Module 3 – Remote Desktop Gateway Estimated Time: 90 minutes A. Datum Corporation provided access to web intranet web applications by implementing Web Application Proxy. Now, IT management also wants to enable access to some of the internal desktop applications by leveraging capabilities of Windows Server 2016-based Remote Desktop Services (RDS). Your intention is to also take advantage of the existing Web Application Proxy deployment to provide a single, tightly controlled point of entry from Internet to your internal network. Objectives After completing this lab, students will be able to: • Implement Remote Desktop Services. • Publish Remote Desktop Gateway via Web Application Proxy Lab environment In general, you should avoid using AD domain controllers to host PKI roles. We are not following this approach in the lab strictly in order to optimize use of lab VMs. The process of deploying and configuring a Certification Authority server would be identical when using a domain member server. The lab consists of the following computers: • LON-DC1 (172.16.0.10) – a Windows Server 2016 domain controller in the adatum.com single- domain forest. You will use it to host the Enterprise Certification Authority. In general, you should avoid using AD domain controllers to host PKI roles. We are not following this approach in the lab strictly in order to optimize use of lab VMs. The process of deploying and configuring a Certification Authority server would be identical when using a domain member server. • LON-SVR1 (172.16.0.11) – a Windows Server 2016 domain member server with Remote Server Administrative tools installed. This server will host the Active Directory Federation Services server role • LON-SVR2 (172.16.0.12) – a Windows Server 2016 domain member server with Remote Server Administrative tools installed. This server will host the Web Application Proxy role service and will function as a Certificate Revocation List (CRL) Distribution Point for external clients. • LON-SVR4 (172.16.0.14) – a Windows Server 2016 domain member server with Remote Server Administrative tools installed. This will be used to host a single node Remote Desktop Services deployment, including the Remote Desktop Session Host, Remote Desktop Connection Broker, Remote Desktop Web Access and Remote Desktop Gateway role services. • LON-CL1 (172.16.0.101)– a Windows 10 Pro or Enterprise version 1607 (or newer) domain member computer All computers have Windows PowerShell Remoting enabled.
13
Embed
Module 3 – Remote Desktop Gateway - edXMicrosoft+INF218x+4T2017+type@... · Module 3 – Remote Desktop ... single, tightly controlled point of entry from Internet to your internal
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Module 3 – Remote Desktop Gateway
Estimated Time: 90 minutes
A. Datum Corporation provided access to web intranet web applications by implementing Web Application Proxy. Now, IT management also wants to enable access to some of the internal desktop applications by leveraging capabilities of Windows Server 2016-based Remote Desktop Services (RDS). Your intention is to also take advantage of the existing Web Application Proxy deployment to provide a single, tightly controlled point of entry from Internet to your internal network.
Objectives
After completing this lab, students will be able to:
• Implement Remote Desktop Services.
• Publish Remote Desktop Gateway via Web Application Proxy
Lab environment
In general, you should avoid using AD domain controllers to host PKI roles. We are not following this
approach in the lab strictly in order to optimize use of lab VMs. The process of deploying and configuring a
Certification Authority server would be identical when using a domain member server.
The lab consists of the following computers:
• LON-DC1 (172.16.0.10) – a Windows Server 2016 domain controller in the adatum.com single-
domain forest. You will use it to host the Enterprise Certification Authority.
In general, you should avoid using AD domain controllers to host PKI roles. We are not following
this approach in the lab strictly in order to optimize use of lab VMs. The process of deploying and
configuring a Certification Authority server would be identical when using a domain member server.
• LON-SVR1 (172.16.0.11) – a Windows Server 2016 domain member server with Remote Server
Administrative tools installed. This server will host the Active Directory Federation Services
server role
• LON-SVR2 (172.16.0.12) – a Windows Server 2016 domain member server with Remote Server
Administrative tools installed. This server will host the Web Application Proxy role service and
will function as a Certificate Revocation List (CRL) Distribution Point for external clients.
• LON-SVR4 (172.16.0.14) – a Windows Server 2016 domain member server with Remote Server
Administrative tools installed. This will be used to host a single node Remote Desktop Services
deployment, including the Remote Desktop Session Host, Remote Desktop Connection Broker,
Remote Desktop Web Access and Remote Desktop Gateway role services.
• LON-CL1 (172.16.0.101)– a Windows 10 Pro or Enterprise version 1607 (or newer) domain
member computer
All computers have Windows PowerShell Remoting enabled.
Exercise 1: Implement Remote Desktop Services.
In this exercise, you will step through installing and Configuring Remote Desktop Services in a Windows Server 2016 environment. The main tasks for this exercise are as follows:
1. Create RDS Quick Start deployment on LON-SVR4 2. Configure DNS on LON-DC1 3. Install the RD Gateway and RD Licensing role service on LON-SVR4 4. Publish updated Certificate Revocation List (CRL). 5. Enroll LON-SVR4 for a certificate issued by Enterprise CA 6. Configure certificates settings of the RDS deployment on LON-SVR4 7. Review RD Gateway Connection Authorization Policies (CAP) and Resource Authorization Policies (RAP) on LON-SVR4 8. Create a relying party trust for RD Gateway/Web Access Servers on LON-SVR1 9. Install RDS certificate on LON-SVR2 10. Publish the RDS Deployment via Web Application Proxy on LON-SVR2
Task 1: Create RDS Quick Start deployment on LON-SVR4
1. Sign in to the LON-SVR4 Windows Server 2016 lab virtual machine with the following credentials:
• USERNAME: ADATUM\Administrator
• PASSWORD: Pa55w.rd
2. Click Start and click Server Manager.
3. In Server Manager, in the Manage menu, click Add Roles and Features. This will start the Add Roles
and Features Wizard.
4. On the Before you begin page, click Next.
5. On the Select installation type page, select the Remote Desktop Services installation option and click
Next.
6. On the Select deployment type page, select the Quick Start option and click Next.
Quick Start deployment is intended for lab and proof of concept scenarios. It automatically deploys
RD Web Access, RD Connection Broker, and RD Session Host or RD Virtualization Host (depending
on your choice) on the same server. If you choose the RD Session Host option, it also automatically
configures a QuickStartCollection consisting of three RemoteApp programs (Calculator, Paint, and
WordPad).
7. On the Select deployment scenario page, select the Session-based desktop deployment and click
Next.
8. On the Select a server page, ensure that LON-SVR4 appears in the Selected section and click Next.
If you receive an error message at this point regarding PowerShell Remoting not being enabled,
restart the Add Roles and Features Wizard.
9. On the Confirm selections page, select the checkbox Restart the destination server automatically if
required and click Deploy. Wait for the server to restart.
The Remote Desktop Services installation can take up to 15 minutes.
10. Once the server has restarted, sign back in to the LON-SVR4 Windows Server 2016 lab virtual
machine with the following credentials:
• USERNAME: ADATUM\Administrator
• PASSWORD: Pa55w.rd
11. If the installation does not automatically restart, repeat steps 3-10.
12. Wait for the installation to complete and, in the Add Roles and Features Wizard window, click Close.
Task 2: Configure DNS on LON-DC1
1. Sign in to the LON-DC1 Windows Server 2016 lab virtual machine with the following credentials:
• USERNAME: ADATUM\Administrator
• PASSWORD: Pa55w.rd
2. Click Start and, in the Start menu, click Server Manager. In Server Manager, click Tools and then
click DNS.
3. In the DNS Manager console, navigate to the Adatum.com zone.
4. Right-click Adatum.com and, in the right-click menu, click New Host (A or AAAA).
5. In the New Host dialog box, type the following and click Add Host:
• Name: rds
• IP address: 172.16.0.14
6. In the DNS dialog box, click OK.
7. In the New Host dialog box, click Done.
Task 3: Install the RD Gateway and RD Licensing role service on LON-SVR4
1. On LON-SVR4, in Server Manager, in the left window pane, click Remote Desktop Services.
2. On the Overview page, verify that the current deployment includes RD Web Access, RD Connection
Broker, and RD Session Host role services, all residing on LON-SVR4.
3. Click the plus sign above the RD Gateway label. This will start the Add RD Gateway Servers wizard.
4. On the Server Selection page, ensure that LON-SVR4.adatum.com is selected in Server Pool on the
left-hand side of the window, click the right-pointing arrow head to add it to the Selected servers,
and click Next.
5. On the SSL Certificate Name page, in the SSL certificate name textbox, type rds.adatum.com and
click Next.
You will replace this certificate with a certificate issued by your Enterprise CA later in this lab. In
non-lab scenarios, you would use for this purpose a certificate issued by a public CA.
6. On the Confirmation page, click Add.
7. Wait till the operation completes and, on the Results page, click Close.
8. On the Overview page, click the plus sign above the RD Licensing label. This will start the Add RD
Licensing Servers wizard.
9. On the Server Selection page, ensure that LON-SVR4.adatum.com is selected in Server Pool on the
left-hand side of the window, click the right-pointing arrow head to add it to the Selected servers,
and click Next.
10. On the Confirmation page, click Add.
11. Wait till the operation completes and, on the Results page, click Close.
Task 4: Publish updated Certificate Revocation List (CRL)
1. From the LON-DC1 Windows Server 2016 lab virtual machine, in Server Manager, click Tools and, in
the Tools menu, start Certification Authority console.
You need to update Certificate Revocation List (CRL) Distribution Point (DP) in order to be able to
successfully enroll LON-SVR4 for a certificate issued by the Adatum CA in the next task.
2. In the Certification Authority console, expand the adatum-root-CA node, right-click Revoked
Certificates folder, click All Tasks and click Publish.
3. In the Publish CRL dialog box, accept the default setting and click OK.
Task 5: Enroll LON-SVR4 for a certificate issued by Enterprise CA
1. While signed in to LON-SVR4 as ADATUM\Administrator, click Start, right-click Windows
PowerShell, in the right click menu, click More and then click Run as administrator.
2. From the Administrator: Windows PowerShell window, type the following and press Enter:
certlm
This will open the Microsoft Management Console (MMC) with the Certificates - Local Computer
snap-in loaded.
3. Expand the Certificates – Local Computer top level node, expand the Personal folder, right-click the
Certificates folder, click All Tasks, and click Request New Certificate. This will start the Certificate
Enrollment wizard.
4. On the Before You Begin page, click Next.
5. On the Select Certificate Enrollment Policy page, ensure that Active Directory Enrollment Policy is
selected and click Next.
6. On the Request Certificates page, select the checkbox next to the Adatum Web Server certificate,
click Details to view properties of the certificate, and click Properties.
7. In the Certificate properties window, on the Subject tab, in the Subject name section, in the Type
drop-down list, click Common name, in the Value text box, type rds.adatum.com, and click Add.
8. In the Alternative name section, in the Type drop-down list, click DNS and, add the following names
by typing them in the Value text box and clicking Add each time:
• rds.adatum.com
• LON-SVR4.adatum.com
9. Click the Private Key tab.
10. Under Key options, ensure the Make private key exportable option is checked and click OK.
11. Back on the Request Certificates wizard page, ensure the checkbox for the template is checked and
click Enroll.
12. On the Certificate Installation Results page, click Finish.
Now, you will export the private key of the newly issued certificate. You will use it to configure the
RDS deployment and to configure the Web Application Proxy on LON-SVR2
13. Back in the Certificates console, in the Personal\Certificates folder, right-click rds.adatum.com entry
issued by adatum-root-CA, in the right-click menu, click All Tasks and then click Export. This will
start the Certificate Export Wizard.
Make sure to use the certificate issued by Adatum-root-CA – not the self-signed certificate you
generated in the previous task.
14. On the Welcome to the Certificate Export Wizard page, click Next.
15. On the Export Private Key page, click the Yes, export the private key option and click Next.
16. On the Export File Format page, click Next.
17. On the Security page, click the Password checkbox and then, type in Pa55w.rd in the Password and
Confirm password text boxes.
18. On the File to Export page, type C:\rds.adatum.com.pfx and click Next.
19. On the Completing the Certificate Export Wizard page, click Finish.
20. In the Certificate Export Wizard dialog box, click OK.
Task 6: Configure certificates settings of the RDS deployment on LON-SVR4
1. On LON-SVR4, in Server Manager, on the Remote Desktop Services page, click Collections.
2. On the Collections page, click Tasks in the upper right corner and, in the drop-down menu, click
Edit Deployment Properties. This will open the Deployment Properties window.
3. In the Deployment Properties window, click Certificates.
4. Make sure that the RD Connection Broker – Enable Single Sign On entry is selected and click Select
existing certificate.
5. In the Select Existing Certificate window, ensure that the Choose a different certificate option is
selected, click Browse, in the Open dialog box, navigate to the root of the C: drive, click
rds.adatum.com.pfx, and click Open.
6. In the Password textbox, type Pa55w.rd, select the checkbox Allow the certificate to be added to the
Trusted Root Certification Authorities certificate store on the destination computers and click OK.
7. Back on the Manage certificates page of the Configure the deployment window, click Apply.
Now you will repeat the same steps for the other role services
8. Make sure that the RD Connection Broker – Publishing entry is selected and click Select existing
certificate.
9. In the Select Existing Certificate window, ensure that the Choose a different certificate option is
selected, click Browse, in the Open dialog box, navigate to the root of the C: drive, click
rds.adatum.com.pfx, and click Open.
10. In the Password textbox, type Pa55w.rd, select the checkbox Allow the certificate to be added to the
Trusted Root Certification Authorities certificate store on the destination computers and click OK.
11. Back on the Manage certificates page of the Configure the deployment window, click Apply.
12. Make sure that the RD Web Access entry is selected and click Select existing certificate.
13. In the Select Existing Certificate window, ensure that the Choose a different certificate option is
selected, click Browse, in the Open dialog box, navigate to the root of the C: drive, click
rds.adatum.com.pfx, and click Open.
14. In the Password textbox, type Pa55w.rd, select the checkbox Allow the certificate to be added to the
Trusted Root Certification Authorities certificate store on the destination computers and click OK.
15. Back on the Manage certificates page of the Configure the deployment window, click Apply.
16. Make sure that the RD Gateway entry is selected and click Select existing certificate.
17. In the Select Existing Certificate window, ensure that the Choose a different certificate option is
selected, click Browse, in the Open dialog box, navigate to the root of the C: drive, click
rds.adatum.com.pfx, and click Open.
18. In the Password textbox, type Pa55w.rd, select the checkbox Allow the certificate to be added to the
Trusted Root Certification Authorities certificate store on the destination computers and click OK.
19. Back on the Manage certificates page of the Configure the deployment window, click Apply.
20. Click OK.
Task 7: Review RD Gateway CAP and RAP on LON-SVR4
1. On LON-SVR4, in Server Manager, click Tools, in the drop-down menu, click Remote Desktop
Services, and then click Remote Desktop Gateway Manager.
2. In the Remote Desktop Gateway Manager console, expand the LON-SVR4 (Local) node, expand the
Policies subfolder, and then click the Connection Authorization Policies subfolder.
3. Double-click the default RDG_CAP_AllUsers connection authorization policy.
4. In the RDG_CAP_AllUsers window, click the Requirements tab and verify that Password-based
Windows authentication method is enabled, and that connecting users must be members of the
ADATUM\Domain Users group.
5. In the RDG_CAP_AllUsers window, click the Device Redirection tab, and review the Disable device
redirection for the following client device types settings.
6. In the Remote Desktop Gateway Manager console, click the Resource Authorization Policies
subfolder.
7. Double-click the default RDG_AllDomainComputers resource authorization policy.
8. In the RDG_AllDomainComputers window, click the User Groups tab and verify that members of the
ADATUM\Domain Users group can connect through RD Gateway to network resources defined in
this policy.
9. In the RDG_AllDomainComputers window, click the Network Resource tab and verify that members
of the ADATUM\Domain Computers group are accessible through the RD Gateway.
10. Click OK to close the RDG_AllDomainComputers window.
11. Double-click the default RDG_RDConnectionBrokers resource authorization policy.
12. In the RDG_RDConnectionBrokers window, click the User Groups tab and verify that members of
the ADATUM\Domain Users group can connect through RD Gateway to network resources defined
in this policy.
13. In the RDG_RDConnectionBrokers window, click the Network Resource tab and verify that members
of the RDG_RDBCComputers group are accessible through the RD Gateway. This group currently
includes only LON-SVR4.
14. Click OK to close the RDG_RDConnectionBrokers window.
Task 8: Create a relying party trust for RD Gateway/Web Access Servers on
LON-SVR1
1. Switch to the console session on LON-SVR1 Windows Server 2016 lab virtual machine and verify that
you are signed in as ADATUM\Administrator. If not, sign out and sign back in with the following
credentials:
• USERNAME: ADATUM\Administrator
• PASSWORD: Pa55w.rd
2. Click Start and then click Server Manager. In Server Manager, click Tools and, in the drop-down
menu, click AD FS Management.
3. In the AD FS Management console, click the Relying Party Trusts folder.
4. In the Actions pane, click Add Relying Party Trust. This will start Add Relying Party Trust Wizard.
5. On the Welcome to the Add Relying Party Trust Wizard page, ensure that the Claims aware option
is selected and click Start.
6. On the Select Data Source page, select the Enter data about the relying party manually option and
click Next.
7. On the Specify Display Name page, in the Display name text box, type Adatum RDS Deployment
and click Next.
8. On the Configure Certificate page, click Next.
9. On the Configure URL page, click Next.
10. On the Configure Identifiers page, in the Relying party trust identifier text box, type
https://rds.adatum.com/, click Add and click Next.
11. On the Choose Access Control Policy page, accept the default settings and click Next.
12. On the Ready to Add Trust page, click Next.
13. On the Finish page, uncheck the Configure claims issuance policy for this application checkbox and
click Close.
Task 9: Install RDS certificate on LON-SVR2
1. Switch to the console session on LON-SVR2 Windows Server 2016 lab virtual machine and verify
that you are signed in as ADATUM\Administrator. If not, sign out and sign back in with the
following credentials:
• USERNAME: ADATUM\Administrator
• PASSWORD: Pa55w.rd
2. Right-click Start and, in the right-click menu, click Command Prompt (Admin).
3. From the Administrator: Command Prompt window, run the following:
robocopy \\172.16.0.14\c$ c:\ rds.adatum.com.pfx
In real-life scenarios, you would copy the certificate via a removable media.
4. From the Administrator: Command Prompt window, run the following:
certlm
This will open the Certificates – Local Computer console.
5. Expand the Certificates – Local Computer top level node, right-click the Personal folder, click All
Tasks, and click Import. This will start the Certificate Import Wizard.
6. On the Welcome to the Certificate Import Wizard page, click Next
7. On the File to Import page, click Browse…
8. In the Open dialog box, switch the filter to Personal Information Exchange (*.pfx), browse to the
root of C:, click rds.adatum.com.pfx, and click Open.
9. Back on the File to import page, click Next.
10. On the Private key protection page, in the Password text box, type Pa55w.rd and click Next.
11. On the Certificate Store page, accept the default setting and click Next.
12. On the Completing the Certificate Import Wizard page, click Finish.
13. In the Certificate Import Wizard dialog box, click OK.
Task 10: Publish the RDS Deployment via Web Application Proxy on LON-
SVR2
1. On LON-SVR2, in Server Manager, click Tools and, in the drop-down menu, click Remote Access
Management.
2. In the Remote Access Management console click Publish in the Tasks pane. This will start the
Publish New Application Wizard.
3. On the Welcome page, click Next.
4. On the Preauthentication page, ensure that Active Directory Federation Services (AD FS) option is
selected and click Next.
5. On the Supported Clients page, ensure that the Web and MSOFBA option is selected and click
Next.
6. On the Relying Party page, click Adatum RDS Deployment and click Next.
7. On the Publishing Settings page, set Name to Adatum RDS Deployment, set External URL to
https://rds.adatum.com/, accept the default setting for the Backend server URL (matching the
External URL), in the External certificate drop-down menu, select the rds.adatum.com certificate,
and click Next.
8. On the Confirmation page, click Publish
9. On the Results page, click Close.
10. While signed in to LON-SVR2 as ADATUM\Administrator, click Start, right-click Windows
PowerShell, in the right click menu, click More and then click Run as administrator.
11. From the Administrator: Windows PowerShell window, type the following and press Enter:
This assigns a custom property to the session collection named QuickSessionCollection in order to
allow RD Gateway to retrieve the AD FS edge token.
Results: After completing this exercise, you will have implemented AD FS and Web Application Proxy, created
and configured an RDS deployment, and published RD Web Access and RD Gateway by using AD FS pre-
authentication.
Exercise 2: Validate the RD Gateway-based access
Now that you have implemented a Remote Desktop Services deployment, you need to verify that both external and internal users can access the RDS-published apps. The main tasks for this exercise are as follows:
1. Test use of published RDS apps access from an external client 2. Test use of published RDS apps access from an internal client
Task 1: Test use of published RDS apps access from an external client
You will emulate scenario that involves an external client by using LON-CL1 that has been removed
from the domain in the Web Application Proxy lab of this course. At that time, the DNS settings of
LON-CL1 has been modified in order to prevent its communication with LON-DC1. Note that LON-
CL1 has also been configured to trust the CA that issued the AD FS/WAP and RDS certificates by
adding the adatum-root-CA certificate to its Trusted Root Certification Authorities certificate store.
In addition, LON-CL1 can reach the CRL distribution point of the adatum-root-CA Certification
Authority, since that distribution point has been set up on LON-SVR2, which functions as the Web
Application Proxy.
1. Sign in to the LON-CL1 Windows 10 lab virtual machine using the following credentials:
• USERNAME: Administrator
• PASSWORD: Pa55w.rd
2. On LON-CL1, right-click Start and, in the right-click menu, click Command Prompt (Admin).
3. From the Administrator: Command Prompt window, run the following:
certlm
4. In the Certificates – Local Computer top level node, expand the Trusted Root Certification
Authorities folder, click the Certificates folder, and verify that it includes the adatum-root-CA entry.
5. From the Administrator: Command Prompt window, run the following:
Notepad c:\Windows\system32\drivers\etc\hosts
6. In Notepad, add to entries to the hosts file representing the external IP address of the Web
Application Proxy, the Adatum CA CRL Distribution Point, and the published Adatum RDS
deployment.
172.16.0.12 adfs.adatum.com
172.16.0.12 cdp.adatum.com
172.16.0.12 rds.adatum.com
Note that, in real-live scenarios, we would rely on the name resolution of a DNS server that the
client computer is using. Such DNS server should be able to resolve Internet-accessible names in
the externally hosted adatum.com DNS namespace to their corresponding public IP addresses.
7. Save your changes and close Notepad.
8. From the Administrator: Command Prompt window, run the following:
ncpa.cpl
9. In the Network Connections window, right-click the Ethernet connection and click Properties.
10. In the Ethernet Properties window, click Internet Protocol Version 4 (TCP/IPv4) and click Properties.
11. Verify that the entry in the Preferred DNS server is blank and click OK.
12. Back in the Ethernet Properties window, click Close.
13. Start Internet Explorer (you will find it in the Accessories folder in the Start menu) and browse to
https://rds.adatum.com/RDWeb/
14. On the Adatum Federation Service page, specify the following credentials and click Sign in:
• ADATUM\Administrator
• Pa55w.rd
15. If prompted with the message Would you like to store your password for adatum.com, click Not for
this site.
16. When prompted with the message This webpage wants to run the following add-on: ‘Microsoft
Remote Desktop Services Web Access Control’ from ‘Microsoft Corporation’, click Allow and then
click Allow for all websites.
This add-on is critical for minimizing number of authentication prompts.
17. On the Work Resources RemoteApp and Desktop Connection page, in the Domain\user name text
box, type ADATUM\Administrator, in the Password text box, type Pa55w.rd, in the Security section,
click This is a private computer, and click Sign in.
18. When prompted with the message Would you like to store your password for adatum.com, click
Not for this site.
19. On the RemoteApp and Desktops tab of the Work Resources RemoteApp and Desktop Connection
page, click WordPad.
20. If prompted, in the RemoteApp dialog box, click Don’t ask me again for remote connections from
this publisher and click Connect.
21. Verify that the application launches successfully.
Note that the application might appear minimized as an icon in the Taskbar. If so, click it to display
WordPad window.
Task 2: Test use of published RDS apps access from an internal client
Now you will add LON-CL1 back to the domain to test the use of published RDS from an internal
network.
1. While signed to LON-CL1 Windows 10 lab virtual machine as LON-CL1\Administrator with the
password Pa55word, from the Administrator: Command Prompt window, run the following:
Notepad c:\Windows\system32\drivers\etc\hosts
2. In Notepad, comment out entries in the hosts file representing the external IP address of the Web
Application Proxy, the published web application, and the Adatum CA CRL Distribution Point by
placing hash sign in front of each:
# 172.16.0.12 adfs.adatum.com
# 172.16.0.12 cdp.adatum.com
# 172.16.0.12 rds.adatum.com
3. Save your changes and close Notepad.
4. From the Administrator: Command Prompt window, run the following:
ncpa.cpl
5. In the Network Connections window, right-click the Ethernet connection and click Properties.
6. In the Ethernet Properties window, click Internet Protocol Version 4 (TCP/IPv4) and click Properties.
7. Set the Preferred DNS server to 172.16.0.10 and click OK.
8. Back in the Ethernet Properties window, click Close.
9. Right-click the Start button, and then click System.
10. In the System window, click Advanced system settings, and then click the Computer Name tab.
11. On the Computer Name tab, click the Change button.
12. In the Computer Name/Domain Changes dialog box, click Domain, in the Domain box, type
adatum.com, and then click OK.
13. In the Computer Name/Domain Changes dialog box, in the User name text box, type
ADATUM\Administrator, in the Password text box, type Pa55w.rd, and click OK.
14. In the Welcome to the adatum domain dialog box, click OK.
15. To restart the computer, click OK.
16. To close the System Properties dialog box, click Close.
17. Click Restart Now, and then wait for the computer to restart.
18. Once LON-CL1 restarts, sign in using the following credentials:
• USERNAME: ADATUM\Administrator
• PASSWORD: Pa55w.rd
19. Start Internet Explorer.
20. In the Internet Explorer, add https://*. adatum.com to the Local intranet zone
21. Next, browse to https://rds.adatum.com/RDWeb/
22. On the Work Resources RemoteApp and Desktop Connection page, in the Domain\user name text
box, type ADATUM\Administrator, in the Password text box, type Pa55w.rd, in the Security section,
click This is a private computer, and click Sign in.
23. When prompted with the message Would you like to store your password for adatum.com, click
Not for this site.
24. If prompted with the message This webpage wants to run the following add-on: ‘Microsoft Remote
Desktop Services Web Access Control’ from ‘Microsoft Corporation’, click Allow and then click Allow
for all websites
25. On the RemoteApp and Desktops tab of the Work Resources RemoteApp and Desktop Connection
page, click WordPad.
26. If prompted, in the RemoteApp dialog box, click Don’t ask me again for remote connections from
this publisher and click Connect.
27. Verify that the application launches successfully.
Results: After completing this exercise, you will have tested access from to RD Web Access published apps