Enabling TLS 1.2 On Windows Server Essentials
The latest release of WSE RemoteApp (Version 1.255.1836.0 or greater) now allows you to enable TLS 1.2 on Windows Server Essentials, while disabling TLS 1.0 and TLS 1.1, in order to enhance the security of SSL connections made with the server, and to comply with the latest compliance standards for the Federal Risk and Authorization Management Program (FedRAMP). It has long been thought that TLS 1.0 could not be disabled on an Essentials server since it is required for client-to-server communications (such as client computer backups, connecting client computers to the server via http://<YourServerName>/connect, etc.). However, it has recently been brought to my attention that this actually can be achieved when specific .NET Framework security settings are added to both the server and to ALL of your client computers. With TLS 1.2 enabled, and TLS 1.0 and TLS 1.1 disabled, you will be able to obtain an A+ grade (as of this writing), from the SSL Labs SSL Server Test site for your Essentials server’s built-in Remote Web Access websites.
Adding Desktops To The RADC Web Feed
The latest release of WSE RemoteApp (Version 1.255.1811.0 or greater) now allows you to add Desktops (i.e. Computers) to its RADC web feed so that you can access them directly from your favorite RADC web feed client instead of having to always sign in to the Essentials server’s built-in Remote Web Access (RWA) website. The new feature works great from the native RemoteApp and Desktop Connections applet in Windows, and from all of the free Microsoft Remote Desktop client apps for Mac, iOS, Android, and Windows (it even works from the Remote Desktop web client with a bit of persuasion). Continue reading for details on how to enable this feature.
Installing Windows Server Essentials Experience On Windows Server 2019 / 2022 / 2025
As mentioned in my previous post, Microsoft has completely removed the Windows Server Essentials Experience (WSEE) server role from Windows Server 2019. However, since the entire Windows Server Essentials Experience is basically just an elaborate .NET application that is installed on top of the Windows Server operating system (and not some tightly integrated system component of the OS itself), it can quite readily be installed onto Windows Server 2019 and beyond.
Windows Server 2019 Essentials – end of an era!
On September 5, 2018 the Microsoft Windows Server Team announced via the Windows Server Blog that they are killing off Windows Server Essentials as it currently exists today:
Windows Server 2019 Essentials update
While Microsoft will still be releasing an “Essentials” SKU for Windows Server 2019, it will be completely devoid of everything that we recognize as being part of Windows Server Essentials in its current form. Small Business Server MVP Robert Pearman summarizes the upcoming release of Windows Server 2019 Essentials as follows:
Connecting From Your Favorite Web Browser
I’m pleased to announce that WSE RemoteApp (Version 1.255.1575.0 or greater) now includes support for setting up and accessing Microsoft’s newly released Remote Desktop web client from within the product’s existing RADC web feed feature.
The Remote Desktop web client allows your end users to connect to WSE RemoteApp through a compatible HTML5-based web browser (Chrome, Firefox, Safari, Edge, Internet Explorer 11, etc.) without the need to install or set up additional RADC client software on their computers and devices. This provides a consistent experience across computers and devices, minimizes installation or maintenance costs, and provides quick and easy access from kiosks and other non-personal computers and devices.
WSE RemoteApp takes care of all the hard work of installing, configuring, and updating the web client for you. Enabling the web client only takes a few minutes, and once enabled, you can have your end users browse to the server’s Remote Desktop web client URL from a compatible web browser that’s installed on their computer or device in order to connect to WSE RemoteApp.
How To Manually Set Up A Custom / Vanity Domain Name In Windows Server Essentials
Let me start off by saying that I typically recommend folks use a Microsoft personalized domain name (e.g. YourDomainPrefix.remotewebaccess.com) when setting up Anywhere Access / Remote Web Access on their Essentials server. The reason for this is that the domain name, the dynamic DNS update service, and the trusted SSL certificate are all automatically set up and managed for you by the Essentials server completely free of any charge or hassle. If you would rather take this much more convenient route instead, then see the following links for instructions on how to set up a Microsoft personalized domain name on your Essentials server:
Configuring and Customizing Remote Web Access on Windows Server 2012 R2 Essentials
Understand Microsoft personalized domain names
EDIT (11/15/2022): With the increased frequency that Microsoft keeps breaking their online services in Windows Server Essentials (including their remotewebaccess.com personalized domain names and dynamic DNS service), it’s becoming abundantly clear that they no longer care about their Windows Server Essentials customers. Therefore, I now STRONGLY recommend that folks avoid using a Microsoft personalized domain name and just set up their very own custom / vanity domain name instead.
That being said, I also understand that some folks would rather forgo the convenience of using a Microsoft personalized domain name in order to have their very own custom / vanity domain name instead (e.g. YourDomainPrefix.YourCustomDomain.com). Using a custom / vanity domain name presents some additional challenges that must be overcome though; such as purchasing, setting up, and managing the domain name, the dynamic DNS update service, and the trusted SSL certificate. For those folks who are willing to take on those additional challenges, I’ll do my best to try and help by walking you through the entire manual domain name set up process here step-by-step (using either a user-purchased SSL certificate or a free Let’s Encrypt SSL certificate via Certify the web).
Revoke Access to Work Files on Compromised Computers
With the latest release of WSE WorkFolders you can now revoke access to the work files stored on your Windows 8.1 or greater network computers when they have been lost or stolen, when they are no longer being managed by your organization, or when they have been otherwise compromised.
WSE WorkFolders
I would like to introduce everyone to a new product recently released for use with Windows Server 2016, 2019, 2022, or 2025 (with the Windows Server Essentials Experience server role). The product is called WSE WorkFolders and it’s a Windows Server Solutions add-in that allows you to use the Work Folders server role with your Windows Server Essentials (WSE) server.
Two-Factor Authentication (2FA)
For those wanting to use secure Two-Factor Authentication (2FA) with WHS / WSE RemoteApp (or any of our older legacy RemoteApp-based add-ins), we have some good news. We have just finished testing Duo Authentication for Windows Logon and RDP with all of our RemoteApp-based products, and we are happy to report that it works wonderfully with all of them.
Connecting From Mac / iOS / Android / Windows Computers and Devices
I would like to introduce everyone to an exciting new feature recently added to all of our WHS / WSE RemoteApp products that allows you to connect to them from Mac, iOS, Android, and Windows computers and devices. The new feature allows your server to act as a RemoteApp and Desktop Connections (RADC) web feed server for serving remote resources to RADC clients; including the native Windows “RemoteApp and Desktop Connections” Control Panel applet, the freely available Microsoft Remote Desktop client apps for Mac, iOS, Android, and Windows, and Microsoft’s newly released Remote Desktop web client.
WHS / WSE RemoteApp
I would like to introduce everyone to a new Windows Server Solutions (WSS) add-in that I have released called WHS / WSE RemoteApp (“WHS RemoteApp 2011“, “WSE RemoteApp 2012“, “WSE RemoteApp 2012 R2“, and “WSE RemoteApp 2016“).
If you are at all familiar with any of my older (legacy) WSS add-ins, then you will feel right at home with the new add-in. It works just like my older add-ins do, except that your users are no longer limited to the use of a single server-installed application (or a fixed set of server-installed applications). Instead, you can grant your users remote access to pretty much any desktop application that has been installed on your server. Here is a more in-depth explanation of the new add-in: