Setting up Chrome Remote Desktop for Windows on Compute Engine

This tutorial shows you how to set up the Chrome Remote Desktop service on a Microsoft Windows virtual machine (VM) instance on Compute Engine. Chrome Remote Desktop allows you to remotely access applications with a graphical user interface from a local computer or mobile device.

For this approach, you don't need to open firewall ports, although the VM does need access to the internet, and you use your Google Account for authentication and authorization.

Two methods of setting up Chrome Remote Desktop are described. The first is an interactive method using Windows Remote Desktop Protocol (RDP) that requires the virtual machine to initially be accessible from the internet. The second is a non-interactive method that uses a GCESysprep specialize script to install and configure Chrome Remote Desktop when the VM is being created.

This tutorial assumes that you are familiar with Microsoft Windows and the PowerShell command line.

For information about other options for creating virtual workstations, see Creating a virtual workstation.

Objectives

  • Create a Windows Compute Engine VM instance to run Chrome Remote Desktop on.
  • Install and configure the Chrome Remote Desktop service on the VM instance.
  • Connect from your local computer to the desktop environment on the VM instance.

Costs

This tutorial uses billable components of Google Cloud, including:

  • Compute Engine

Use the Pricing Calculator to generate a cost estimate based on your projected usage.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Cloud Console, on the project selector page, select or create a Cloud project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Google Cloud project. Learn how to confirm billing is enabled for your project.

  4. Enable the Compute Engine API.
  5. Enable the API

Ensure that you're meeting these additional prerequisites:

Interactive installation using RDP

To install Chrome Remote Desktop interactively, you need to be able to connect to the remote VM with RDP. In this tutorial, you create the VM in the default VPC with default firewall rules, which exposes the RDP port 3339 to the internet.

If this is not possible in your environment, use the non-interactive method that's described later in this document.

Create a Compute Engine instance

Console

  1. In the Cloud Console, go to the VM Instances page:

    Go to the VM Instances page

  2. Click Create.

  3. Set the instance name to crdhost.

  4. Optionally, select a region and zone that's close to you.

  5. Under Machine configuration, change Machine type to n1-standard-2 (2 vCPU).

  6. Click CPU platform and GPU to expand the section.

  7. Enable the Turn on display device checkbox because Chrome Remote Desktop requires a display device on Windows VMs.

  8. Next to the Boot disk description, click Change to open the Boot disk panel

  9. Click the Operating system dropdown, and then select Windows Server.

  10. Click the Version dropdown, and then select Windows Server 2019 Datacenter.

  11. Ensure that the following values are set:

    • Boot disk type is set to Standard persistent disk.
    • Size (GB) is set to 50.
  12. Click Select to close the panel.

  13. Click Create.

Cloud Shell

  1. Open Cloud Shell.

    Open Cloud Shell

  2. Set your preferred zone:

    ZONE=us-east1-b
    REGION=us-east1
    gcloud config set compute/zone "${ZONE}"
    
  3. Create a Compute Engine instance by using the app image for Windows Server 2019 Datacenter:

    gcloud compute instances create crdhost \
        --machine-type=n1-standard-2 \
        --scopes=cloud-platform \
        --enable-display-device \
        --image-family=windows-2019 \
        --image-project=windows-cloud \
        --boot-disk-size=50GB \
        --boot-disk-device-name=crdhost
    

    This command creates a Windows Server 2019 virtual machine that has an attached display device (required for Chrome Remote Desktop on Windows VMs) a 50GB boot disk, and grants the instance full access to Google Cloud APIs.

    Ignore the disk performance warning because you don't need high performance for this tutorial.

It takes a about 5 minutes to create your instance.

Connect to the VM instance by using RDP

  1. In the Cloud Console, go to the VM instances page.

    Go to the VM instances page

  2. Make sure a green check mark is displayed next to the name of your crdhost instance, indicating that the instance is ready.

  3. Click the instance name crdhost to open the VM instance details page.

  4. Under Remote access, click Set Windows password, and then click Set to create your account on the remote machine.

    This step generates a password for you. Make a note of the password or copy it to a secure temporary file.

  5. To connect to the remote instance by using the Chrome RDP app, click the RDP button.

    If you prefer to use an alternative RDP client, click the drop-down arrow next to the RDP button, and then select Download the RDP file. You can open the RDP file by using your preferred RDP client.

  6. When you're prompted, enter the password you just generated, and then click OK.

  7. To accept the server certificate and log into your remote Windows instance, click Continue.

  8. When you're prompted whether you want your computer discoverable by other PCs and devices on the network, click No.

  9. Close the Server Manager Dashboard if it is open.

Install Chrome and Chrome Remote Desktop

The next step is to install Google Chrome and the Chrome Remote Desktop service on the VM instance.

  1. In your RDP session, click the Start button on the Windows taskbar, type PowerShell, and then select the Windows PowerShell app.

  2. At the PowerShell prompt, enable HTTPS requests:

    [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
    
  3. Download and run the Chrome Remote Desktop Host installer.

    & {$P = $env:TEMP + '\chromeremotedesktophost.msi'; Invoke-WebRequest 'https://dl.google.com/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi' -OutFile $P; Start-Process $P -Wait; Remove-Item $P}
    
  4. When you're prompted, confirm that you want the installer to make changes.

  5. Download and run the Google Chrome installer.

    & {$P = $env:TEMP + '\chrome_installer.exe'; Invoke-WebRequest 'https://dl.google.com/chrome/install/latest/chrome_installer.exe' -OutFile $P; Start-Process -FilePath $P -Args '/install' -Verb RunAs -Wait; Remove-Item $P}
    
  6. When you're prompted, confirm that you want the installer to make changes.

    When the installation completes, a Google Chrome window will be opened on your remote desktop.

Set up the Chrome Remote Desktop service

  1. In the Google Chrome window on your remote desktop, go to the following URL:

    https://remotedesktop.google.com/access/
    
  2. Log into the Google Account that you want to use to access this machine.

  3. In the Set up remote access dialog, click Download to go to the Chrome Web Store page.

  4. To install the extension, click Add to Chrome and then click Add extension.

  5. On the Chrome Remote Desktop Setup page, click Next to accept the computer name.

  6. When you're prompted, enter a 6-digit PIN. This number will be used for additional authorization when you connect later.

  7. Click Start.

  8. When you're prompted, confirm that you want the application to make changes.

    The remote desktop service starts, and the status shown for crdhost changes from Starting to Online

  9. Close the Chrome windows.

  10. Close PowerShell.

  11. Close the Remote Desktop window.

You can now connect to the VM using Chrome Remote Desktop.

Non-interactive installation

In this approach, you configure the VM instance to have a GCESysprep specialize script that runs when the VM is created.

With this approach, the VM does not need to be directly accessible from the internet, although it still needs access to the internet.

Authorize the Chrome Remote Desktop service

You now generate a Windows command that you use later in the specialize script. As part of this procedure, you provide authorization information that's included in the command.

  1. On your local computer, using the Chrome browser, go to the Chrome Remote Desktop command line setup page

  2. If you're not already signed in, sign in with a Google Account. This is the account that will be used for authorizing remote access.

  3. Click Begin, then click Next.

  4. Click Authorize.

  5. Allow Chrome Remote Desktop to access your account.

    The page now contains several command lines, one of which is for Windows (Cmd) that looks like the following:

    "%PROGRAMFILES(X86)%\Google\Chrome Remote Desktop\CurrentVersion\remoting_start_host.exe" --code="4/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXX" --redirect-url="https://remotedesktop.google.com/_/oauthredirect" --name=%COMPUTERNAME%
    

    The --code flag contains a unique short-lived OAuth token.

    The authorization code in the command line is valid for only a few minutes, and you can use it only once.

    Keep this page open.

Copy the startup command to Cloud Shell

The next step is to create a file in your Cloud Shell instance that contains the startup command that you just generated.

  1. Open Cloud Shell.

    Open Cloud Shell

  2. Create a file for the startup command:

    cat  > crd-auth-command.txt
    
  3. Go to the page that has the Chrome Remote Desktop startup command and copy the Windows (Cmd) command line.

  4. In Cloud Shell paste the command to add it to the file.

  5. Press Enter to end the line, and then press Control-D to close the file.

Create the GCESysprep specialize script

  • Copy the following code block and paste it into Cloud Shell.

    cat << "EOF" > crd-sysprep-script.ps1
    <#
        .SYNOPSIS
        GCESysprep specialize script for unattended Chrome Remote Desktop installation.
    #>
    $ErrorActionPreference = 'stop'
    
    function Get-Metadata([String]$metadataName) {
      try {
        $value = (Invoke-RestMethod `
            -Headers @{'Metadata-Flavor' = 'Google'} `
            -Uri "http://metadata.google.internal/computeMetadata/v1/instance/attributes/$metadataName")
      }
      catch {
        # Report but ignore REST errors.
        Write-Host $_
      }
      if ($value -eq $null -or $value.Length -eq 0) {
        throw "Metadata value for ""$metadataName"" not specified. Skipping Chrome Remote Desktop service installation."
      }
      return $value
    }
    
    # Get config from metadata
    #
    $crdCommand = Get-Metadata('crd-command')
    $crdPin = Get-Metadata('crd-pin')
    $crdName = Get-Metadata('crd-name')
    
    if ($crdPin -isNot [Int32] -or $crdPin -gt 999999 -or $crdPin -lt 0) {
      throw "Metadata ""crd-pin""=""$crdPin"" is not a 6 digit number. Skipping Chrome Remote Desktop service installation."
    }
    # Prefix $crdPin with zeros if required.
    $crdPin = $crdPin.ToString("000000");
    
    # The command from remote desktop authentication does not have the correct path to the application,
    # and is missing the --pin and --name arguments which are required for unattended installation.
    #
    $crdCommandArgs = $crdCommand.Split(' ')
    $codeArg = $crdCommandArgs | Select-String -Pattern '--code="[^"]+"'
    $redirectArg = $crdCommandArgs | Select-String -Pattern '--redirect-url="[^"]+"'
    
    if (-not $codeArg) {
      throw 'Cannot get --code= parameter from crd-command. Skipping Chrome Remote Desktop service installation.'
    }
    if (-not $redirectArg) {
      throw 'Cannot get --redirect-url= parameter from crd-command. Skipping Chrome Remote Desktop service installation.'
    }
    
    [Net.ServicePointManager]::SecurityProtocol = 'tls13, tls12, tls11, tls'
    
    Write-Host 'Downloading Chrome Remote Desktop.'
    $installer = "$env:TEMP\chromeremotedesktophost.msi"
    Invoke-WebRequest 'https://dl.google.com/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi' `
        -OutFile $installer
    Write-Host 'Installing Chrome Remote Desktop.'
    & msiexec.exe /I $installer /qn /quiet | Out-Default
    Remove-Item $installer
    
    $installer = "$env:TEMP\chrome_installer.exe"
    Write-Host 'Downloading Chrome.'
    Invoke-WebRequest  'https://dl.google.com/chrome/install/latest/chrome_installer.exe' `
        -OutFile $installer
    Write-Host 'Installing Chrome.'
    & $installer /silent /install | Out-Default
    Remove-Item $installer
    
    Write-Host 'Starting Chrome Remote Desktop service.'
    & "${env:ProgramFiles(x86)}\Google\Chrome Remote Desktop\CurrentVersion\remoting_start_host.exe" `
        $codeArg $redirectArg --name="$crdName" -pin="$crdPin" | Out-Default
    
    EOF
    

    This code block is a PowerShell specialize script that will be run when the VM is created. It performs the following actions:

    • Download and install the Chrome Remote Desktop host service.
    • Download and install the Chrome browser.
    • Retrieve the following metadata parameters:
      • crd-command - the Windows authentication and startup command.
      • crd-pin - the 6-digit PIN used for additional authentication.
      • crd-name - the name for this instance.
    • Configure and start the Chrome Remote Desktop host service.

Create a new Windows virtual machine

You now create a new Windows VM using the files you created earlier to configure and set up Chrome Remote Desktop.

  1. In Cloud Shell, set your preferred zone:

    ZONE=us-east1-b
    REGION=us-east1
    gcloud config set compute/zone "${ZONE}"
    
  2. Set a 6-digit PIN for additional authentication to Chrome Remote Desktop:

    CRD_PIN=your-pin
    

    Replace your-pin with a 6-digit number.

  3. Set a name for this VM instance:

    INSTANCE_NAME=crdhost
    
  4. Create the instance:

    gcloud compute instances create ${INSTANCE_NAME} \
        --machine-type=n1-standard-2 \
        --scopes=cloud-platform \
        --enable-display-device \
        --image-family=windows-2019 \
        --image-project=windows-cloud \
        --boot-disk-size=50GB \
        --boot-disk-device-name=${INSTANCE_NAME} \
        --metadata=crd-pin=${CRD_PIN},crd-name=${INSTANCE_NAME} \
        --metadata-from-file=crd-command=crd-auth-command.txt,sysprep-specialize-script-ps1=crd-sysprep-script.ps1
    

    This command creates a Windows Server 2019 virtual machine in the default VPC that has an attached display device (required for Chrome Remote Desktop on Windows VMs) and a 50GB boot disk, and grants the instance full access to Google Cloud APIs.

    The metadata values specify the specialize script, Windows startup command line, and the parameters required to start the Chrome Remote Desktop service.

Monitoring the VM startup

You can verify that the startup script is successful by checking the messages logged to the VM's serial port while it is being created.

  1. In Cloud Shell, display the messages logged during VM startup:

    gcloud compute instances tail-serial-port-output ${INSTANCE_NAME}
    

    If the Chrome Remote Desktop configuration is successful, you see the following log lines:

    Found sysprep-specialize-script-ps1 in metadata.
    sysprep-specialize-script-ps1: Downloading Chrome Remote Desktop.
    sysprep-specialize-script-ps1: Installing Chrome Remote Desktop.
    sysprep-specialize-script-ps1: Downloading Chrome.
    sysprep-specialize-script-ps1: Installing Chrome.
    sysprep-specialize-script-ps1: Starting Chrome Remote Desktop service.
    sysprep-specialize-script-ps1 exit status 0
    Finished running specialize scripts.
    

    If the Chrome Remote Desktop configuration fails, you see an error message indicating the problem, for example:

    sysprep-specialize-script-ps1: Couldn't start host: OAuth error.
    

    This error indicates that the OAuth token from the Chrome Remote Desktop authentication page is no longer valid, either because it has already been used, or because it has expired.

    To correct this error, either connect via RDP and perform an interactive setup as described previously, or delete the VM and retry the setup process.

    When you see the following message in the serial port monitor, the VM is ready.

    GCEInstanceSetup: ------------------------------------------------------------
    GCEInstanceSetup: Instance setup finished. crdhost is ready to use.
    GCEInstanceSetup: ------------------------------------------------------------
    
  2. Press Control-C to stop displaying the startup messages.

Create a Windows user account

  1. In the Cloud Console, go to the VM instances page.

    Go to the VM instances page

  2. Click the instance name crdhost to open the VM instance details page.

  3. Under Remote access, click Set Windows password, and then click Set to create your account on the remote machine.

    This step generates a password for you. Make a note of the username and password or copy it to a secure temporary file.

Connecting to the VM instance with Chrome Remote Desktop

You can connect to the VM instance using the Chrome Remote Desktop web application.

  1. On your local computer, go to the Chrome Remote Desktop web site.

  2. If you're not already signed in to Google, sign in with the same Google Account that you used to set up the Chrome Remote Desktop service.

    You see your new crdhost VM instance in the Remote Devices list.

    List of remote devices available to connect to.

  3. Click the name of the instance.

  4. When you're prompted, enter the PIN that you created earlier, and then click the arrow button to connect.

    You are now connected to the Windows login screen on your remote Compute Engine instance.

  5. Press any key, and enter the password for the Windows user that you generated earlier. Note that the default remote keyboard has a US-English layout, so the characters entered may not match the characters on your local keyboard. You also cannot copy and paste the password.

You are now connected and logged in to the remote Windows desktop.

Improving the remote desktop experience

This section provides instructions for changing settings in order to improve the remote desktop experience.

Enable Clipboard Synchronization

Clipboard Synchronization allows the contents of the clipboard to be shared between the local and remote machines. If this feature is not already enabled, do the following:

  1. Open the Session Options panel using the button on the side of the window.
  2. In the Enable Clipboard Synchronization section, click Begin.
  3. Click Allow.

Install the Remote Desktop Chrome app

The Remote Desktop Chrome app provides a separate windowed experience and allows more keyboard shortcuts to be used on the remote system. If this app is not installed, do the following:

  1. Open the Session Options panel using the button on the side of the window.
  2. In the Install App section, click Begin.
  3. Click Install.

    The remote desktop session reopens in a separate window.

You can move any remote desktop sessions from a Chrome tab to the app window by clicking the Open With icon in the URL bar.

Improve the screen resolution

The default remote desktop resolution can modified to better suit your local computers desktop resolution.

  1. Right-click the remote desktop's background and select Display Settings.
  2. In the Resolution drop-down list, select a different screen resolution.
  3. Confirm the new screen resolution in the dialog.

Re-enable the service

If you have mistakenly disabled connections to the remote instance in the client app, you can reconfigure the service and re-enable it by following the instructions in Setting up the Chrome Remote Desktop Service.

Cleaning up

To avoid incurring charges to your Google Cloud Platform account for the resources used in this tutorial:

Deleting the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the Cloud Console, go to the Manage resources page.

    Go to the Manage resources page

  2. In the project list, select the project that you want to delete and then click Delete .
  3. In the dialog, type the project ID and then click Shut down to delete the project.

Delete the Compute Engine instance

As an alternative to deleting the entire project, you can delete the VM instance you created for this tutorial:

  1. In the Cloud Console, go to the VM Instances page:

    Go to the VM Instances page

  2. Select the checkbox next to the instance name you created earlier (crdhost).

  3. Click the Delete button at the top of the page:

    Deleting the VM instance.

    It takes a few moments to delete your instance.

Deauthorize Chrome Remote Desktop for the instance

If you no longer want to connect to the VM instance, you can disable it and remove the instance from the Remote Devices list.

  1. On your local computer, go to the Chrome Remote Desktop Remote Device list (Beta) web site.

  2. Click next to the instance name:

    Disabling the remote device in Chrome.

  3. Click OK to confirm that the remote device connection should be disabled.

What's next

  • Try accessing the remote desktop environment from your mobile phone using the Android or IOS Chrome Remote Desktop apps.
  • Learn about other options for creating a virtual workstation.
  • Try out other Google Cloud features for yourself. Have a look at our tutorials.