Remote Desktop Web Access

Updated: July 20, 2009

Applies To: Windows Server 2008 R2

Remote Desktop Web Access (RD Web Access), formerly Terminal Services Web Access (TS Web Access), enables users to access RemoteApp and Desktop Connection through a Web browser. The RD Web Access role service has been enhanced in Windows Server 2008 R2. The following improvements to RD Web Access are available in Windows Server 2008 R2:

  • Forms-based authentication

  • Per user RemoteApp program filtering

  • Single sign-on between Remote Desktop Session Host (RD Session Host) and RD Web Access

  • Public and private computer option

The improvements to the RD Web Access role service will be of interest to organizations that currently use or are interested in Remote Desktop Services.

The new functionality provided by these features in the RD Web Access role service is described in the following sections.

Forms-based authentication is an ASP.NET authentication service that enables applications to provide their own logon page and do their own credential verification. ASP.NET authenticates users, redirects unauthenticated users to the logon page, and performs all the necessary cookie management.

Forms-based authentication with RD Web Access provides a user in your organization a better logon experience. Additionally, it allows the administrator to customize the RD Web Access logon page to display company branding or other important information.

RD Web Access can filter the view on a per user account basis so that the user logging on to RD Web Access only sees the programs that the administrator configured for them to see.

Prior to Windows Server 2008 R2, all RemoteApp programs were shown to every user that logged on to RD Web Access.

Single sign-on allows customers the ability to enter their user name and password only once when connecting to a RemoteApp program by using RD Web Access.

Prior to Windows Server 2008 R2, when a user connected to a RemoteApp program by using RD Web Access, the user was prompted for credentials twice. One set of credentials was used to authenticate the user to the RD Web Access server and the other set was used to authenticate the user to the RD Session Host server hosting the RemoteApp program. Asking for the same user credentials twice led to a bad user experience. In Windows Server 2008 R2, you are only prompted once.

Single sign-on requires that your RDP files are digitally signed by a trusted publisher. The certificate used to sign the RemoteApp programs must be present in the Trusted Root Certification Authorities store on the client computer.

To take advantage of the new single sign-on features, the client must be running Remote Desktop Connection (RDC) 7.0.

The RD Web Access Web page can be accessed via public or private mode. When you select public mode, your user name is not remembered in the Web browser and RD Web Access cookies storing the user name time out in 20 minutes. When you select private mode, cookies storing the user name are available for four hours. In either public or private mode, passwords are not stored.

Public mode is recommended when you are using a computer that is located in a public place. Private mode is recommended for computers that you use often, such as a home or office computer.

RD Web Access is available in the following editions of Windows Server 2008 R2:

  • Windows Server 2008 R2 Standard

  • Windows Server 2008 R2 Enterprise

  • Windows Server 2008 R2 Datacenter

RD Web Access is not available in the following editions of Windows Server 2008 R2:

  • Windows Web Server 2008 R2

  • Windows Server 2008 R2 for Itanium-Based Systems

For information about other new features in Remote Desktop Services, see What's New in Remote Desktop Services.

Community Additions