• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

Window 2008 server permission issues

I have a terminal server that is running on 2008 Enterprise server. We have an application that need to open a certain port in this server. All terminal server users are local users and part of the remote desktop. I want to know how to set permission for the remote user group to open https://servername:XXXX

Huy
0
moonzappa
Asked:
moonzappa
  • 4
  • 3
  • 2
1 Solution
 
Darius GhassemCommented:
You should be able to create a Shortcut and put it in the All Users folder for them to access the site. This shouldn't be a issue with permissions. Make sure that the folder containing the website has permissions for the Authenticated Users to have access or you can just add the Remote Desktop Group to these NTFS permissions.
0
 
WikkardCommented:
Your rdp users would not need any special permission except  access to internet explorer.

The authorisation to access the site is controlled via IIS (and depending on how IIS is setup, at the file system).
0
 
moonzappaAuthor Commented:
It is not a website. It is like a webserver/application . I don't know if the term i am using is correct. But the application is running on that particular port. The developers believe it is the permission issues since domain admins can open the application on that port just fine. But terminal server users are unable to run application through that port
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
moonzappaAuthor Commented:
The developer told me to read in this article
http://technet.microsoft.com/en-us/library/cc786389.aspx
but it only apply to windows 2003 and we are running on 2008
0
 
Darius GhassemCommented:
If it is a web application then it is a website as well and the path to the web application should is part of IIS. If you look on the permissions of the web application that contains the data to be displayed in Internet Explorer should have authenticated users in the permissions of the content folder. Look in IIS look under your Websites and see if you see the application listed right click on the folder and select browse to so you can see where the folder content is located to check folder permissions.
0
 
WikkardCommented:
hmm the article you posted talks about installing certificates in client profiles. Does your application have a valid ssl certificate or is it self signed ?

There may be some security restriction for your rdp users where sites they visit require valid ssl certificates.

You could verify this (assuming you have a self signed certificate) by installing the SSL certificate from the web server into the trusted root certificates store of a normal rdp user (not admin).

There may also be something in the security policy (firewalls/routers) that prevents users connecting on not standard SSL ports (not 443).  We recently had an issue where a company in China could not access our application using non standard SSL ports because of the 'great firewall of china'.  

Hope this helps.

0
 
WikkardCommented:
Also it might help us to know a little bit more about your application ?
What languages/platform  ?
Is it a clickonce deployment ?

0
 
moonzappaAuthor Commented:
Yes. It is a self signed certificate. The users are accessing it via terminal server web or remote desktop. I believe the application is written in .net and it is a clickonce deployment set up. as far as port being opened on the firewall i only have 3389 80 and 443 open. It is a cisco box. But what i dont understand it that if they come in though remote desktop would it look like they are sitting on the server? and not from outside ?? so with 2008 does it have a folder like wwwroot or intpub?? i am not too familiar with the 2008 lay out
0
 
WikkardCommented:
I think the first thing you should do is install the SSL certificate in the trusted root certificate store
(This can be done by clicking view certificate and then chosing install certificate. Don't let windows choose where to install the certificate, manually select the 'trusted root certification authorities' certificate store, then finish the wizard. )

In answer to your question the users would look like they are sitting on the server when in rdp session.  So firewalls wont matter if it is the same machine. Is the website with the clickonce deployment on the same machine as the rdp sessions ?  

Can users access the app via normal http (non secure) ?  

Are you using a port other than 443 for SSL ? If you are usign the standard 443 port then you can safely call the url as https://servername (without the :port on the end).





0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now