления ролей) щелкните на кнопке Next (Далее).
  6. На странице Select Role Services (Выберите службы ролей) выберите роль Remote Desktop Services (Службы удаленных рабочих столов) и щелкните на кнопке Next.
  7. На странице Remote Desktop Services (Службы удаленных рабочих столов) щелкни­те на кнопке Next.
  8. На странице Select Role Services выберите только службу Remote Desktop Web Access (Веб-доступ к удаленным рабочим столам). Это единственная служба роли, установленная на данный момент.
  9. В диалоговом окне Add Role Wizard щелкните на кнопке Add Required Role Services (Добавить требуемые службы ролей); все отсутствующие службы ролей или средства, требуемые для службы роли RD Web Access, теперь будут добавлены.
  10. На странице Select Role Services щелкните на кнопке Next.
  11. На странице Web Server (IIS) (Веб-сервер (IIS)) щелкните на кнопке Next.
  12. На странице Select Role Services, не изменяя параметров, предложенных по умолча­нию, щелкните на кнопке Next.
  13. На странице Confirm Installation Selections (Подтвердите выбранные параметры ус­тановки) щелкните на кнопке Close (Закрыть).
  14. На странице Installation Results (Результаты установки) проверьте результаты и щелк­ните на кнопке Close (Закрыть).

Защита веб-доступа RD

После установки веб-доступа RD рекомендуется защитить его трафик установкой и ис­пользованием сертификата аутентификации сервера Server Authentication (SSL). Для этого прочтите раздел оперативной справки по IIS 7.0 под названием «Request an Internet Server Certificate» («Запрос сертификата для внутреннего сервера»). После выполнения запроса сертификата, его установки и привязки к веб-сайту, на котором установлена служба роли RD Web Access, этот веб-сайт нужно сконфигурировать на прием только SSL-подключений.

  • Свойства RemoteApp and Desktop Connection::

Настройка свойств RemoteApp and Desktop Connection Войдите на сервер RD Connection Broker с.

Развертывание средства RemoteApp and Desktop Connection Для развертывания средства RemoteApp and.

Установка брокера подключений к удаленным рабочим столам Для установки службы роли RD Connection.

  • Настройка поддержки принтера::

Изменение поведения драйвера принтераПо умолчанию, когда включено перенаправление принтера.

Terminal Services Server Drain modeНазываемый в Windows Server 2008 режимом «Terminal Services.

Предоставление доступа пользователям и группам Для предоставления пользователям и группам доступа.

Remote Desktop Services 2016, Standard Deployment – Part 4 – RD Web Access (Part4) – SSO & High Availability

After a very long brake we will continue with RDS 2016 and we will start with RD Web Access SSO and High Availability. You will notice that the new domain is NM.COM and that is because I am preparing things for Active Directory Domain Services and VMM 2016 posts so I decided to re-build and move RDS to this one.

RD WEB ACCESS SINGLE SIGN-ON

The purpose behind Single Sign-on is that my Windows credentials will get passed to the RD Web Access server and I won’t have to re-logon to the page. The first step we’re going to need to do is make sure there’s a trusted certificate for the RD Web Access page and for the RD Connection Broker. Then we’ll configure Group Policy, and in Group Policy we’re going to have to make a number of changes. We need to set up Credential Delegation, which is going to allow the credentials to be passed to the browser, we need to tweak Remote Desktop to make sure that it doesn’t prompt for a password, and then we’ve also got to set up Internet Explorer to tell Internet Explorer it’s allowed to pass our Windows credentials to the RD Web Access web page. Some of the configuration will be done in IIS when we change over from Forms Authentication to Windows Authentication. We’re still going to have to go through and edit the Web.config to make sure that the authentication gets changed over

  1. So the first thing that we need to do is request a certificate for the Connection Broker and add that to the list of trusted certificates. This time I am not using wildcard but will later on. (You can use wildcard)

2. Go to the Remote Desktop Web Access Service and configure IIS

Here we want to disable Anonymous Authentication and enable Windows Authentication

Even though we’ve done that, we still need to directly edit the files that are used in the RD Web Access web page.

3. Edit web.config file

C:WindowsWebRDWebPages –> Right-Click on web.config file and select edit

Now if you look, these symbols here ( Internet Control Panel and click on the Security Pages, and the first thing I want to do is edit the Site to Zone Assignment List. Only sites that are assigned to the Trusted Sites Zone are allowed to use Windows Integrated Authentication.

No go to Trusted Sites Zone and click on Logon Options end enable the policy.

Do the same for the user side and reboot the RD Web Server.
No if you start your web browser and access RD Web Access web page you will be able to access it directly.

RD WEB ACCESS HIGH AVAILABILITY

Round Robin
One way you could do it is with Round Robin. So here we can see we’ve got 2 Remote Desktop Web Access servers, RDWA01 and RDWA02. They each have their own individual IP addresses. We would go into DNS and make 2 records for RDWA.nm.com, each one pointing to the individual IP addresses of the Remote Desktop Web Access server. When the first client consults DNS, DNS sends them to the first record. Now the next client comes in, when they consult DNS, they would be sent to the second record. The third client that comes in, DNS would send them back to the first one, and it would rotate through the records, 1, 2, 1, 2, 1, 2. That’s one way to provide high availability. It’s not the most desirable way.

Network Load Balancing
A better way to do this would be to create a Network Load Balancing cluster or farm. In Network Load Balancing, each of the Web Access servers have their own individual name, RDWA01, RDWA02. They each have their own individual IP address, so very similar to Round Robin. In this case we go into DNS and create a record, and assign it the cluster IP address. It’s got to be some IP address in that range that’s not in use.
Next we install Network Load Balancing on all servers, and we give the Network Load Balancing cluster an IP address. Each of those servers will have that IP address. It’s the only time you’ll see more than one server with the same IP address. When the client consults DNS and gets referred to the cluster IP address, all of the servers receive that request, and then they figure out between them who is going to actually service the client, and with three servers they’ll split the work 2 or more ways depend on how many rdwa servers you have. The advantage of this is that each of the servers sends out something called a heartbeat every second. It’s just a packet that goes between them. If one the servers misses their heartbeat for 5 seconds, the other servers will be like, oh, RDWA01 is down, let’s split the work two or more ways, so it provides the best high availability for the client.

Читать еще:  Запись в access

Requirements
• Add additional RD Web Access Servers
• Configure DNS
• Install NLB on all RD Web Access Servers
• Create a NLB Cluster

First thing we need to do is have more than one Remote Desktop Web Access server, so let’s add one.

When you add second rd web access server be sure to go to Certificates under the deployment properties and fix the error before continuing with the configuration.
Now before we configure the servers for Network Load Balancing, let’s just take a quick look at the difference between them.
I just made a small customization so that you actually see which of the servers in the cluster are servicing the request.

OBS. In real life we want to make those servers look identical because we don’t know to whom the client will be referred, but in our case I’m leaving them different so we can see the effects of Network Load Balancing.
Our next step is to configure DNS, to set up our record for the Network Load Balancing cluster.

Next we need to install Network Load Balancing feature on all RDWA servers, in my case 2. Open Powershell as admin and run

icm -computername

(When using virtual machines, you need to make sure that you go into the properties of the network card on each virtual machine, and in the Advanced Settings enable MAC spoofing, otherwise it won’t work).
We are now ready to create NLB Cluster. It doesn’t matter on which member of the farm we create the cluster, we’re going to add both in eventually anyway.

Right-click Network Load Balancing clusters and make a new cluster.

I will specify RDWA01 as the first host in a cluster, click next

If I had multiple network adapters or multiple IP addresses, I could specify which one would be used for the cluster. Sometimes it’s recommended that you have one network card for the cluster and one network card for other traffic. That’s why you have a choice as to which network card is going to be associated with the cluster. In my case I have only one, so that’s the correct one. Click next,

now I need to provide an IP address for the cluster itself, so that’s going to be my 192.168.0.150

On this step we need to give our cluster a name (it should be the same one that you specified in DNS) and choose which operation mode we are going to use.

In Unicast mode, NLB reassigns the station MAC (media access control) address of the network adapter for which it is enabled and all cluster hosts are assigned the same MAC address. Unicast mode induces switch flooding, where all switch ports are flooded with NLB traffic, even ports to which non-NLB servers are attached.

In multicast mode each cluster host is going to keep original MAC address and it’s going to assign an additional multicast mac address to each network adapter so you will have one network adapter in server and each node in cluster will have same multicast mac address. This makes it easier for networks switches and routers that supports multicast to be able to understand how to communicate with the particular host. Multicast doesn’t really solve the network flooding problem.

IGMP multicast – this is the special form of multicast form which will prevent switches from being flooded with network traffic. When you deploy igmp traffic will be forwarded only through switch ports that participate in NLB cluster. What that means that you will need switches that supports that functionality.

In this case I really don’t care so I will use Unicast mode, but you can choose one that is working better for you. Once done click next

Now I can specify which ports the cluster will service, click edit

If all I really want to be directed to the Network Load Balancing feature on the server, I would really just specify the port range that I’m interested in, which in this case would be port 80 and port 443. I’m just going to leave it at all the ports, because I’m not trying to tweak this server to do much of anything else, but if the server had multiple roles you’d need to adjust the port rules. Multiple hosts mean that multiple hosts in the cluster will handle the traffic coming in to the ports that are governed by this rule. Single affinity means that if a client is serviced by one member of the cluster, in the future they will be serviced by that member of the cluster. Network means anybody coming in from that network ID would then continue to be serviced by that member of the cluster. In this case we want to set our affinity to None, because we want each of our RDWA servers to service requests so we can see how Network Load Balancing works. If for some reason you had one specific application that should be serviced by just one member of the cluster, that’s what single host is for. So you have five members of a cluster, they’re all doing web traffic port 80, just one of them is doing SSL. I could do a port rule for 443 that would be Single host, but in this case we want all of the hosts in the cluster to service the requests and we don’t want any particular affinity. Click none and ok  finish

Once that is done, we will add our second rdwa server. Right-click on the cluster and select Add host to cluster and click next through the wizard –> finish

Once done we are ready to go different server and test how this will work. Be sure to use cluster name rdwa.domain.com

I got prompt for the credentials because I didn’t configure nothing for the cluster

After specifying the credentials, we can see that I am on RDWA01

If I refresh the page it will take me to different one.

That’s it. Now we are ready to move to session host load balancing. There we will discuss about best practices and how to configure things when we have clients that need to connect with built-in RDP client instead of RD Web Access.

Remote Desktop HTML5 Web Client on Windows Server 2016 RDS

Despite Microsoft has been porting its RDP client to different platforms (iOS, macOS, Android, there is also a separate UWP remote desktop app for Windows 10) in the recent years, many users would like to have the remote access to RDS servers and published RemoteApps from a browser. To do it, Microsoft has been developing its HTML5-based Remote Desktop Web Client for some years. Quite recently, the first official RD Web Client version has been released. In this article we’ll look at how to install and configure the Remote Desktop Web Client, as well as use it to access RemoteApp on an RDS server running Windows Server 2016 from a browser.

Remote Desktop HTML5 Web Client Requirements

Remote Desktop Web Client is available as a feature of the RD Web Access role on RDS servers running in Windows Server 2016/2019.

Prior to RD Web Client implementation, make sure that your infrastructure meets the following requirements:

  • A deployed RDS infrastructure, including RD Gateway, RD Connection Broker and RD Web Access on Windows Server 2016/2019;
  • Per User terminal licenses (RDS CAL) are used;
  • SSL certificates issued by a trusted CA must be used on the RDS Gateway and Web Access servers (self-signed SSL certificates are not allowed);
  • Only Windows 10 or Windows Server 2008 R2 (or higher) must be used as RDP clients;
  • The update KB4025334 (July 18, 2017) or any of the subsequent cumulative update must be installed on the RDS servers.
Читать еще:  Remote desktop web access

Installing RD Web HTML5 Client on Windows Server 2016 RDS

As we have already noted, the RD Web Client version for Windows Server 2016 / 2019 is currently available, but this component is not integrated into WS 2016 distribution, and you’ll have to install it separately.

Install the PowerShellGet module on a server with the RD Web Access role:

Install-Module -Name PowerShellGet -Force

Restart the PowerShell console. Now install the RD Web Client Management module:

Install-Module -Name RDWebClientManagement

To accept the terms of Microsoft Licence Agreement, press A .

Then install the latest version of Web Remote Desktop:

After the RDWebClientPackage package is installed, check its properties with the following command:

As you can see, there appeared rd-html 5.0 package version 1.0.0 .

Then export the SSL certificate used for SSO (Enable Single Sign On) as a .cer file (BASE64) on the server with the RDS Broker role. You can export it in the graphic snap-in of the computer certificate manager (certlm.msc). The certificate you need is located in PersonalCertificates section.

Import the certificate on your RD Web server:

Now you can publish the RD Web Client:

Publish-RDWebClientPackage -Type Production -Latest

To test the RD Web Client, use this command:

Publish-RDWebClientPackage -Type Test -Latest

Connect to the RDWeb Access Server from a Browser with HTML5 Support

After you have deployed the Web Client on the RDS server, you can run a browser on a client computer. All latest versions of Edge, IE 11, Google Chrome, Safari and Firefox are supported (however, the RD Web Client doesn’t work on any mobile devices yet). To access RDS servers from the browser, just share the URL link to your RDWeb server with your users.

Open the URL address:

To access the test environment, use this URL address:

The server name must match the RD Web Access server name in the SSL certificate.

Sign in to the RDWeb server using your credentials.

During sign-in you will be prompted what local resources should be available in your RD session. Only clipboard and printer redirection is available (currently the local drives and any USB devices cannot be redirected over the HTML5 RDP client, please, use the mstsc.exe client instead).

The list of published RemoteApps and RDP shortcuts appears. You can switch between them using icons at the top of the screen.

You can print from the RD Web Client using the virtual PDF printer (Microsoft Print to PDF). Then you print something in the RD Web Client window, your browser prompts you to download the PDF file. You can open this PDF file and print on your local printer.

The dynamic changing of the RD window size and full screen mode are available in the HTML5 RD web client. You can copy only text via the clipboard to your Remote Desktop session (but not files or graphics).

It is interesting that you can see the memory size and CPU load on the RDS server in the RD Web Client. Just click the icon of a published app to view it.

Rd web access

Remote Desktop Connection Broker

Пусть имя нашего домена – domain . local . Для доступа к терминальным службам снаружи будет использоваться доменное имя domain . ru . Таким образом, в нашем DNS домена domain . local нам необходимо будет создать дополнительную зону с именем domain . ru , где мы потом создадим запись RDS . domain . ru , которая будет ссылаться на IP адрес терминальной фермы.

1. Установка терминальных служб на сервер RDS 1.

1.1 Добавляем роли «Службы удаленных рабочих столов» ( Remote Desktop Services ) и «Службы политики сети и доступа» ( Network Policy and Access Services ). Выбираем для установки следующие службы ролей:

— Узел сеансов удаленных рабочих столов ( Remote Desktop Session Host )

— Шлюз удаленных рабочих столов ( Remote Desktop Gateway )

— Веб-доступ к удаленным рабочим столам ( Remote Desktop Web Access )

— Сервер политики сети ( NPS )

При установке служб ставим галочку « Require NLA », остальные настройки сконфигурим позже. Перезагружаем сервер при первом же требовании.

1.2 Создадим в ДНС нашего домена запись RDFarm . domain . local , которой присвоим IP адрес 192.168.0.80. Это будет внутренний адрес нашей фермы, а также адрес кластера NLB .

1.3 Создадим в ДНС зоне domain . ru нашего домена запись RDS . domain . ru , которой присвоим тот же IP адрес, что и адрес кластера — 192.168.0.80. Это будет внешний адрес нашей фермы, через который будут заходить удаленные пользователи.

1.4 Заходим в оснастку Remote Desktop Services – RemoteApp Manager – RD Gateway и настраиваем параметры следующим образом:

На закладке Digital Signature указываем сертификат, который надо предварительно запросить. Для выполнения этого шага в вашем домене должен быть центр сертификации ( CA ). На сервере RDS 1 запустите mmc и добавьте оснастку Certificates ( computer account ):

После получения сертификата экспортируйте его в pfx -файл – он нам понадобится для настройки второго сервера.

Теперь на закладке Digital Signature мы можем указать наш сертификат:

1.5 Заходим в оснастку Remote Desktop Services – RemoteApp Manager и в разделе RemoteApp Programs и добавим одно удаленное приложение. Пусть это будет калькулятор.

Нажмем кнопку « Properties » и добавим в список пользователей, которые смогут запускать наш Калькулятор, группу rd _ users .

1.6 Заходим в оснастку Remote Desktop Services – RD Gateway Manager и настраиваем свойства RDS 1 ( Local ). Но перед этим необходимо запросить еще один сертификат (см. пункт 1.4), но на сей раз с Common Name внешнего адреса – RDS . domain . ru .

На закладке Private Key не забудьте указать, что ключ может быть экспортирован.

После получения сертификата экспортируйте его в pfx -файл – он нам понадобится для настройки второго сервера.

Теперь указываем этот сертификат в свойствах нашего шлюза удаленных рабочих столов:

Переходим на закладку Server Farm , где добавим наш сервер RDS 1 в ферму шлюзов:

Обратите внимание, что на данном этапе поле статус не обязательно должно иметь состояние «ОК».

1.7 Заходим в оснастку Remote Desktop Services – RD Gateway Manager — RDS 1 ( Local ) – Policies – Connection Authorization Policies и создаем политику авторизации подключений при помощи мастера:

Добавим в список авторизованных для подключения пользователей группу rdg _ users , куда включим всех тех, кому надо получить доступ к терминальным сервисам.

1.8 Заходим в оснастку Remote Desktop Services – RD Gateway Manager — RDS1 (Local) – Policies – Resource Authorization Policies и создаем политику авторизации приложений минуя мастер (Create New Policy – Custom):

1.9 Заходим в оснастку Remote Desktop Services – RD Session Host Configuration и настраиваем свойства подключения RDP-Tcp следующим образом :

Нажимаем на кнопку « Select » и указываем сертификат с Common Name нашей фермы – RDFarm . domain . local (он уже был установлен на сервер в пункте 1.4).

Остальные параметры не настраиваем.

Здесь же, в RD Session Host Configuration , настраиваем параметры лицензирования.

1.10 Для проверки правильности настройки приложения RemoteApp заходим на адрес https://localhost/RDWeb

2. Установка терминальных служб на сервер RDS 2.

2.1 Добавляем роли «Службы удаленных рабочих столов» ( Remote Desktop Services ) и «Службы политики сети и доступа» ( Network Policy and Access Services ). Выбираем для установки следующие службы ролей:

— Узел сеансов удаленных рабочих столов ( Remote Desktop Session Host )

— Шлюз удаленных рабочих столов ( Remote Desktop Gateway )

— Веб-доступ к удаленным рабочим столам ( Remote Desktop Web Access )

— Сервер политики сети ( NPS )

При установке служб ставим галочку « Require NLA », остальные настройки сконфигурим позже. Перезагружаем сервер при первом же требовании.

Читать еще:  Функция format в access

2.2 Настраиваем второй сервер RDS 2 точно таким же образом, как и настроен наш первый сервер за исключением того, что сертификаты уже запрашивать не нужно – их надо импортировать с сервера RDS 1. Для импортирования сертификатов запустите mmc и добавьте оснастку Certificates ( computer account ):

Укажите путь к pfx файлам, содержащим сертификаты, и импортируйте их в личные сертификаты компьютера RDS 2.

3. Создание и конфигурирование терминальной фермы.

3.1 Устанавливаем роль RD Connection Broker на сервер BROKER .

3.2 Добавляем сервера RDS 1 и RDS 2 в локальную группу Session Broker Computers на сервере BROKER .

3.3 Добавляем все наши три сервера в локальную группу TS Web Access Computers на серверах RDS 1 и RDS 2

3.4 На сервере BROKER добавляем наши сервера RDS1 и RDS2 в группу RD Web Access ( Admin Tools > Remote Desktop Services > Remote Desktop Connection Manager > Add RD Web Access Server).

3.5 Сперва на сервере RDS1, а затем и на RDS2, заходим в Remote Desktop Services > Remote Desktop Session Host Configuration и меняем настройки RD Connection Broker:

3.6 Настраиваем удаленные приложения RemoteApp на работу с нашей фермой. Для этого на серверах RDS 1 и RDS 2 заходим в Remote Desktop Services > RemoteApp Manager и меняем параметр Server Name :

3.7 На сервере BROKER идем в Remote Desktop Services > Remote Desktop Connection Manager > RemoteApp Sources и жмем кнопку «Add RemoteApp Source…»:

Добавляем все наши возможные ресурсы RemoteApp : RDFarm . domain . local , RDS 1. domain . local , RDS 2. domain . local и RDS . domain . ru .

3.8 Создаем кластер NLB .

3.8.1 Устанавливаем компонент Network Load Balancing на сервера RDS 1 и RDS 2. Далее открываем оснастку Network Load Balancing Manager на сервере RDS 1 и создаем кластер:

Включаем в балансировку только 443 и 3389 TCP порты.

3.8.2 Добавляем второй компьютер ( RDS 2) в NLB кластер

3.9 Удостоверяемся, что на серверах RDS 1 и RDS 2, в свойствах сервера RD Gateway Manager на закладке Server Farm указаны оба наших сервера:

3.10 На серверах RDS 1 и RDS 2 заходим в оснастку IIS Manager , далее Sites – Default Web Site – RDWeb – Pages и справа жмем Application Settings , где присваиваем параметру DefaultTSGateway значение RDS . domain . ru :

4. Публикация фермы RemoteApp приложений на ISA Server .

Вначале необходимо установить наш сертификат с Common Name « RDS . domain . ru » на ISA сервер (сделать это можно так же, как в случае с сервером RDS 2, когда мы переносили на него сертификат с RDS 1).

Этот раздел я не буду рассматривать слишком подробно, а обойдусь лишь наиболее важными скриншотами с настройками правила публикации и созданием WEB -прослушивателя:

SOLVED: How To Customize Your RDS RDWeb Page

If you are running Remote Desktop Services (RDS) you likely have an /RDWeb landing page that you would like to reconfigure to make it easier for people to visit. My RDWeb page now looks like the one on the right.

If you are interested in customizing the RDWeb page, you might be interested in our easy explanation of how to eliminate the /RDWeb portion of the rds.YourDomain.com/RDWeb and change it to just rds.YourDomain.com, HERE.

WARNING: Internet Explorer does a good job of detecting the changes when you refresh RDWeb page but Chrome does not. Soooo, if you are testing with Chrome, make sure you flush your browser cache.

Customize the HELP Page on the RDS Login Page:

  1. Launch IIS
  2. Expand DEFAULT WEBSITE > RDWeb > PAGES
  3. Double click on APPLICATION SETTINGS from the middle pane
  4. Change LocalHelp to true
  5. Use Notepad to edit or replace %windir%WebRDWebPagesen-USrap-help.htm
    1. Note that you may want a different path than en-US if you are not using English
  6. Refresh your RDWeb login page and note that there is no need to restart IIS after this

Customize the TO PROTECT AGAINST Warning on the RDS Login Page:

  1. Use Notepad to edit or replace %windir%WebRDWebPageslogin.aspx
  2. Go to Line 43 and echange the text. Ours now looks like:

const string L_TSWATimeoutLabel_Text = “All actions are logged off site to protect against unauthorized access. If you are unsure if you are authorized, contact Up & Running IT at 403-xxx-xxxx. Your RD Web Access session will automatically time out after a period of inactivity. If your session ends, refresh your browser and sign in again.”;

Remove HELP Link From the RDS Login Page:

Note that we think it is better to customize the help page than it is to remove it (see above), but you can if you wish.

  1. Use Notepad to edit %windir%webrdwebpagessite.xsl
    1. I would make a copy first, in case you screw it up
  2. EDIT > GOTO line 150
  3. Delete the next 8 lines (everything between the

    Remove CONNECT TO A REMOTE PC Link from RDS Login Page:

    1. Launch IIS
    2. Expand DEFAULT WEBSITE > RDWeb > PAGES
    3. Double click on APPLICATION SETTINGS from the middle pane
    4. Change ShowDesktops to false
    5. Restart IIS (I like using IISRESET)

    Allow Users To CHANGE PASSWORD from RDS Login Page:

    1. Launch IIS
    2. Expand DEFAULT WEBSITE > RDWeb > PAGES
    3. Double click on APPLICATION SETTINGS from the middle pane
    4. Change PasswordChangeEnabled to false
    5. Restart IIS (I like using IISRESET)

    Change The Graphics On a Server 2016 RDWeb Login Page

    A) Change the Brand Logo On The RDWeb Login Page:

    1. Replace %windir%WebRDWebPagesimageslogo_02.png with your graphic but make sure it is the same 48×48 pixel size

    FYI, logo_01.png is the small remote desktop’ graphic in the top right beside the words RD WEB ACCESS

    1. Create a new folder named images %windir%WebRDWebPagesen-USimages
      1. If you are not using English, change the en-US to the appropriate folder
    2. Use Notepad to edit %windir%webrdwebpagessite.xsl
      1. I would make a copy first, in case you screw it up
    3. Search for ../images/logo_02.png
      1. on line 114 in the factory site.xsl
    4. Update the graphic name and size so it looks the the screen shot to the right

    Thanks to THIS page for this one.

    B) Change The Server 2016 Logo On The RDWeb Login Page:

    1. Replace %windir%webrdwebpagesimagesWS_h_c.png

    We suggest that at very least you delete white background of the Server 2016 logo because the default graphic looks terrible. Also, we suggest you edit that graphic to remove the “2016” from it so that it is 1% harder for hackers to figure out what they are attacking.

    C) Change The Microsoft Logo On The RDWeb Login Page:

    1. Replace %windir%webrdwebpagesimagesmslogo_black.png

    If you just want to remove the Microsoft Logo on the RDWeb home page, the easiest way to to this is to change the mslogo_block.png to a single pixel. Otherwise you can screw around in the site.xsl code to find it but why bother.

    D) Change The Globe Wallpaper On The RDWeb Login Page:

    1. Replace %windir%webrdwebpagesimagesbg_globe_01.jpg

    Change The Text ‘Work Resources’ On The RDWeb Login page:

    1. Start a PowerShell as an Administrator
    2. Enter Set-RDWorkspace -Name «YourNameHere»
      1. Yes, you need the quotes

    That to THIS blog for this tip.

    Change the RD Workspace Name and Other Text On the RDWeb Login Page:

    1. Use Notepad to edit %windir%WebRDWebPagesen-USRDWAStrings.xml
    2. Change the text as you see fit like:
      1. line 3 which contains the Page Title
      2. line 10 which contains the HEADING RDWA , and
      3. line 12 that contains the HELP title text

    WARNING: Internet Explorer does a good job of detecting the changes when you refresh the page but Chrome does not. Soooo, if you are using Chrome, make sure you flush your browser cache.

    The text in this file is used in more places than just the RDWeb login page.

    There are many other customizations you can perform and I found the following articles useful:

Ссылка на основную публикацию
ВсеИнструменты
Adblock
detector
×
×