Can RDP clients launch a remote application and then only display that application (and not the desktop)? The application would appear fullscreen within the client and if the application were closed the session would end.
"alternate shell" doesn't seem to work anymore in recent versions of Windows, RemoteApp
is the way to go.
remoteapplicationmode:i:1
remoteapplicationname:s:Purpose of the app shown to user...
remoteapplicationprogram:s:C:\...\some.exe
remoteapplicationcmdline:s:
To get this to work under e.g. Windows 10 Professional, one needs to enable some policy:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"fAllowUnlistedRemotePrograms"=dword:00000001
Using an RDP connection file you can set the alternate shell to be your application; the file syntax is like
alternate shell:s:c:\winnt\system32\notepad.exe
and you pass that as a command-line argument to mstsc.exe; this similar to chrissr's solution, but without affecting every RDP session you launch. A fuller summary of settings here.
This is quite easily achievable.
We need to allow any unlisted programs to start from RDP. 1.1 Save the script below on your desktop, the extension must end with .reg.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList] "fDisabledAllowList"=dword:00000001
1.2 Right click on the file and click Merge, Yes, Ok.
Modifying our .rdp file. 2.1 At the end of our file, add the following code:
remoteapplicationmode:i:1 remoteapplicationname:s:This will be the optional description of the app remoteapplicationprogram:s:Relative or absolute path to the app (Example: taskmgr or C:\Windows\system32\taskmgr.exe) remoteapplicationcmdline:s:Here you'd put any optional application parameters
remoteapplicationmode:i:1 remoteapplicationname:s: remoteapplicationprogram:s:mspaint remoteapplicationcmdline:s:
2.2 Enter your username and password and connect.
https://i.imgur.com/zEZqL6Q.png
remoteapplicationprogram:s
key to specify an application residing on the remote computer. To run a local, host-side application on the remote computer, use the remoteapplicationfile:s
key instead.
This is called "seamless" mode. rdesktop
, the RDP client for Unix, is capable of this. From the manpage:
-A Enable SeamlessRDP. In this mode, rdesktop creates a X11 window for each window on the server side. This mode requires the SeamlessRDP server side component, which is available from http://www.cendio.com/seamlessrdp/. When using this option, you should specify a startup shell which launches the desired application through SeamlessRDP.
See mentioned Cendio website for more information.
Yes, you can change the default shell from Explorer.exe to a specific application.
In Regedit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. The current shell should be Explorer.exe. Change it to YourApp.exe. That will change the shell for all users who log on to the machine. If you only want to change it for a specific user, go to the same key in HKEY_CURRENT_USER instead.
This is called RemoteApp. To use it you need to install Terminal Services, which is now called Remote Desktop Services.
I think Citrix does that kind of thing. Though I'm not sure on specifics as I've only used it a couple of times. I think the one I used was called XenApp but I'm not sure if thats what you're after.
Another way is shown in this CodeProject article:
http://www.codeproject.com/KB/IP/tswindowclipper.aspx
The basic idea is to create a virutal channel that sends the windows position of the app(s) you want to show, then only render that part of the window on the client.
Google for RemoteApp and only Windows Server 2016+ provides that. There is also a hack tool named "RemoteApp Tool" to enable RemoteApp support in Windows Pro editions/
At least on 2008R2 if the accounts are only used for RDP and not for local logins then you can set this on a per-account basis. That should work for thin clients. If the accounts are also used on local desktops then this would also affect those logins.
In ADUsers&Computers, open the properties for the account and go to the Environment tab. On that tab, check "Start the following program at logon" and specify the path and executable for the program.
RDP will not do that natively.
As other answers have said -- you'll need to do some scripting and make policy changes as a kludge to make it hard for RDP logins to run anything but the intended application.
However, as of 2008, Microsoft has released application virtualization technology via Terminal Services that will allow you to do this seamlessly.
Success story sharing
.rdp
file itself, and the registry on the server.remoteapplicationfile:s
andremoteapplicationprogram:s
. The*file
key specifies the full path to an executable on the local (host) computer, while the*program
key specifies an executable on the remote computer.