1. Tutorial 08 - Single RDS Server Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2
1.1 1. Create OUs for RDS Servers and Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 2. Deploy Remote Desktop Service Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3 3. Publish RemoteApps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4 4. Create GPO to optimize RDS Server and User Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Tutorial 08 - Single RDS Server Deployment

1. ENVIRONMENT
Domain Name: EXAMPLE.LOCAL

NetBIOS Name: EXAMPLE

Active Directory Server Application Server

IP Address 172.18.0.21/24 172.18.0.23/24

DNS 8.8.8.8 172.18.0.21

Operating System Windows Server 2016 Standard Windows Server 2016 Standard

Host Name DC01-SRV RDSAP01-SRV

CPU(s) 4 Cores 4 Cores

Memory 4GB 4GB

HDD 100GB 100GB

Server Roles Active Directory (LDAP/LDAPS) Remote Desktop Session Host

Kerberos

Domain Name Server (DNS)

File Server (SMB/CIFS)

Network Time Server (NTP)

Before start this example, require:

1. Windows platform in this example is Windows Server 2016 Standard.

2. Domain Example.Local is already installed and configured with 1 Domain Controller Server.
3. Application Server must be fresh installed, named RDSAP01-SRV and join into domain Example.Local

2. TASK TO DO
1. Deploy one Remote Desktop Service server on existing domain Example.Local

2. Publish RemoteApps (Calculator, Paint, Notepad) on RDS Application

3. Create new Group Policies to optimize Remote Desktop Service.

1. Create OUs for RDS Servers and Users

1. Use Active Directory Users and Computers console to create OUs, Groups and Users as below structure
2. Add user account admin01 and admin02 to be member of Security Group awingu_admins

3. Add user account user01 and user02 to be member of Security Group awingu_users
 4. Move computer RDSAP01-SRV to OU RDS Server

2. Deploy Remote Desktop Service Server

Login to RDSAP01-SRV server (172.18.0.23) with Domain Admins account.

1. Start Server Manager console Click Manage Choose Add Roles and Features
2. On page Before you begin, just click Next

3. On Installation Type, choose Remote Desktop Services Installation Click Next

4. On Deployment Type, choose Standard deployment Click Next

5. On Deployment Scenario page, choose Session-based desktop deployment Click Next

5.

6. One Role Services, nothing to do, just click Next

7. On RD Connection Broker page, choose server RDSAP01-SRV Click Arrow button to add server into selected list Click Next
7.

8. On RD Web Access page, choose RDSAP01-SRV Click Arrow button to move server to selected list Click Next

9. On RD Session Host page, select server RDSAP01-SRV Click Arrow button to move server to selected list Click Next
 9.

10. On Confirmation page Check Restart the destination server automatically if required Click Deploy

11. It may take 15 ~ 30 minutes and reboot couple times.

11.

12. Once finish, click Close

13. From now, in Server Manager console will appear Remote Desktop Service option.
 13.

3. Publish RemoteApps
In this tutorial we will go thought these step:

1. Create Session Collection

2. Publish Remote Application

1. Open Server Manager console, choose Remote Desktop Services section

2. Select Collections on left hand menu In Collections screen on right hand, select TASKS choose Create Session Collection

3. Just skip Before you Begin page by click Next

4. Name new Collection is Collection 01 Click Next

5. Select RDSAP-01.example.local server in the list, click Right Arrow button to add server into Selected list Click Next.
5.

6. Add Domain Users group click Next

7. Do not check Enable user profile disks this moment.

7.

8. Click Create

9. It'll take few minutes to configuring

 9.

10. After installation finish click Close

11. When new collection is created, click to select Collection 01 in RemoteApp Programs area, click TASKS choose RemoteApp
Programs
11.

12. Check to select Calculator

13. Check to select Paint

14. Notepad isn't listed in RemoteApp programs list. To publish Notepad, click Add button

15. Browse to c:\Windows\System32\notepad.exe click to select notepad.exe click Open

15.

16. Now Calculator, Paint and Notepad are selected click Next

17. Click Publish

18. Wait for Publishing progress

19. When finish click Close

 19.

20. In RemoteApp Programs area will display 3 published apps, the Alias is an important parameter that used to publish app to Awingu.

4. Create GPO to optimize RDS Server and User Session

In this tutorial, we will create GPO to optimize Remote Desktop Service and Awingu operation.
Suggested GPO's for the Awingu users

User Configuration / Policies / Administrative Templates:

Start Menu and Taskbar:
Remove Run menu from Start Menu: Enable
System:
Prevent access to the command prompt: Enable (Disable the command prompt script processing also? No)
System: Ctrl+Alt+Delete Options:
Remove Task Manager Enable
Remove Lock Computer Enable
Windows Components Desktop Window Manager:
Do not allow window animation: Enable
Windows Components / File Explorer:
Hide these specified drives in My Computer: Enable (Pick one of the following combinations: Restrict all drives.)
Hides the Manage item on the Windows Explorer context menu: Enabled
No Computers Near Me in Network Locations: Enabled
No Entire Network in Network Locations: Enabled
Prevent access to drives from My Computer: Enabled (Pick one of the following combinations: Restrict all drives)
Remove "Map Network Drive" and "Disconnect Network Drive": Enabled
Remove Hardware tab: Enabled
Remove Search button from Windows Explorer: Enabled]
Windows Components / Remote Desktop Services/Remote Desktop Session Host/Session Time Limits:
Set time limit for disconnected sessions: Enable (End a disconnected session: 1 minute)
Set time limit for log off of RemoteApp sessions: Enable (RemoteApp session logoff delay: 1 minute)
Windows Components / Windows Powershell: Turn on script execution:
Enabled with Allow only signed scripts

Required GPO's for the applications servers

Computer Configuration / Policies / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop
Session Host / Connections
Restrict Remote Desktop Services users to a single Remote Desktop Services sessions: Disable.
Allow remote start of unlisted programs: enabled

Computer Configuration / Policies / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop
Sessions Host/Session Time Limits:
Set time limit for disconnected sessions: End a disconnected session in 1 minutes
Set time limit for log off of RemoteApp sessions: RemoteApp session log off delay Immediately

1. Go to Start Windows Administrative Tools Group Policy Management

2. In GPO Management console, browse to GPM Forest: example.local Domains example.local RDS RDS Servers
3. Right click on OU RDS Servers choose Create a GPO in this domain, and Link it here

4.
4. Name new GPO is RDS_GPO Click OK

5. Right click on RDS_GPO (just created) choose Edit

6. Configure RDS_GPO as below figure

7. Browse to GPM Forest: example.local Domains example.local Awingu Awingu Users. Right click on OU Awingu Users

8. Name new GPO is Awingu_Users_GPO click OK

9. Right click on Awingu_Users_GPO (just created) choose Edit

10. Configure Awingu_Users_GPO as below figure
11. To apply these new GPO, run command gpupdate /force