In one of my older blogs, I was talking a lot about how and why you don’t always need to go hybrid (HAADJ). I also showed you the kind of problems you could run into. This blog will show you how to make sure your old legacy apps (which are configured as Remote Apps) can be easily deployed to your AADJ devices, so you won’t need the go Hybrid 😛

Please read my blog about HAADJ before you continue…pretty please with sugar on top

If you have been reading the blog above, you will probably have read that when a customer only has one or two legacy apps left that can’t be migrated, it can be hard to transform to a modern workplace. So what are we going to do?

As told in that blog, you could create a Remote App and publish it to your client’s devices. But how are we going to implement this? I guess there isn’t any real good documentation that people could use. I have been getting this question often. So here we go!

You have got 3 options here

  1. Configure the connection URL
  2. PowerShell User based script
  3. Download the RDP and deploy it with a Win32 App

The only thing to configure this is creating a settings catalog profile. So open Intune and create a new settings catalog and search for “remoteapp and desktop connections”

Afbeelding met tekst  Automatisch gegenereerde beschrijving

You can define the connection URL: https://portal.company.nl/RDWeb/Feedlogin/WebFeedLogin.aspx

But this policy will only work when your devices have the Windows Insider build… and I guess deploying the insider build to all your production devices could be a little bit too much.

The second option we have is to use a PowerShell script and deploy it to our devices in Intune. Only 2 prerequisites to note.

1.PowerShell must be enabled for your users ☹

2.You will need to be in the same domain as the RDWeb to work…

But looking at the information we have about SSO with AADJ devices to our on-premise environment I guess this would be no problem!

The powerShell script itself (Needs to be user-targeted and not to be run as system!)

$url = "https://portal.company.nl/RDWeb/Feed/WebFeed.aspx"

#Construct the XML file
$XML = @"
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<workspace name="Company Remote Access" xmlns="http://schemas.microsoft.com/ts/2008/09/tswcx" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<defaultFeed url="$URL" />
</workspace>
"@

#WCX file path.
$Directory = "c:webfeed"
$WCX = "webfeed.wcx";
$FullPath = ($Directory + $WCX);

#New folder.
New-Item $Directory -Type Directory -Force | Out-Null;

#Export the file.
$XML | Out-File -FilePath $FullPath -Encoding utf8 -Force | Out-Null;

#Add the web feed.
Start-Process -FilePath rundll32.exe -ArgumentList 'tsworkspace,WorkspaceSilentSetup',$($WCX).ToString() -Wait -NoNewWindow;

Please note: the example, I am using: portal.company.nl isn’t going to work as it has no valid certificate!

Afbeelding met tekst  Automatisch gegenereerde beschrijving

So please use your own valid RDWeb when you want to test out the script!

Now let’s test it on an AADJ joined device. Please make sure to test if you can download the webfeed.aspx. If it ain’t working at the first attempt try to add the RDWeb page to your local intranet site and make sure you have enabled the automatic logon verification

Afbeelding met tekst, binnen, schermafbeelding  Automatisch gegenereerde beschrijving

(of course, this can be done with a nice PowerShell script)

Now let’s fire up the PowerShell script and watch what happens

Afbeelding met tekst  Automatisch gegenereerde beschrijving

The RemoteApps are also added to your start menu

Now for the third and last option we have. Please make sure you have Installed chrome… (yeah I know… not Edge this time)

When chrome is installed browse to your RDWeb page like https://portal.company.nl/rdweb

When clicking/opening the remote app it will also download that file to your device…. And that’s exactly what you need!

Now create a new folder and place that RDP file in it and rename it to remoteapp.rdp. And if you want to make the shortcut look a little bit nicer make sure you have the ICO from the remote app and place it in the same folder

Now we have the basics in place… let’s create a simple PowerShell script and give it the name: installremoteapp.ps1

md "c:program files (x86)rdp"
copy .rdp.ico "c:program files (x86)rdprdp.ico"
copy .remoteapp.rdp "c:program files (x86)rdpremoteapp.rdp"

#Create Shortcut Desktops
if (-not (Test-Path "C:UsersPublicDesktopRemoteApp.url"))
{
$null = $WshShell = New-Object -comObject WScript.Shell
$path = "C:UsersPublicDesktopRemoteApp.url"
$targetpath = "c:program files (x86)rdpremoteapp.rdp"
$iconlocation = "c:program files (x86)rdprdp.ico"
$iconfile = "IconFile=" + $iconlocation
$Shortcut = $WshShell.CreateShortcut($path)
$Shortcut.TargetPath = $targetpath
$Shortcut.Save()

Add-Content $path "HotKey=0"
Add-Content $path "$iconfile"
Add-Content $path "IconIndex=0"
}

Looking at the script, it will first create a new folder in the program files (x86) and it will copy the 2 files (RDP and ICO) to this folder. After it has copied the 2 files it will start creating a new shortcut on the public (all users) desktop folder with the name RemoteApp.

The shortcut will be targeted to the RDP file in the program files and it will attach that nice ICO to it!. Please make sure you define the shortcut $path as.URL otherwise the ICO will not work

Now just create an intunewin file from it and deploy it to Intune.

Install: powershell.exe -executionpolicy bypass -command “& ‘.installremoteapp.ps1”

Detection rule: File Exist C:program files (x86) Folder: RDP

When you have deployed this app to Intune, on all your devices you targeted a new nice RDP icon will be available!

Moving away from your on-premise environment would mean you need to come up with a solution for your legacy apps. Creating and deploying a RemoteApp for this could be your solution.

I hope this blog showed you which options you have and how to implement them! Now pretty please move away from your on-premise environment to AADJ as soon as you can

Universal Pictures Home Entertainment GIFs - Find & Share on GIPHY

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.