Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Filtering computer list in remote web workplace

Posted on 2007-11-13
7
Medium Priority
?
6,353 Views
Last Modified: 2012-05-05
I found a blog posted that states it maybe possible to filter the list of computers in RWW. I read the article but I am afraid I fully grasp what they are referring to. The selection of text that I am referring to is quoted below.

"In order for workstation RDP links to be exposed, there must be at least one XP workstation running with Remote Desktop Administration enabled. And only those machines with RDA enabled will show up in the list of client machines that can be connected to from RWW. In order for the application-sharing servers link to be exposed, the following criteria must be met:"

It almost seems like there is separate security that is monitoring and handling the management of RDP links? MOM? SMS?


 http://blogs.technet.com/sbs/archive/2006/11/03/remote-web-workplace-rww-part-ii-controlling-portal-access.aspx
0
Comment
Question by:MSJoe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20277775
No, there's no special security monitoring the management of RDP links at all.  

That entire section is about how various links appear on the RWW main menu.  So what it's saying is that if you have NO XP workstations with RDA enabled, then the "Connect to my computer at Work"/"Connect to Client Desktops" link won't even appear on the main menu.

But perhaps you can explain what you are wanting to do?  Because you mention "filtering" but you don't say why or what you are trying to achieve.

Jeff
TechSoEasy
0
 

Author Comment

by:MSJoe
ID: 20279780
Sorry about that. This question is really about how to filter the computers that show up in "Connect to computer" in RWW. My goal is to remove computers from the list, or filter the list of computers that a user can see per group membership. The last item is a bit ridiculous and it isn't going to happen but that would be ideal. I know that the RWW app is built to add anything that is a server or a workstation when joined to the domain so anything I mention that I would like to do might not be possible. I thought I struck gold at first with that passage I quoted.

The easiest way to what I want to do, short of actually removing computers from the list as I mentioned would to deny logon or implicitly allow logon through terminal services on a per user basis to their computer.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20285992
Well, first of all, a user cannot log onto a machine that they have not been
assigned to when you joined the computer to the domain with ConnectComputer.
This is because that process adds only the assigned user to the LOCAL
administrators group of that machine, and therefore only that user and domain
admins can log into the workstation remotely via RWW.

There was supposed to be a way to have the user's assinged computer be the
default for them when they access "Connect to my Computer at Work" .

If you look at the first part of that article on RWW (http://sbsurl.com/rww)
you'll see that it says this about that:

          This link opens the Computer Selection page that is populated with a
          list of all client computers on the network that are running Windows
          XP or above. If there is a user-to-computer mapping
          (%systemroot%\Inetpub\ClientSetup\usermap.txt) available, the known
          user's computer will be selected by default from the list. Otherwise
          the user will have to manually select his/her workstation from the
          list of available computers.

       
The usermap.txt file is generated when you run the Add User Wizard and allow it
to also add a computer for that user.

Unfortunately, this feature has never worked.  In fact there is no
ClientSetup directory in Inetpub.  Although the usermap.txt file DOES get
created in the Inetpub\ConnectComputer directory and would be referenced when using
ConnectComputer to automatically populate the Username when assigning users to
particular workstations on the screen shown here:  http://sbsurl.com/assign

So, users should already be prohibited from logging into machines which they
haven't been assigned to unless you've manually added all users to either the
LOCAL Administrators or Remote Desktop Users groups.

Jeff
TechSoEasy
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:MSJoe
ID: 20288735
That’s great to know as I knew the assign user to computer makes the user a local admin but I did not know using that process would it only allow that user to connect to their assigned computer. I guess my next questions would be about that usermap.txt. If I have a bunch of computers already installed on the network can I just edit that text file and add the mappings in manually to avoid rejoining computers?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20289076
The usermap.txt file doesn't really do much other than pre-populate the "assign to" screen.

But if you're saying that the workstations weren't originally joined to the domain using ConnectComputer, then you need to rejoin them if you want to be able to take advantage of SBS's many features.  To do this, follow the steps I've outlined here:  http://sbsurl.com/rejoin

Jeff
TechSoEasy
0
 

Author Comment

by:MSJoe
ID: 20290233
I understand. It would be great if the "Connect to computer" would just connect to the default computer rather than displaying the list but I suppose it doesn't matter. You mentioned "There was supposed to be a way to have the user's assigned computer be the
Default for them when they access "Connect to my Computer at Work" .". After reading the corresponding text associated is there a reason behind that it doesn't work? I guess if SBS.com says it is, maybe there is a reason why it doesn't. Maybe it has to be setup correct right from the start or all the user to computer mappings have to be accounted for or else a list of computers is displayed?
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1500 total points
ID: 20295741
No, it doesn't have anything to do with a correct setup right from the start.  It was originally designed to work that way but apparently someone didn't code the wizard right and they never went back to fix it.  The quote in the SBS Blog came from this document a document you can review by downloading it from: https://filedb.experts-exchange.com/incoming/ee-stuff/83-SBS2003TechnicalReferenceTraining.pdf

If you are really interested in knowing how the wizards are constructed, go right to page 61 of that paper.

"is there a reason behind that it doesn't work? "

I already tried to explain this to you above... the wizard was supposed to create the file in another directory, but it doesn't, and even if you manually put it there, the RWW's web.config file doesn't look for it.  So, I think it was just part of an original design that got dropped... perhaps because it didn't really work all that well, and since it doesn't save you much time during the ConnectComputer process... it would only have been a "pre-populated" field with the user's name it wouldn't have made the process any shorter.

Jeff
TechSoEasy
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question