Ever wanted to deliver and dynamically manage and enforce RDP files? That capability is available when you use PolicyPak. See this video to see how its done.
PolicyPak: Manage RDP – Terminal Services files using Group Policy and PolicyPak Video Transcript
Hi, everybody. This is Jeremy Moskowitz, Microsoft MVP, Enterprise Mobility and Founder of PolicyPak Software. In this video, I’m going to show you how you can deploy, manage and maintain an RDP file using Group Policy and PolicyPak.
To get started here, I’m using the “Remote Desktop Connection.” I’m creating a new blank remote desktop connection doc from scratch. I’m going to make sure that it’s empty and actually doesn’t have hardly anything already in place.
What we’ll do is we’ll just go ahead and go to “Save As.” I’m going to put it right under “SHARE.” I’ll call it “file2.rdp.” I already have a file called “file1.rdp” there. There it is: “file2.rdp.” That’s thing number one.
Thing number two is that we’re going to use Group Policy Preferences to deploy this file. We’ll “Create a GPO in this domain, and Link it here…” to our “East Sales Users.” We’ll call this “Deploy and manage RDP file using GP and PolicyPak.”
The first thing we want to do is maybe wherever our user roams to they get this RDP file. So what I’ll do is I’ll use the “Preferences,” and I’ll deliver “Files” and go to “New/File.” “Source file” is going to be – I want to make sure I get it right – it’s “\\dc share” and I’m looking for “file2.”
That’s the one I want to work on now. I want to put this on the Desktop, which in Group Policy Preferences land is the “DesktopDir.” Okay, “%DesktopDir%\file2.rdp.” Now this file is going to be copied to every East Sales User automatically. If I just run “gpupdate” – this is just Group Policy Preferences doing its thing – we’ll go ahead and see that it should deliver the setting just like that. That’s great.
Now the problem is, of course, that it’s empty and doesn’t have the configured options that we want. Even if it did, even if it was preconfigured, a user could just work around these settings, and that’s not what we want. Now is where we get to use PolicyPak to take it to the next level and modify a file once it exists on the target machine. Let’s go ahead and do that now.
Unlike other things in PolicyPak land, this does require that you use the “PolicyPak Design Studio.” This one’s a little weird because inside the Design Studio itself, you’re going to be dictating which file we’re going to manipulate. I know that’s a little weird, so stay with me.
This is the Design Studio. I’ll just go to “File/Open.” I’ll pick the RDP Pak (“RemoteDesktop”), which is downloadable inside the PolicyPak Customer Portal. It’s already done for you. All or most of the settings are already configurable and ready to go. The only thing you need to do is go to “Project Properties” in the Design Studio and change where the file is.
In this case, instead of “%desktop%” which is how PolicyPak will know to put it on the Desktop, instead of “file1” we’re going to make it “file2.rdp.” If you had it in “C:\temp\” whatever, you could do that as well. PolicyPak will modify the file after it’s already there, and we do have to dictate the file that we want to do here.
I also suggest that in your “Project name” you actually give it a nice name too like “File2.RDP on Desktop” so you know. You’ll see this inside the MMC because you can’t change the file location inside the MMC.
The next thing you will need to do is to compile your Pak. There are other videos if you need to learn more about what compiler to get and things like that. But long story short, this is a very easy step. You can see it took me two seconds to dictate what file we’re talking about and then simply recompile the Pak. You’ll do this for every RDP file you want to manage.
Once it’s done, the Pak goes to the local extensions here. This is the example version of it, but let’s go ahead now. This is pretty nice. Even in the same Group Policy Object, you can go to “PolicyPak/Applications/New/Application” and we’re looking for “PolicyPak for Remote Desktop Connection – File2.RDP on Desktop.”
Here is where you get to double click and start making your changes. If we want to make this “COMPUTER123,” that’s great. You probably want to leave the user name blank so the user puts that in themselves. You can go to “Display” and set the display here.
This area is a little weird, unfortunately, but you would select the screen resolution you want here. You can then click the slider itself and just right click and “Disable corresponding control in target application” for the actual slider.
Because in the real UI if we look at “Remote Desktop Connection” here, this particular setting – the slider – didn’t want to play real nice with PolicyPak. So we gave it its own little dropdown so you can select the dropdown for the actual thing you want to deliver. But then if you want to be hardcore, you can right click and “Disable corresponding control in target application” so users can’t work around it.
There are a lot of other things available as well. Sometimes, people don’t want “Printers” and don’t want “Clipboard” to be available. You can, again, right click and “Disable corresponding control in target application” for each of these guys. If you wanted to make the “Advanced” tab not available, just right click under the tab and “Disable whole tab in target application.”
This is PolicyPak doing what it does best, delivering settings dynamically. For instance, you might have “File2” for your lawyers and you want to configure it one way and “File2” for your IT admins and configure it another way. It’s super easy to do. As I just showed you, you simply open it up in the Design Studio and as long as it’s in the right location on everybody’s Desktop or whatever folder it’s in, it’s going to work great.
Next, you’re going to simply – just to prove I’m not pulling a fast one on you here – if we double click the file and take a look at it, you’ll see that it’s not configured yet. We’ll now go ahead and run “gpupdate” on this machine. We’ll wait for the signal to come down.
If you were logging on for the first time – I’ve tested this – it will copy the file down using Group Policy Preferences first and automatically modify it in the same Group Policy Object with PolicyPak. So you can have one GPO that will do this one wish, which is kind of nice.
Now let’s take a look and see if it worked. We’ll go ahead and double click “file2,” and you can see that it’s already configured for “COMPUTER123.” It already did what we wanted to do right there. If we click “Connect,” it’s not going to work. I don’t have a “COMPUTER123.”
But what we can do instead is go to the “Remote Desktop Connection” and “Open” it. This is kind of like File/Open. I’m going over to that document, and you can see it has delivered “COMPUTER123” in. It has delivered in the “Display” configuration we want. The “Local Resources,” we said we wanted “Printers” and “Clipboard” unchecked, and “Advanced” is not available because I made it unavailable.
If you want to dynamically change this later from “COMPUTER123” to “COMPUTER456,” it’s super easy to do back in the Group Policy Object, “COMPUTER456.” And you wanted to make the “Printers” suddenly available, that’s totally fine. We’ll go ahead and run “gpupdate” again, and we’ll see that PolicyPak is dynamically delivering it.
The reason why this one is a little weird is, once again, the Design Studio must be used to specify the file inside the Design Studio. That’s the only trick about this guy. But if we take a look at what has happened here, “COMPUTER456,” that’s the change. It did it right there. If we were to look at “Remote Desktop Connection” and go to “Open” and take a look at the “file2” again, there’s “COMPUTER456.” We can see that “Printers” is delivered where it wasn’t before.
That’s it. I hope that gives you enough to go on. If you have any questions, please post your questions in the support forum.
Thanks so much, and we’ll talk to you soon.