SBS 2011 Remote Web Workplace Unauthorized User Can still login?

I have a new install of SBS 2011 ( actually a migration from 2003 ) and am testing RWW.  I have users who have been removed from accessing RWW - I removed them from the SBS console and also verified their permissions through both group membership in AD and also through the rights on the Remote virtual directory.

But... somehow... these user accounts can still authenticate through RWW.  Granted, when they click a link within RWW it fails, but why are they even allowed to login through RWW?
Who is Participating?

Improve company productivity with a Business Account.Sign Up

OllarConsultingConnect With a Mentor Author Commented:
Turned out to be a permissions-related fix.  This was part of a migration to SBS 2011 and I inherited the AD implementation. Turned out some users belonged to a group that belonged to an Administrative group, which is why they had access.  Now good to go...
Robby SwartenbroekxMSP engineerCommented:
Do they still have owa access?
OllarConsultingAuthor Commented:
No.  The unauthorized users can login through RWW, but cannot authenticate through OWA...
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Robby SwartenbroekxMSP engineerCommented:
Does this help?

To manage Remote Web Workplace access for specific users or groups


Open the Windows SBS Console.


On the navigation bar, click Shared Folders and Web Sites.


Right-click Remote Web Workplace, and then click Manage permissions. The Remote Web Workplace Properties page appears.


Click Modify. The Change Group Membership dialog box appears.


In Users and Groups, select the user or group to whom you want to grant access.
To select multiple users or groups, press CTRL, and then click each user or group that you want to select.


Do one of the following:
To grant access to the selected users or groups, click Add, and then click OK.
To deny access to the selected users or groups, click Remove, and then click OK.


Click OK.
OllarConsultingAuthor Commented:
The users that should not be able to authenticate are not listed...
Robby SwartenbroekxMSP engineerCommented:
Are the users created outside the SBS console that they aren't listed?
Any posibility to recreate them inside the SBS console (maybe disconnect the Exchange mailbox and reconnect it afterwards)?

Otherwise, of which Groups are they member of?
OllarConsultingAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.