Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Limit RWW Client Computer Logons

Status
Not open for further replies.
rjr

rjr

Technical User
Apr 19, 2001
85
0
0
US
Just started with Remote Web Workplace (RWW). When a non-admin. user logs in and choses to "Connect to my computer at work", he is then prsented with a list of all the client computers in the domain. At present users can log in to any computer at the office, but I want to limit them to only their computers via RWW.

I plan on limiting the user to logging in to only their computer by using the "Log on to" button of the Account tab in User Properties of AD. It appears I must also include the server in the list of computers the user can log on to, or they can not even log on to the RWW site.

Am I doing this correctly, or is their a better method?
 
Sort by date Sort by votes
You are correct in setting the LOG ONTO area, however, a user does not need to be able to log onto the server in order to be able to use RWW. The RWW is just a web application running on the server. The user doesn't actually log onto the server. If you somehow gave a user the ability to access the server itself, you could have serious consequences.
 
Upvote 0 Downvote
On each of the workstations there is a Remote Desktop Users group. Restrict membership to this group to just the individuals you want to log on to each PC and they will be deinied access to the other workstations.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Thanks to both of you. As regards Dannny28, if I do not include the server in the Log On To list the user is unable to log into RWW. RWW states the user name or password is incorrect. If I then addd the server name to the list, the user is able to log into RWW.

I was surprised I had to add the server to the list for it to work. Note that as long as the user does not have admin. privlages, he is not presented with admin. RWW choices, such as logging onto servers.

I hired an IT firm to get RWW up and going. They are Win Server 2003 guys with little SBS experience, but they also concluded adding the server to the list was needed. In short, I and they have tried it with numerous user accounts and in each case the server name had to be added to the list for a successful RWW logon.

Your comments are VERY welcome, and thanks for your time.
 
Upvote 0 Downvote
marcdmac, do you mean the RWW users group in AD? If so, adding this membership to a user allows him to access RWW, but he is still presented witih a list of all domain clients, and can log into any of them unless he is otherwise restriced.
 
Upvote 0 Downvote
I am referring to the local group on each PC. THe users will still see a list of all workstations, but will not be able to log on to any machines other than the ones where you have set them up as a member of the Remote Desktop Users group.

To access this group, right click My Computer, choose Manage. Expand out Users & Groups. Expand Groups. Double click Remote Desktop Users.

Remove any entries for authenticated users or domain users and explicitly add the users you want to have access to the PC.

If you really want to hide all machines from view then you should enlist the help of some SharePoint experts that can customize the RWW pages for you.

Essentially you would need to have the user log in, then pull data from a database with a list of allowed workstations. Then present the list. Alternatively if you have a naming convention like user JSMITH logs on to JSMITHPC it would be easy to code that as well without database interaction. You still will need a good SharePoint/ASP.Net rersource though to help you tie it all together.

My suggestion will give you the desired end result, but the user will still see the other machine names in the list.

You must keep the users all in the RWW user group or they won't be able to log in to RWW at all.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Mark: Thank you for elaborating. Your level of sophistication is impressive, and I greatly appreciate the lesson.

I believe I am simply going to use the Log On To method. Any insights into why I have to add the server name to the Log On To list? Do you see any reason that this is not a viable solution? Thanks again for your time.
 
Upvote 0 Downvote
Honestly I would leave the server in the list. You want it there for YOU as the administrator for those odd times when emergency access is needed and a VPN is not an option.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Thanks again Mark, and forgive me if I am not articulating this very well, but I have found that I MUST include the server in the Log On To list or RWW does not allow logon and report bad user name or password. If I add the server, the logon is successfull, and the user is then able to proceed with connecting with his computer, checking mail, and other RWW tasks. In short, I have to add it for all users, not just me.
 
Upvote 0 Downvote
Afraid I don't have access to an SBS server at the moment. Hopefully someone else can take a look at this and respond. I'm heading out for a business trip for a week.

Best of luck.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
119
fightaccording
fightaccording
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
75
StevenFromSouth
StevenFromSouth
Leozack
  • Locked
  • Question
MDT TS move computer OU
Replies
0
Views
41
Leozack
Leozack
lecombs1950
  • Locked
  • Question
PKI and Client server application
Replies
0
Views
31
lecombs1950
lecombs1950
kjv1611
  • Locked
  • Question
New Client Picks Up Old Client IP Address, Both now Share?
Replies
4
Views
72
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top