The RemoteApp User Assignment feature gives administrators the ability to show a customized list of RemoteApp programs specific to the logged-on user in RD Web Access and RemoteApp and Desktop Connections. This has been one of our most requested features since Terminal Services Web Access (TS Web Access) was released in Windows Server 2008.

In Windows Server 2008 TS Web Access, if two users with different application usage patterns log on to the website, they will both see the same list of RemoteApp programs. For example, a user from HR and a developer will see the same set of published applications. They will both have to dig through several published applications to access the ones that are relevant to them.

By using RemoteApp User Assignment, Windows Server 2008 R2 provides a solution to filter the applications based on the logged-on user. By using this new feature, the administrator can easily set up the system so that users will only see the applications they use. In our example scenario, the HR user will only see HR applications, and the developer will only see development applications. This feature makes it easy for users to find and run the applications that are relevant to them.

The RemoteApp User Assignment feature is implemented by adding an access control list (ACL) to every RemoteApp program. When a user logs on to RD Web Access, the list of applications that are viewable to this user is fetched from the RD Session Host (RDSH) servers. As we can see in the diagram below, when RD Web Access is configured to point directly to one or more RD Session Host servers, RD Web Access directly queries the servers and filters the retrieved list of RemoteApp programs based on the ACLs.

Source: http://blogs.msdn.com/rds/archive/2009/06/11/introducing-remoteapp-user-assignment.aspx