About RemoteApp and Desktop Connection Security

When a user sets up and accesses Conexão com RemoteApp e Área de Trabalho on a computer that is running Windows 7, the computer communicates with the Acesso via Web a Área de Trabalho Remota (Acesso via Web RD) server. An Acesso via Web RD server that is running Windows Server 2008 R2 is automatically configured to use Secure Sockets Layer (SSL). Therefore, the computer that is running Windows 7 must be configured to trust the certificate used by the Acesso via Web RD server.

	Importante
	An Acesso via Web RD server that is running Windows Server 2008 R2 is automatically configured to use a self-signed certificate. By default, the self-signed certificate is not trusted by Windows 7. Self-signed certificates are recommended only for testing and evaluation purposes.

To allow the Windows 7 computer to communicate with the Acesso via Web RD server, we recommend that you configure the Acesso via Web RD server to use a trusted certificate, such as a certificate issued by a trusted public certification authority (CA). For information about third-party commercial CAs that are trusted by Microsoft, see article 931125 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkID=59547). After you have obtained a trusted certificate for the Acesso via Web RD server, you must import the certificate onto the Acesso via Web RD server, and then use the Internet Information Services (IIS) Manager tool to associate the certificate with the Acesso via Web RD Web site.

For more information about Acesso via Web RD security, see https://go.microsoft.com/fwlink/?LinkId=142242.

You can configure single sign-on for Programas do RemoteApp when users access Conexão com RemoteApp e Área de Trabalho from the Start menu on a computer that is running Windows 7 or by using the Web site provided by Acesso via Web RD. After the user has provided the appropriate credentials when prompted by Windows 7 or has logged on to the Acesso via Web RD Web site, the user can run Programas do RemoteApp without having to provide credentials again within the same Conexão com RemoteApp e Área de Trabalho session.

The following are important considerations when configuring single sign-on for Conexão com RemoteApp e Área de Trabalho:

• You must sign the .rdp files for the Programas do RemoteApp with a digital certificate by using the Gerenciador de RemoteApp tool. For more information, see the Gerenciador de RemoteApp Help in Windows Server 2008 R2.
  
  
• Single sign-on can only be configured for Programas do RemoteApp. Single sign-on cannot be configured for users accessing remote desktops through Conexão com RemoteApp e Área de Trabalho.
  
  
• To use single sign-on, you must use Remote Desktop Connection (RDC) 7.0, which supports Remote Desktop Protocol (RDP) 7.0. RDC 7.0 is available in Windows 7.
  
  
• All servers should sign their .rdp files for their Programas do RemoteApp with the same certificate.
  
  
• The Agente de Conexão da ´Área de Trabalho Remota (Agente de conexão RD ) server should be configured to use the same certificate that is used by the servers.
  
  

For more information about Conexão com RemoteApp e Área de Trabalho security, see https://go.microsoft.com/fwlink/?LinkId=143454

• About Digitally Signing Files for Virtual Desktop Connections
  
  
• Configuring RemoteApp and Desktop Connection