The Remote Server Administration Tools (RSAT) enables the IT administrator to remotely manage the (local) domain with tools like “Active Directory Users and Computers”, “DNS” and “Group Policy Management”. You can install RSAT locally on a Windows device, but to use the tools, you still need to be connected to the local network or, if you are working remotely, setup a VPN connection first.
With Windows Virtual Desktop (WVD) you can easily publish all the Remote Server Administration Tools. This will give the IT administrator the flexibility to use the tools from any location without the need to setup a VPN connection first. With the Remote Desktop client, the Remote Server Administration Tools even integrate with the local Start Menu on Windows 10 devices.
In this blog I will show you how to publish the most common Remote Server Administration Tools, the most Tools are pretty straight forwards, but some tools needs a workaround to get them working properly.
Step 1 – Install the Remote Server Administration Tools on a Windows 10 Host pool
I have created a Windows Virtual Desktop Host pool specially for IT Administrator in my environment that contains only one VM. If you want deploy multiple VMs with RSAT installed on it, you can consider to install the RSAT in a managed image for easy deployment via the Shared Image Gallery (SIG).
For now, I will install RSAT directly on the VM. Login as Administrator to the Windows 10 (Multi-Session) VM to install RSAT.
Open Settings and click Apps
Click Optional features
Click Add a feature
When you scroll down you can find all the RSATs that can be installed on this VM.
Select the RSAT you want and click Install
After the installation is complete you can find the tools in the Windows Administrative Tools folder.
Step 2 – Create an Application group and publish the Windows Administrative Tools
How that all the Windows Administrative Tools are installed within the Windows Virtual Desktop Host pool, we can publish them. Login to the Microsoft Azure Portal and go to Windows Virtual Desktop.
Open the Application groups blade and click + Add
Select your Subscription and the Resource group you want to use. Next, select the Host pool where the Windows Administration Tools are installed on. Select RemoteApp as Application group type and give this Application group a name (in my case I will give it the name RSAT).
Click Next: Assignments
Select the Azure AD Security group to assign this WVD Application Group and click Next: Applications
Click + Add applications. As Application source, select File path
I have created the list below for the most common Windows Administrative Tools with the information on how to publish them.
Active Directory Administrative Center
Application path : C:\windows\system32\dsac.exe
Application name : Active Directory Administrative Center
Icon path : C:\windows\system32\dsacn.dll
Icon index : 0
Required command line : No
Active Directory Domains and Trusts
Application path : c:\windows\system32\domain.msc
Application name : Active Directory Domains and Trusts
Icon path : c:\windows\system32\domadmin.dll
Icon index : 0
Required command line : No
Active Directory Module for Windows PowerShell
Application path : c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
Application name : Active Directory Module for Windows PowerShell
Icon path : c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
Icon index : 0
Required command line : Yes
Command Line : -noexit -command import-module ActiveDirectory
Active Directory Sites and Services
Application path : c:\windows\system32\dssite.msc
Application name : Active Directory Sites and Services
Icon path : c:\windows\system32\dsadmin.dll
Icon index : 2
Required command line : No
Active Directory Users and Computers
Application path : c:\windows\system32\dsa.msc
Application name : Active Directory Users and Computers
Icon path : c:\windows\system32\dsadmin.dll
Icon index : 0
Required command line : No
ADSI Edit
Application path : c:\windows\system32\adsiedit.msc
Application name : ADSI Edit
Icon path : c:\windows\system32\adsiedit.dll
Icon index : 0
Required command line : No
DHCP
Application path : c:\windows\system32\dhcpmgmt.msc
Application name : DHCP
Icon path : c:\windows\system32\dhcpsnap.dll
Icon index : 0
Required command line : No
DNS
Application path : c:\windows\system32\mmc.exe
Application name : DNS
Icon path : c:\windows\system32\dnsmgr.dll
Icon index : 0
Required command line : Yes
Command Line : c:\windows\system32\dnsmgmt.msc
The Group Policy Management application is a little different. I had some challenges publishing this application. First it shows an elevation prompt, secondly it was only displaying the MMC console, even the parameters were configured. I tried a VBS script (that worked), but then you have to put that script on the server (or your image) with which you are not flexible. So I tried it with a command line without a script and without a DOS box / dialog that was displayed in the background. With the following settings I got this one working:
Group Policy Management
Application path : c:\windows\system32\cmd.exe
Application name : Group Policy Management
Icon path : c:\windows\system32\gpoadmin.dll
Icon index : 0
Required command line : Yes
Command Line : /c start “” “c:\windows\system32\mmc.exe” c:\windows\system32\gpmc.msc
After you have added all the applications, click Next: Workspace
Select Yes to register this Application Group to a Workspace, select the Workspace and click Review + create
Click Create
Now when you refresh your Remote Desktop client you will see the new RSAT applications appear.