OK, so I've found out that all the searches I've done that reference the "RemoteApp Manager" to digitally sign a RemoteApp refer to Win2008 R2; this feature does not exist in Win2012. And I have not been able to find out how to do the same in Win2012. It seems that there are GPO settings to tell the client to ignore that warning, but not a way to tell it to trust applications from a specific Session Host.
Anybody else using RemoteApps from a Win2012 RDS server? If so, how do you deal with this "untrusted publisher" aspect when running the RemoteApp from the rdweb access in a web browser? On Thu, Oct 10, 2013 at 10:19 AM, Michael Leone <[email protected]> wrote: > I have set up a Win2012 server with RDS. I have published some apps. > When access this server with a web browser and log in, and then click > on one of these RemoteApps, I get a warning: > > A website is trying yo run a RemoteApp program. The publisher of this > RemoteApp program can't be identified. > > I need to make this prompt go away. :-) > > Looking at > <http://blogs.technet.com/b/askperf/archive/2008/10/31/unknown-publisher-part-two.aspx>, > I am in scenario 3 (Server Operating System: Windows Server 2008; > Client Operating System: Windows XP or Windows Vista and you have > direct administrative control over the client machines (a.k.a an > Enterprise)). But it looks like I still have to sign the app itself, > and not just have a certificate for the RDS server itself? It's > confusing. > > Can anybody shed light? > > Do I need a cert for the RDS server (I assume for the IIS on the RDS > server)? And if so, do I then *also* need to use that same cert to > sign the app? (if so, how to sign the app?) > > And then I have to have whatever signing authority I use imported as a > trusted CA into my clients? (clients will eventually be XP and Win7, > no Vista) > > Anything else? I haven't found a step-by-step HOWTO that shows me how > to do this, and make it seamless and invisible for the end users > (yet). I do have a Linux server set up as a CA (for internal > certificate needs), so I can use this to publish a cert. I can import > the CA cert into my clients, eventually using Group Policy, or > manually for my testing machines for right now. (these apps will not > be public). > > Thanks
