• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

SBS2003 Defining users who can use OWA but not Connect to their Computer at Work.

I have a standard installation of SBS2003 for a client. All users currently have the ability to access the Remote Web Workplace. However, I've been asked to only allow *some* to use the site to connect to their computer at work. I still want to allow everyone else to use Outlook Web Access. What's the best way to accomplish this?
1 Solution
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
By default, the "User" template allows for RWW access to the user's desktop.  Rather than messing with this template, I would create a separate "security group" to add the users that you DON'T want to have access and then create a GPO which denies access to that group.  They can then use http://server.domain.com/exchange to directly access OWA and if they tried to use RWW they wouldn't succeed. (Although they would have the ability to access the companyweb from there which could be a good thing, generally.

If you like you can clone the "user" template and call it "restricted user" template... then add your new security group to the template's group membership so new users which fit this criteria will automatically be added.

The GP item which needs to be set is this:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny Logon through Terminal Services


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now