Solved

Filtering computer list in remote web workplace

Posted on 2007-11-13
7
6,200 Views
Last Modified: 2012-05-05
I found a blog posted that states it maybe possible to filter the list of computers in RWW. I read the article but I am afraid I fully grasp what they are referring to. The selection of text that I am referring to is quoted below.

"In order for workstation RDP links to be exposed, there must be at least one XP workstation running with Remote Desktop Administration enabled. And only those machines with RDA enabled will show up in the list of client machines that can be connected to from RWW. In order for the application-sharing servers link to be exposed, the following criteria must be met:"

It almost seems like there is separate security that is monitoring and handling the management of RDP links? MOM? SMS?


 http://blogs.technet.com/sbs/archive/2006/11/03/remote-web-workplace-rww-part-ii-controlling-portal-access.aspx
0
Comment
Question by:MSJoe
  • 4
  • 3
7 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20277775
No, there's no special security monitoring the management of RDP links at all.  

That entire section is about how various links appear on the RWW main menu.  So what it's saying is that if you have NO XP workstations with RDA enabled, then the "Connect to my computer at Work"/"Connect to Client Desktops" link won't even appear on the main menu.

But perhaps you can explain what you are wanting to do?  Because you mention "filtering" but you don't say why or what you are trying to achieve.

Jeff
TechSoEasy
0
 

Author Comment

by:MSJoe
ID: 20279780
Sorry about that. This question is really about how to filter the computers that show up in "Connect to computer" in RWW. My goal is to remove computers from the list, or filter the list of computers that a user can see per group membership. The last item is a bit ridiculous and it isn't going to happen but that would be ideal. I know that the RWW app is built to add anything that is a server or a workstation when joined to the domain so anything I mention that I would like to do might not be possible. I thought I struck gold at first with that passage I quoted.

The easiest way to what I want to do, short of actually removing computers from the list as I mentioned would to deny logon or implicitly allow logon through terminal services on a per user basis to their computer.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20285992
Well, first of all, a user cannot log onto a machine that they have not been
assigned to when you joined the computer to the domain with ConnectComputer.
This is because that process adds only the assigned user to the LOCAL
administrators group of that machine, and therefore only that user and domain
admins can log into the workstation remotely via RWW.

There was supposed to be a way to have the user's assinged computer be the
default for them when they access "Connect to my Computer at Work" .

If you look at the first part of that article on RWW (http://sbsurl.com/rww)
you'll see that it says this about that:

          This link opens the Computer Selection page that is populated with a
          list of all client computers on the network that are running Windows
          XP or above. If there is a user-to-computer mapping
          (%systemroot%\Inetpub\ClientSetup\usermap.txt) available, the known
          user's computer will be selected by default from the list. Otherwise
          the user will have to manually select his/her workstation from the
          list of available computers.

       
The usermap.txt file is generated when you run the Add User Wizard and allow it
to also add a computer for that user.

Unfortunately, this feature has never worked.  In fact there is no
ClientSetup directory in Inetpub.  Although the usermap.txt file DOES get
created in the Inetpub\ConnectComputer directory and would be referenced when using
ConnectComputer to automatically populate the Username when assigning users to
particular workstations on the screen shown here:  http://sbsurl.com/assign

So, users should already be prohibited from logging into machines which they
haven't been assigned to unless you've manually added all users to either the
LOCAL Administrators or Remote Desktop Users groups.

Jeff
TechSoEasy
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:MSJoe
ID: 20288735
That’s great to know as I knew the assign user to computer makes the user a local admin but I did not know using that process would it only allow that user to connect to their assigned computer. I guess my next questions would be about that usermap.txt. If I have a bunch of computers already installed on the network can I just edit that text file and add the mappings in manually to avoid rejoining computers?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20289076
The usermap.txt file doesn't really do much other than pre-populate the "assign to" screen.

But if you're saying that the workstations weren't originally joined to the domain using ConnectComputer, then you need to rejoin them if you want to be able to take advantage of SBS's many features.  To do this, follow the steps I've outlined here:  http://sbsurl.com/rejoin

Jeff
TechSoEasy
0
 

Author Comment

by:MSJoe
ID: 20290233
I understand. It would be great if the "Connect to computer" would just connect to the default computer rather than displaying the list but I suppose it doesn't matter. You mentioned "There was supposed to be a way to have the user's assigned computer be the
Default for them when they access "Connect to my Computer at Work" .". After reading the corresponding text associated is there a reason behind that it doesn't work? I guess if SBS.com says it is, maybe there is a reason why it doesn't. Maybe it has to be setup correct right from the start or all the user to computer mappings have to be accounted for or else a list of computers is displayed?
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 20295741
No, it doesn't have anything to do with a correct setup right from the start.  It was originally designed to work that way but apparently someone didn't code the wizard right and they never went back to fix it.  The quote in the SBS Blog came from this document a document you can review by downloading it from: https://filedb.experts-exchange.com/incoming/ee-stuff/83-SBS2003TechnicalReferenceTraining.pdf

If you are really interested in knowing how the wizards are constructed, go right to page 61 of that paper.

"is there a reason behind that it doesn't work? "

I already tried to explain this to you above... the wizard was supposed to create the file in another directory, but it doesn't, and even if you manually put it there, the RWW's web.config file doesn't look for it.  So, I think it was just part of an original design that got dropped... perhaps because it didn't really work all that well, and since it doesn't save you much time during the ConnectComputer process... it would only have been a "pre-populated" field with the user's name it wouldn't have made the process any shorter.

Jeff
TechSoEasy
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question