Filtering computer list in remote web workplace

I found a blog posted that states it maybe possible to filter the list of computers in RWW. I read the article but I am afraid I fully grasp what they are referring to. The selection of text that I am referring to is quoted below.

"In order for workstation RDP links to be exposed, there must be at least one XP workstation running with Remote Desktop Administration enabled. And only those machines with RDA enabled will show up in the list of client machines that can be connected to from RWW. In order for the application-sharing servers link to be exposed, the following criteria must be met:"

It almost seems like there is separate security that is monitoring and handling the management of RDP links? MOM? SMS?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No, there's no special security monitoring the management of RDP links at all.  

That entire section is about how various links appear on the RWW main menu.  So what it's saying is that if you have NO XP workstations with RDA enabled, then the "Connect to my computer at Work"/"Connect to Client Desktops" link won't even appear on the main menu.

But perhaps you can explain what you are wanting to do?  Because you mention "filtering" but you don't say why or what you are trying to achieve.

MSJoeAuthor Commented:
Sorry about that. This question is really about how to filter the computers that show up in "Connect to computer" in RWW. My goal is to remove computers from the list, or filter the list of computers that a user can see per group membership. The last item is a bit ridiculous and it isn't going to happen but that would be ideal. I know that the RWW app is built to add anything that is a server or a workstation when joined to the domain so anything I mention that I would like to do might not be possible. I thought I struck gold at first with that passage I quoted.

The easiest way to what I want to do, short of actually removing computers from the list as I mentioned would to deny logon or implicitly allow logon through terminal services on a per user basis to their computer.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, first of all, a user cannot log onto a machine that they have not been
assigned to when you joined the computer to the domain with ConnectComputer.
This is because that process adds only the assigned user to the LOCAL
administrators group of that machine, and therefore only that user and domain
admins can log into the workstation remotely via RWW.

There was supposed to be a way to have the user's assinged computer be the
default for them when they access "Connect to my Computer at Work" .

If you look at the first part of that article on RWW (
you'll see that it says this about that:

          This link opens the Computer Selection page that is populated with a
          list of all client computers on the network that are running Windows
          XP or above. If there is a user-to-computer mapping
          (%systemroot%\Inetpub\ClientSetup\usermap.txt) available, the known
          user's computer will be selected by default from the list. Otherwise
          the user will have to manually select his/her workstation from the
          list of available computers.

The usermap.txt file is generated when you run the Add User Wizard and allow it
to also add a computer for that user.

Unfortunately, this feature has never worked.  In fact there is no
ClientSetup directory in Inetpub.  Although the usermap.txt file DOES get
created in the Inetpub\ConnectComputer directory and would be referenced when using
ConnectComputer to automatically populate the Username when assigning users to
particular workstations on the screen shown here:

So, users should already be prohibited from logging into machines which they
haven't been assigned to unless you've manually added all users to either the
LOCAL Administrators or Remote Desktop Users groups.

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

MSJoeAuthor Commented:
That’s great to know as I knew the assign user to computer makes the user a local admin but I did not know using that process would it only allow that user to connect to their assigned computer. I guess my next questions would be about that usermap.txt. If I have a bunch of computers already installed on the network can I just edit that text file and add the mappings in manually to avoid rejoining computers?
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The usermap.txt file doesn't really do much other than pre-populate the "assign to" screen.

But if you're saying that the workstations weren't originally joined to the domain using ConnectComputer, then you need to rejoin them if you want to be able to take advantage of SBS's many features.  To do this, follow the steps I've outlined here:

MSJoeAuthor Commented:
I understand. It would be great if the "Connect to computer" would just connect to the default computer rather than displaying the list but I suppose it doesn't matter. You mentioned "There was supposed to be a way to have the user's assigned computer be the
Default for them when they access "Connect to my Computer at Work" .". After reading the corresponding text associated is there a reason behind that it doesn't work? I guess if says it is, maybe there is a reason why it doesn't. Maybe it has to be setup correct right from the start or all the user to computer mappings have to be accounted for or else a list of computers is displayed?
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No, it doesn't have anything to do with a correct setup right from the start.  It was originally designed to work that way but apparently someone didn't code the wizard right and they never went back to fix it.  The quote in the SBS Blog came from this document a document you can review by downloading it from:

If you are really interested in knowing how the wizards are constructed, go right to page 61 of that paper.

"is there a reason behind that it doesn't work? "

I already tried to explain this to you above... the wizard was supposed to create the file in another directory, but it doesn't, and even if you manually put it there, the RWW's web.config file doesn't look for it.  So, I think it was just part of an original design that got dropped... perhaps because it didn't really work all that well, and since it doesn't save you much time during the ConnectComputer process... it would only have been a "pre-populated" field with the user's name it wouldn't have made the process any shorter.


Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.