Creating a Virtualized application remotely is a pretty neat feature for locking down user’s that pretty much require Domain Admin 24/7. With this you can help streamline access from a Domain Admin user to a remote server sandbox and launch chrome remotely, I tested this on 2008R2 and 2012R2 and works amazing. Some minor Hurdles to look out for are: Objects marked Safe for scripting do not allow remotely launching applications on behalf of the user so you much use the “Unsafe for scripting” object. Second, you must only call “ServerStartProgram” after you connect to the server, not before. third, You much ensure fDisabledAllowList is set to “1” or you explicitly allow such applications on the server through an approved registry list. Check MSDN for examples/guidance. I tried to do it remotely with the AX7 Sub Routine below however it only applies to x86 and required .Net 4.0 to edit the correct key remotely but should be pretty simple. The key update does not require a reboot. Enjoy!

Private Sub AX7()
    Try
        RegKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, "\\" & Form1.remotePcComboBox.Text).OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList", True)
        If RegKey.GetValue("fDisabledAllowList") <> 1 Then
            RegKey.SetValue("fDisabledAllowList", "1")
        End If
    Catch ex As Exception
    End Try
    AxMsRdpClient71.DesktopWidth = SystemInformation.VirtualScreen.Width
    AxMsRdpClient71.DesktopHeight = SystemInformation.VirtualScreen.Height
    AxMsRdpClient71.RemoteProgram2.RemoteProgramMode = True
    AxMsRdpClient71.AdvancedSettings7.AuthenticationLevel = 0
    AxMsRdpClient71.AdvancedSettings7.SmartSizing = True
    AxMsRdpClient71.AdvancedSettings7.PublicMode = False
    AxMsRdpClient71.AdvancedSettings7.ClearTextPassword = Form1.TextBox4.Text

    AxMsRdpClient71.Server = Form1.remotePcComboBox.Text
    AxMsRdpClient71.UserName = Form1.TextBox3.Text
    AxMsRdpClient71.FullScreen = True
    AxMsRdpClient71.Connect()
End Sub

Private Sub MyRDP_OnConnected() Handles AxMsRdpClient71.OnConnected
    Debug.WriteLine("RDPEVENT: OnConnected")
    Try
        AxMsRdpClient71.RemoteProgram2.ServerStartProgram("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe", "", "%SYSTEMROOT%", True, "", False)
    Catch ex As Exception
        Debug.WriteLine("Failed")
    End Try

End Sub

Private Sub MyRDP_OnDisconnected1() Handles AxMsRdpClient71.OnDisconnected
    Debug.WriteLine("RDPEVENT: OnDisconnected")
End Sub

Private Sub MyRDP_OnDisconnected1(ByVal discReason As Integer) Handles MyRDP.OnDisconnected
    Debug.WriteLine("RDPEVENT: OnDisconnected")
End Sub

Private Sub MyRDP_OnLoginComplete() Handles AxMsRdpClient71.OnLoginComplete
    Debug.WriteLine("RDPEVENT: OnLogonComplete")
End Sub

Now in the picture below, I’m running windows 7 and mstscax.dll contains a few controls to add. The control’s marked a distribable are for safe scripting and launch remote applications will not work, You need to use the “Microsoft RDP Client Control – version 8” without the “(redistributable)” in it’s name.

Other interesting Sources:
https://msdn.microsoft.com/en-us/library/mt787065(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/aa383464(v=vs.85).aspx

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax