Configure Terminal Server Settings

Applies To: Windows Server 2008

To define how users will connect to the terminal server (or terminal server farm) to access RemoteApp programs, you can configure terminal server deployment settings.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To configure terminal server settings

  1. In the Actions pane of TS RemoteApp Manager, click Terminal Server Settings. (Or, in the Overview pane, next to Terminal Server Settings, click Change.)

  2. On the Terminal Server tab, under Connection settings, accept or modify the server or farm name, the Remote Desktop Protocol (RDP) port number, and server authentication settings.


If the Require server authentication check box is selected, consider the following:

  - If any client computers are running Windows Server 2003 with Service Pack 1 or Windows XP with Service Pack 2, you must configure the terminal server to use a Secure Sockets Layer (SSL) certificate. (You cannot use a self-signed certificate.)  
  - If the RemoteApp program is for intranet use, and all client computers are running either Windows Server 2008 or Windows Vista, you do not have to configure the terminal server to use an SSL certificate. In this case, Network Level Authentication is used.  
  1. To provide a link to a full terminal server desktop session through TS Web Access, under Remote desktop access, select the Show a remote desktop connection to this terminal server in TS Web Access check box.

  2. Under Access to unlisted programs, choose either of the following:

    • Do not allow users to start unlisted programs on initial connection (Recommended)

      To help protect against malicious users, or a user unintentionally starting a program from an .rdp file on initial connection, we recommend that you select this setting.


This setting does not prevent users from starting unlisted programs remotely after they connect to the terminal server by using the RemoteApp program. For example, if Microsoft Word is in the RemoteApp Programs list and Microsoft Internet Explorer is not, if a user starts a remote Word session, and then clicks a hyperlink in a Word document, they can start Internet Explorer.

  - **Allow users to start both listed and unlisted programs on initial connection**  


If you choose this option, users can start any program remotely from an .rdp file on initial connection, not just those programs in the RemoteApp Programs list. To help protect against malicious users, or a user unintentionally starting a program from an .rdp file, we recommend that you do not select this setting.

  1. When you are finished, click OK.

Additional references