When starting a remoteapp the user gets access to the underlying desktop. They even got the update notification, but I sorted this with registry key
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MusNotification.exe" /v "debugger" /d "rundll32.exe" /f
Which basically redirect the popup notification to rundll32 which again run silent. Found this on another forum.
Why are the users getting access to the desktop? Is there a way that one can restrict them with a GPO to avoid this?
We are running windows 2016 RDS