Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 



Microsoft Windows 2008 has lots of new features for Terminal Services. One of these enhancements is the possibility to access the RemoteApps via a browser via the TS Web Access.

By default the only option is to display the application on the TS Web Access or not. Unfortunate the TS Web Access does not have an option to filter the display of applications based on username. The people of TS Factory also find this a pity and released a freeware utility to make filtering based on users and group access.


The RemoteApp Filter can be downloaded at the website of TSFactory as a ZIP file. This ZIP file should be unpacked in the web directory of TS Web Access, which is by default located in %systemroot%\web\ts.


In this location you now will find a file called RemoteAppFilter.config. In this file you can specify per application for which users the application should not be displayed. This can be done based on username and/or group names (active directory supported). 


            <Application name="WordPad">

                        <DenyUser name="VANBRAGT\WvB_TestUser1"/>


            <Application name="Calculator">

                        <DenyGroup name="VANBRAGT\Domain Users"/>




Secondly you need to replace the default.aspx in the root of the above mentioned folder with the file DefaultFiltered.aspx which is located within the en-US folder. This file arranges that the configuration is checked during startup of the TS Web Access website.

 Using the RemoteApp Filter

When the configuration is done the RemoteApps shortcuts are displayed for which the user or groups has no access denied specificied.


In my test environment the layout of the website has changed to a simple white interface without the fancy GUI on it. 


First of all is great to see that TSFactory picked up one of the most requested tasks after the release of TS Web Access within Windows 2008. It is a pity that the implementation is done on a denial base instead of allow based mechanism. On the forums this feature is already proposed and will be added in an upcoming release. With this addition the tool would be more useful, because a denial base is difficult to implement and maintain. 

At this moment this is the only solution for filtering applications within TS Web Access so kudos for TS Factory and hopefully they will extend the option of this utility in the near future.