Setting up RemoteApp Manually

I was trying to use Kim Knight's RemoteApp Tool, but apparently the latest version isn't quite working like my previous setups. It wasn't adding the parameters I needed, such as the custom port, and overall just wasn't working. I did use quite a few sites to get everything working right for my configuration, but this page from Liam Westley was key to starting to figure it out.

My goal was to be able to access my Windows Admin Center dashboard remotely via a RemoteApp setup installed on a Windows Server 2016 VM. This would involve installing Firefox, installing Windows Admin Center (formerly Project Honolulu), and setting up the following items manually. Also, because of other remote administration I have set up, I needed the RemoteApp to listen on port 3390 rather than the normal RDP port 3389. I'll note what's required and what's optional for the port change.

Before we start, it's important to note that you may need to change your router setup. You can search Google to figure out how to change your router if you're not familiar.

Additionally, you may want to look at optimizing your RDP experience with RemoteFX.

Regedit

It should go without saying - make a backup of your registry before making the following changes!

Mandatory

  • Browse to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList
  • Change value of fDisabledAllowList from 0 to 1
  • Create a new key Applications
  • Create a new key in Applications named Firefox
  • Create a new string value Name with value Firefox
  • Create a new string value Path with value C:\Program Files\Mozilla Firefox\firefox.exe

Optional

  • Browse to HKLM\SYstem\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  • Change value of PortNumber from d3d to d3e (or in decimal, change from 3389 to 3390)
  • Add port 3390 over both TCP and UDP to the firewall inbound allowed rules via PowerShell
New-NetFirewallRule -DisplayName 'TCP_3390' -Profile @('Domain', 'Private', 'Public') -Direction Inbound -Action Allow -Protocol TCP -LocalPort 3390
New-NetFirewallRule -DisplayName 'UDP_3390' -Profile @('Domain', 'Private', 'Public') -Direction Inbound -Action Allow -Protocol UDP -LocalPort 3390
  • Reboot the computer and test logging into your system using RDP, adding :3390 to the end of your IP or hostname

.RDP File

Open RDP, click Show Options dropdown, under Connection Settings click Save As and save the file as you desire (i.e. Firefox.rdp). Edit the file with your favorite text editor program, such as Notepad++.

Mandatory

  • Change remoteapplicationmode:i:0 to remoteapplicationmode:i:1 to enable window application mode rather than full screen desktop mode
  • Add remoteapplicationprogram:s:Firefox to add a name to your application
  • Add disableremoteappcapscheck:i:1 to work around the domain approved RemoteApp programs list
  • Add alternate shell:s:rdpinit.exe to allow separate launcher for RemoteApp instead of Remote Desktop
  • Save the file

Optional

  • Add server port:i:3390 to change your session port number

Final Product

Here's the end result text inside my Firefox.rdp file. A few of these parameters aren't filled out, but you're welcome to modify them yourself. A page I found very useful for making these modifications is from Remote Desktop Plus which is a compilation of this TechNet article.

screen mode id:i:2
use multimon:i:1
desktopwidth:i:3840
desktopheight:i:2160
session bpp:i:32
winposstr:s:0,1,1096,587,1890,1180
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i:0
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:logitico.com
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
drivestoredirect:s:
autoreconnection enabled:i:1
authentication level:i:0
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:1
remoteapplicationprogram:s:Firefox
disableremoteappcapscheck:i:1
server port:i:3390
alternate shell:s:rdpinit.exe
shell working directory:s:
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:0
gatewaybrokeringtype:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:
remoteapplicationname:s:
remoteapplicationicon:s: