[Jim Martin weighs in this week with a deep technical dive of RWW. This is the second part of the series. Part 1 can be found at http://blogs.technet.com/sbs/archive/2006/07/25/443383.aspx ]
RWW provides a single point of access from the Internet to SBS features such as OWA, client desktops, terminal servers, the internal Sharepoint site, etc. for those users who have been granted access. This post describes how you can control which links are displayed on the RWW web page for different kinds of RWW users.
Bear in mind that in order to access a particular component all the following apply:
Generally, with the exception of the configuration of 3 rd -party and hardware firewalls, the above items will be installed and configured appropriately out of the box by: (1) Completing the SBS integrated setup (2) Running the CEICW and other wizards to publish the components (3) Running the Add User wizard to create new users.
Types of RWW Users
There are 2 different kinds of users as far as RWW is concerned:
When you run the Add User Wizard and select any of the standard user templates, the user is made a member of the Remote Web Workplace Users security group. If you select the Administrator Template the user is also made a member of the Domain Admins security group, which is a member of the Administrators group.
The Links
After logging on to RWW the user is presented with a web page containing links to individual components that are available to that kind of user (Knowledge Worker or Administrator).
Here is a sample of the Knowledge Worker web page with all links exposed:
Here is a summary of what the links on the Knowledge Worker web page mean:
Here is a sample of the Administrator web page with all links exposed:
Note that links to the same function might have different display names when viewed from the Administrator RWW web page versus the Knowledge Worker page. For example, ‘Connect to Client Desktops’ vs. ‘Connect to my computer at work’.
Here is a summary of what the links on the Administrator RWW page mean:
Exposing the Links
In addition to group membership, exposure of most of the links is controlled by the options specified when running the following wizards:
Exposure of the links related to RDP or Terminal Server access also depends upon servers or workstations being found online on the LAN with those services and the appropriate ports enabled at the time RWW is accessed.
When you run the CEICW you are presented with the following screen which allows you to select the web services that you wish to publish through RWW:
If the ‘Remote Web Workplace’ option is not selected but other components are, those components might be available independently of RWW but when a user tries to go to the RWW URL ( https://mail.testrww.com/remote ), they will get “Page cannot be displayed”.
Running the CEICW is sufficient to expose most of the frequently used features such as:
To expose the Connection Manager links, simply run the Remote Access Wizard from the Server Management console and check the box for VPN:
To expose the Server Usage Reports and Server Performance Reports, the Monitoring Configuration Wizard must be run and the “View the usage report in Server Management” box must be checked.:
Access to Server Usage and Performance Reports is primarily controlled by membership in the Usage Report Users security group. By default the Domain Admins group is a member of that group.
Other users can be granted access to the Server Usage Reports as well by running the Monitoring Configuration Report Wizard and adding authorized users as shown below. One of the things the wizard does is add the users to the Usage Report Users security group. If access is granted to non-administrative users, the link for the “View server usage report” will show up on the Knowledge Worker page for those users. However the “View server performance report” link will still only be available on the Administrator RWW web page, regardless of group membership.
In general, the Remote Registry service must be running on the Terminal Server, a firewall between the SBS server and the TS must not be blocking RPC traffic, and the Network Service account must have at least read access to the registry key HKLM\System\CurrentControlSet\Control\Terminal Server .
If an application Terminal Server is brought online after an RWW Knowledge Worker logs on, refreshing the RWW link screen will not cause the “Connect to my company’s application-sharing server” link to be displayed. The user will have to logoff of RWW and log back on the see the link.
The “Connect to Server Desktops” link on the Administrator RWW page will always be displayed but the ability to connect to specific server desktops depends on the whether the server is online, whether it is listening on port 3389, etc.
Registry Values associated with RWW Links
The following registry values actually control whether the links are exposed for Administrators and Knowledge Workers. Although these values can be changed manually in the registry, you should first try to enable them by running the appropriate wizard to ensure that the component will be fully configured and functional. Once a component has initially been configured, you can easily hide or expose the link for it by changing the appropriate registry key value to a 1 or a 0 (1=show, 0=hide):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\
AdminLinks
ClientTS |
Connect to Client Desktops |
CM |
Download Connection Manager |
Community |
Ask the Community |
Help |
View Client Help |
HelpDesk |
Monitor Help Desk |
OWA |
Use Outlook Web Access |
PerfReport |
View server performance report |
RA |
Provide Remote Assistance |
RPC |
Configure Outlook via the Internet |
ServerTS |
Connect to Server Desktops |
STS |
Administer the company’s internet Web site |
UsageReport |
View server usage report |
KWLinks
AppTS |
Connect to my company’s application-sharing server |
CM |
Download Connection Manager |
Help |
View Remote Web Workplace help |
OWA |
Read my company e-mail |
RPC |
Configure your computer to use Outlook via the Internet |
STS |
Use my company’s internal Web site |
TS |
Connect to my computer at work |
UsageReport |
View server usage report |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.