How to Restrict Access to an RD Session Host Desktop for Particular Users

What is an RD Session Host Desktop?

A role in Remote Desktop Services (RDS) is Remote Desktop Session Host (RDSH). RDSH supports remotely shareable Windows desktops and session-based apps. A web client on a compatible browser and a Remote Desktop client, available for Windows, macOS, iOS, and Android devices, are options for users to access this. Users must be connected to a network to remotely access desktops or programs.

RDSH may be used for various purposes, including installing apps on a desktop from a distance. This can be helpful for businesses that, for instance, need to assist employees with installing a necessary application while working remotely.

How to Restrict Access for Particular Users with Parallels RAS

Certain deployment scenarios require connection restrictions on the end user side. For example, imagine you are using an RD Session Host Desktop to
publish data for your employees, but you want to restrict the access to a specific user, let’s say, a new employee. In this case, you can leave all the server settings
untouched and restrict only the specific user account. In addition, the restriction can also apply to user groups as well.

To restrict direct desktop access for particular users and groups, follow the steps below. 

  1. Open the Parallels RAS Console and log in to your farm.
  2. Navigate to Farm > RD Session Hosts. Right-click on the required server and click Properties. In this tutorial, we are using the LABSVR1 RD Session Host.
  3. A new window with the Server Properties will pop up. Navigate to the “Desktop Access” tab.
  4. Uncheck “Inherit default settings” and check the “Restrict direct desktop access to the following users:” box.
  5. Click “Add…” to input users and/or groups, click on “Check Names” to validate, and click “OK”. In this case, “User 2” is added.rdsessionhost
  6. The username will now be visible on the list. Click “OK” and then “Apply” on the Parallels RAS Console to save and apply your settings. 

Now “User 2” will not be able to access any published resources or desktops shared by the LABSVR1 RD Session Host. In this tutorial, you can see that another RD Session Host is set as LABSVR2. If they share the same applications, then “user 2” will be restricted to accessing only LABSVR2 published applications.

Please note that if the user added is a member of the Administrators group, this restriction will not apply to the connection.

Try Parallels RAS today with a 30-day fully-featured trial.

Download the Trial