Customize RD Web Access, a drop down server list

As you might know, RD Web Access provides two different ways to allow users to connect. The tab “RemoteApp and Desktops” tab contains the Remote Apps and Desktops that are authorized to user. The tab “Connect to a remote PC” allows users to specify the destination remote client, server of farm by providing the DNS or hostname.

In some cases you might want to pre-define the hostname users have to enter. In this blog post I’ll guide you through the process of configuring a drop down list containing destinations we want users to be able to select.
STEP 1. We’ll be editing the desktops.aspx which is located in C:\Windows\Web\RDWeb\Pages\en-US\Desktops.aspx (may differ based on the language of the Server OS). Be sure to create a backup of that file first.
STEP 2. Locate the definition of the function function GetParam(sParam, bReqd, vDefault) and add the following function specified below that function definition. We’ll use this function to retrieve selected value of the dropdown box. We can’t use the existing GetParams function as this returns the number of the select item in de dropdown box. (Uses by for example the Remote desktop size dropdown box).
function GetDestination(sParam, bReqd, vDefault)
{
    var obj = document.getElementById(sParam);
    if(obj != null)
    {
        switch(obj.tagName)
        {
            case "SELECT":
                return obj.options[obj.selectedIndex].value;
                break;
            default:
                break;
        }
    }
    else
    {
        if ((bReqd) && ((vDefault == "") || (vDefault == null) || (obj == null)))
        {
            var L_ErrMsgInvalid_Text = "%ParameterName% is not a valid or available parameter name.";  // {Placeholder="%ParameterName%"}
            var errMsgInvalid = sParam;
            errMsgInvalid = errMsgInvalid.replace("%ParameterName%", sParam);
            var retval = TSMsgBox(errMsgInvalid, vbInformation, L_sTitle_Text);
            return null;
        }
        else
        {
            return vDefault;
        }
    }
} STEP 3. Replace the following code <input name="MachineName" maxlength="255" id="MachineName" class="textInputField" type="text"
                                    onfocus="updateConnectButtonState(this);" onblur="updateConnectButtonState(this);"
                                    onkeyup="onConnectToKeyUp(this);" onpropertychange="onConnectToPropertyChange(this);"/> With the code: <select id="MachineName" style="width: 270px" name="MachineName">
                                        <option value="rds01.lab.local" selected="selected">rds01.lab.local</option>
                                        <option value="rds02.lab.local">rds02.lab.local</option>
                                        <option value="rds03.lab.local">rds03.lab.local</option>
                                    </select>
STEP 4. To make sure the connect button is always available find the following string and remove the part disabled="disabled"<button type="button" id="ButtonConnect" name="ButtonConnect" disabled="disabled"
STEP 5. Replace the following piece of code
var RDPstr = "full address:s:" + GetParam("MachineName", true, "") + "\n";
With the code:
var RDPstr = "full address:s:" + GetDestination("MachineName", true, "") + "\n";
STEP 6. The end result should look like something below:

Upon clicking Connect a RDP session to the selected destination is launched.

RD WebAccess and the "unknown publisher story"

Anyone who had worked with RD WebAccess will have seen the following error one time or another:

The question: can we configure RD WebAccess to sign the .RDP that is used so that this warning does not pop-up on our end-users computers?

The answer: The answer is, as with all IT-questions, it depends!

And here’s why: There are two ways to have users access your RD Session Host farm from RD WebAccess. The first one is by making use of RemoteApp. RemoteApp is the technique on the RD Session Host that is used to deliver seamless applications to your end-users that “blend in” with the users locally installed applications. You can use RD WebAccess to publish these RemoteApps via a webpage. In the example below I have published Calculator and WordPad to be available via RD Web Access.

 In the RemoteApp configuration on the RD Session Host we can actually configure the SSL certificate that is used to sign the “.rdp file” that is used to run the RemoteApp.

 That’s great! Now we have a publisher available and a user can check that he trusts the publisher. (Or we can use a GPO that automatically trusts all RDP connections that were signed using a specific SSL certificate, by making use of the hash of the SSL certificate).

 Now comes the catch, the second method is making use of the option Remote Desktop tab in RD Web Access. This way you can publish a full desktop instead of a RemoteApp.

Can we sign the .RDP that is used for this connection as well to get rid of the publisher warning?
No, we can’t.

The reason for this is that is that there’s a difference in how the .RDP file is built when using Remote App RD Web Access and when using Remote Desktop via RD Web Access.

When you connect to a RemoteApp, a .RDP file is created on the RD Session Host based on the settings that we configured in the Remote App Manager. Remember that we specified a SSL certificate there. So the .RDP file will be signed here before its being channeled to the client from where it is executed.

When you connect to a Remote Desktop, the .RDP file is actually created on the client itself based on parameters that it gets from the RD Web Access (which reside in the web.config and aspx pages) plus the settings that might have been done in the Remote Desktop page by the user. The client does not sign the .RDP file, and thus, you still get the warning about the unknown publisher!