Re: Users cannot access remote web workplace without admin access

Hi Dit,


Thank you for your update.


The current situation can be divided into two parts:
1. RWW site logon issue
2. RDP access issue

For the first issue, the problem could be caused by the user's membership.
Only the users in the Remote Web Workplace users security group can access
the RWW site. When we create the user accounts by using the SBS add users
wizard and also apply the user or mobile user templates to the accounts,
the accounts will be automatically added into the Remote Web Workplace
users group. You can manually add the user to the security group. Open
Active Directory Users and Computers, navigate to MyBusiness\Security
Groups\. Open the properties of 'Remote web workplace users' and then add
the user account into the group. After doing this, can this user access
the RWW site?

You may use the Change permission wizard to apply the user templates to the
existing user accounts. Open SBS Server Management console, navigate to
'Users' snap-in. Click 'Change User Permissions'. In the wizard, select the
user accounts which were migrated from the previous system; follow the
wizard to apply the proper templates to the user accounts. After doing
this, will the users be able to access the RWW site? Can users logon his
workstation through the RWW-RDP connection?

For the RDP access issue, it could be an expected behavior. The problem
should be related to the local computer security settings. When we use the
connectcomputer wizard to configure the workstations, the wizard can
automatically add the user (who is associated to the workstation) to the
local administrators group of the workstation. As a result, the user will
have the administrator privilege of the particular workstation. Also, the
user can logon the workstation through the RDP session. If a user account
is not added into the local administrators group, the user would not be
able to logon the workstation through RDP.

Please go to problematic workstation, logon the workstation with the local
administrator's privilege. Right-click 'My computer' and choose 'Manage'.
In 'Local users and Groups'\'Groups', open the properties of
'Administrators' group. Please check if the accout is listed in the group.
Right-click 'My Computer' and choose 'Properties'. In 'Remote' tab, make
sure that the remote access is enabled.

If you would like to work on this issue in newsgroup. I am glad to help.(
it's free :) )


I hope the above information helps. If you have any questions or concerns,
please feel free to let me know.

Have a nice day!



Best Regards,

Chace Zhang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: avoid set password prompt/Elem. School
    ... The authentication has nothing to do with the workstation. ... Obviously the user accounts have been setup to ask the user to change ... password the first time they logon. ...
    (microsoft.public.win2000.security)
  • Re: how to create domain policy to restrict users ???
    ... As I said, if there are NO local user accounts, no one can logon "locally", ... accounts are members of Local groups. ... or Administrators as appropriate) manually on each workstation. ...
    (microsoft.public.windows.group_policy)
  • webmail only + delete mail after one month
    ... I've been asked to setup a couple of user accounts that should only ... So they aren't allowed to logon to any ... workstation or server. ...
    (microsoft.public.exchange.admin)
  • Re: Daily Server Report (Critical Errors, Event ID: 537)
    ... Also, Logon type of 3 is a network logon, this is considered a ... Does this issue happen on client workstation or server? ... Does your server and all clients' workstation work well now? ... issue in your Network? ...
    (microsoft.public.windows.server.sbs)
  • Re: Daily Server Report (Critical Errors, Event ID: 537)
    ... Also, Logon type of 3 is a network logon, this is considered a ... Does this issue happen on client workstation or server? ... Does your server and all clients' workstation work well now? ... issue in your Network? ...
    (microsoft.public.windows.server.sbs)