This is a question that comes up somewhat frequently. If you want to allow users to use RemoteApp in Windows Server 2008 or 2008 R2, they have to be members of the Remote Desktop Users group on the server. But, sometimes we don’t want our users to have the full desktop UI on a shared server resource. There is actually a very simple way to accomplish exactly what we’re looking at.
On each of the servers with the Remote Desktop Session Host role, open the connection properties by navigating as shown.
Open the properties of the connection that you are using. Click on the environment tab, bubble in the Start the following program, and fill it out as shown below. Basically, we’re configuring the server to automatically log out as soon as anyone tries to log in with the full UI. However, this doesn’t prevent users from connecting with RemoteApp. Pretty cool trick I thought!