Setting Up RemoteApp on Windows Server 2012 without Active Directory Domain: A Step-by-Step Guide

Introduction to Windows Server 2012's RemoteApp Limitation

In the Windows Server 2012 environment, Microsoft introduced restrictions on the use of the Terminal Server if it's not part of an Active Directory domain. Specifically, many users, including myself, have encountered challenges when trying to configure RemoteApp directly from the server management console.

However, there's a silver lining: you can manually add applications. Let's dive into how.

The Prerequisites: Terminal Server and Active Directory

It goes without saying, but before you can effectively utilize RemoteApp, you need to have the Terminal Server installed. For those unaware, if your server isn't part of a domain, you'll have to do this by adding roles, not through the Remote Desktop Services installation process. You'll need to choose the remote desktop services, and within that, opt for remote desktop licensing and the remote desktop session host.

Installing the Remote Desktop Services Role

Using 1C as a real-world example, I'll demonstrate how you can achieve this. To streamline the process, I've created a resource pack with ready-to-use rdp and reg files, available for ]]>download here]]>.

Creating and Modifying the .rdp Connection File

When crafting or extracting an .rdp connection file from the archive, the content should appear as follows:

redirectclipboard:i:1
redirectposdevices:i:0
redirectprinters:i:1
redirectcomports:i:1
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
remoteapplicationmode:i:1
server port:i:3389
full address:s:192.168.1.112
alternate shell:s:||1cestart
remoteapplicationprogram:s:||1cestart
remoteapplicationname:s:1C Предприятие
allow font smoothing:i:1
promptcredentialonce:i:1
authentication level:i:2
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:0
gatewaycredentialssource:i:0
gatewayhostname:s:
remoteapplicationcmdline:s:
screen mode id:i:2
winposstr:s:0,3,0,0,800,600
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i:0
disable wallpaper:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
audiomode:i:0
autoreconnection enabled:i:1
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationicon:s:
shell working directory:s:
gatewaybrokeringtype:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:

For your setup, adjust the entries for your specific server port and address.

server port:i:3389
full address:s:192.168.1.112

As well as application-specific details if you're not using 1C.

alternate shell:s:||1cestart
remoteapplicationprogram:s:||1cestart
remoteapplicationname:s:1C Предприятие

Once saved, attempt a connection. If configured correctly, you might receive an error indicating that the RemoteApp isn't on the approved application list.

Resolving Connection Errors with RemoteApp

Next, we'll add our application to the approved list. This involves tweaking the registry. For 1C 8.2, I've provided a registry dump in the downloadable archive, named 1cestart.reg. However, remember to modify paths specific to your application setup.

Working with the Windows Registry for 1C Configuration

For those who want to manually add these parameters, consider the following example:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList\Applications\1cestart]
"RequiredCommandLine"=""
"Name"="1C Предприятие"
"SecurityDescriptor"=""
"CommandLineSettings"=dword:00000000
"IconIndex"=dword:00000000
"Path"="C:\\\\Program Files (x86)\\\\1cv8\\\\common\\\\1cestart.exe"
"ShortPath"="C:\\\\PROGRA~2\\\\1cv8\\\\common\\\\1cestart.exe"
"ShowInTSWA"=dword:00000001
"IconPath"="%SystemRoot%\\Installer\\{D4895455-7B12-4E0B-B5F0-EFF6B9C3F93E}\\ShortCut_EnterprSt_41216A7DC6764F558CBAC68BC28BD550.exe"

If you are going to enter these parameters manually, you need to change \\ to \ in the paths.

As you might guess, you need to change the paths to your application in the following lines:

"IconPath"="%SystemRoot%\\Installer\\{D4895455-7B12-4E0B-B5F0-EFF6B9C3F93E}\\ShortCut_EnterprSt_41216A7DC6764F558CBAC68BC28BD550.exe"
"Path"="C:\\\\Program Files (x86)\\\\1cv8\\\\common\\\\1cestart.exe"
"ShortPath"="C:\\\\PROGRA~2\\\\1cv8\\\\common\\\\1cestart.exe"

And its name in the line:

"Name"="1C Предприятие"

Also, the registry branch, meaning if you are, for instance, forwarding a calculator, the branch should be not Applications\1cestart but Applications\calc. And don't forget to check that the application name parameters in the .rdp file match the name of this branch.

After these configurations, my RemoteApp operated flawlessly. Attempt a reconnection and observe if you achieve similar results.

Final Steps and Verifying the RemoteApp Connection

If, for any reason, you're still facing issues, double-check the registry branch. Ensure its existence and that the paths listed are 100% accurate. If everything seems spot-on, consider running the terminal.reg file from the archive.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList]
"LicenseServers"=hex(7):00,00
"CertificateIssuedBy"=""
"LicensingType"=dword:00000005
"fHasCertificate"=dword:00000000
"CertificateExpiresOn"=""
"CentralLicensing"=dword:00000000
"fDisabledAllowList"=dword:00000000
"CertificateIssuedTo"=""
"CustomRDPSettings"="authentication level:i:2"

Getting RemoteApp to function on Windows Server 2012, especially outside of Active Directory, can be a tad challenging. But with careful attention to configurations and the provided steps, success is achievable. Have you tried setting up RemoteApp on Windows Server 2012 without Active Directory? Share your experiences or questions below!