Creating a Virtualized application remotely is a pretty neat feature for locking down user’s that pretty much require Domain Admin 24/7. With this you can help streamline access from a Domain Admin user to a remote server sandbox and launch chrome remotely, I tested this on 2008R2 and 2012R2 and works amazing. Some minor Hurdles to look out for are: Objects marked Safe for scripting do not allow remotely launching applications on behalf of the user so you much use the “Unsafe for scripting” object. Second, you must only call “ServerStartProgram” after you connect to the server, not before. third, You much ensure fDisabledAllowList is set to “1” or you explicitly allow such applications on the server through an approved registry list. Check MSDN for examples/guidance. I tried to do it remotely with the AX7 Sub Routine below however it only applies to x86 and required .Net 4.0 to edit the correct key remotely but should be pretty simple. The key update does not require a reboot. Enjoy!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
Private Sub AX7() Try RegKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, "\\" & Form1.remotePcComboBox.Text).OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList", True) If RegKey.GetValue("fDisabledAllowList") <> 1 Then RegKey.SetValue("fDisabledAllowList", "1") End If Catch ex As Exception End Try AxMsRdpClient71.DesktopWidth = SystemInformation.VirtualScreen.Width AxMsRdpClient71.DesktopHeight = SystemInformation.VirtualScreen.Height AxMsRdpClient71.RemoteProgram2.RemoteProgramMode = True AxMsRdpClient71.AdvancedSettings7.AuthenticationLevel = 0 AxMsRdpClient71.AdvancedSettings7.SmartSizing = True AxMsRdpClient71.AdvancedSettings7.PublicMode = False AxMsRdpClient71.AdvancedSettings7.ClearTextPassword = Form1.TextBox4.Text AxMsRdpClient71.Server = Form1.remotePcComboBox.Text AxMsRdpClient71.UserName = Form1.TextBox3.Text AxMsRdpClient71.FullScreen = True AxMsRdpClient71.Connect() End Sub Private Sub MyRDP_OnConnected() Handles AxMsRdpClient71.OnConnected Debug.WriteLine("RDPEVENT: OnConnected") Try AxMsRdpClient71.RemoteProgram2.ServerStartProgram("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe", "", "%SYSTEMROOT%", True, "", False) Catch ex As Exception Debug.WriteLine("Failed") End Try End Sub Private Sub MyRDP_OnDisconnected1() Handles AxMsRdpClient71.OnDisconnected Debug.WriteLine("RDPEVENT: OnDisconnected") End Sub Private Sub MyRDP_OnDisconnected1(ByVal discReason As Integer) Handles MyRDP.OnDisconnected Debug.WriteLine("RDPEVENT: OnDisconnected") End Sub Private Sub MyRDP_OnLoginComplete() Handles AxMsRdpClient71.OnLoginComplete Debug.WriteLine("RDPEVENT: OnLogonComplete") End Sub |
Now in the picture below, I’m running windows 7 and mstscax.dll contains a few controls to add. The control’s marked a distribable are for safe scripting and launch remote applications will not work, You need to use the “Microsoft RDP Client Control – version 8” without the “(redistributable)” in it’s name.
Other interesting Sources:
https://msdn.microsoft.com/en-us/library/mt787065(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/aa383464(v=vs.85).aspx