RWW procedure in SBS 2003

Hello! I am Harry Brelsford, the author of Windows Small Business Server 2003 Best Practices (da’ purple book). I am posting up several pages per day of this book until SBS 2008 ships.

Today we explore the Remote Web Workplace (RWW) usage procedure in SBS 2003.

enjoy….harrybbbb

Harry Brelsford | ceo at SMB Nation | www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE and other stuff!

PS – we have a raging fall geeky conference in Seattle in early October…SBS 2008 and EBS 2008 launch party!

###

RWW Procedure: Daze and Amaze!

As you start this procedure, there is a big assumption you will introduce a remote computer into the SPRINGERS scenario (so far you’ve worked with the SPRINGERS1 server machine and the PRESIDENT client computer). A favorite way to describe the mobility area in SBS 2003 time frame is to say you’re using a laptop over WIFI from a Starbucks coffee shop to access the office network!

What you need is a client computer that is not part of the SBS 2003 network and could be considered as being on the “outside” (not on the 192.168.16.x subnet). In Appendix D, you’ll receive guidance for setting this up as a virtual network using either VMWare or Virtual PC from Microsoft. To facilitate this, I created a Windows XP Pro workstation in a workgroup called HASBORN (the machine name is NormLap). I assigned the static IP address of

207.202.238.225 with a Class C subnet to this external client computer. The naming isn’t as important here as the concept of having an external client computer up and running in the SPRINGERS storyline.

1.         Log on as NormH to the remote computer (in my case, NormLap) with the password Purple3300 (in this case, Norm is a local user in the Windows XP Pro workgroup model). Also – please make sure the PRESIDENT workstation is powered on and running. And I guess the SBS 2003 server machine (SPRINGERS1) better be running too! That’ll make this procedure infinitely easier to complete!

BEST PRACTICE: Later on, when you attempt to connect to PRESIDENT from NormLap, you’ll appreciate the following. If PRESIDENT were not powered on and attached to the network in

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

our case, you’d receive an error in the Remote Desktop connection process the reads: “Connectivity to the remote computer could not be established. Ensure that the remote computer is on and connected to the Windows Small Business Server Network.”

1                    Launch Internet Explorer from Start, Internet. Type in the follow­ing address in the Address field: springers1.springersltd.com.

2                    If you did not select the Business Web on the Web Services Configu­ration page in Chapter 4 when you ran the EICW, you’d receive a 403 error saying that the page could not be displayed. If you did publish the root page by selecting Business Web on the Web Services Configuration page, the Welcome page appears as seen in Figure 8-1. You will now plow through each link. But notice that the address line reads “http” at this point. This is important as you progress through the examples.

 

Figure 8-1

The external public Web page on an SBS 2003 server machine. It kindly welcomes you aboard! This occurs when you publish the root Web page over port 80 in SBS 2003 (which is not recommended).

BEST PRACTICE: Slow down there, pardner! How did a FQDN address resolve itself in our simple SPRINGERS methodology when I didn’t point you to an authoritative DNS server to resolve the address? Did I brain hiccup on ya there? Nope! I got sneaky and entered the following HOSTS file entry on the NormLap workstation:

207.202.238.215 springers1.springersltd.com

Note the host file on a Windows XP Pro is located by default at: c:\windows\system32\drivers\etc

1                    Click My Company’s Internal Web Site and nothing will happen. This was designed to be a simple placeholder for you to place a link to your company’s Web site. It will not access the internal Web site despite the name of this link (the command being executed is http:// companyweb which is an internal, not external reference). Click Back to return to Welcome.

2                    Click Network Configuration Wizard. This is an internal LAN pro­cess to join the computer as an Active Directory object on the net­work. This certainly has a time and place, but you’re going to defer on the opportunity to do this now because I want to maintain the sanctity of my methodology whereby NormLap is truly an external client computer. In fact, this wont’ work externally. Click Back.

3                    If you clicked Remote Web Workplace, you’d access RWW from the public root Web page. But read on.

4                    So now I want to reverse course and do things properly! In the Address field, type springers1.springersltd.com/remote and click Go. You’ve commenced your connection to RWW.

5                    Click OK when you see the Security Alert dialog box.

6                    Another Security Alert dialog box appears and relates to the self-signed security certificate described in Chapter 6. Click View Cer­tificate and select Install Certificate. Click Next when the Cer­tificate Import Wizard launches. Click Next on the Certificate Store page (the default selection is Automatically select the cer­tificate store based on the type of certificate). Click Finish fol­lowed by OK. Click OK to close the Certificate dialog box. So what did you just do? You installed the certificate in Internet

 

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Explorer on the external client computer. Finally, click OK to clear the Security Alert dialog box that greeted you at the start of this step.

BEST PRACTICE: If you purchase a real signed certificate (e.g. Verisign), the stuff in the step above won’t happen. Consider that a best practice (Microsoft is supportive of purchased real certificates).

10.       The Remote Web Workplace logon dialog box appears (Figure 8-2). Type NormH in the User name field. Type Purple3300 in the password field. Observe the other settings (using a public/shared computers, broadband connection). Click Log on.

BEST PRACTICE: Notice the Address line has switched to HTTPS. It’s self-signed security certificate time, baby! Observe the little golden padlock on the lower right of IE. HUMOR ZONE: Back before July 2003 (when Microsoft went to stock grants), stock options for full-time Microsoft employees (“blue badges”) have been referred to as the golden handcuffs, so this must be the origins of the golden padlock for IE in HTTPS mode!

Figure 8-2

The Remote Web Workplace logon page.

11.       Observe the official Remote Web Workplace page that has four menu options by default (Figure 8-3). The first selection, Read my company e-mail, simply launches Outlook Web Access, which I’ll discuss a little later in the chapter. The fourth option, Download Connection Man­ager, is also discussed later in the chapter. For now the focus is on the middle two options. So click Connect to my computer at work.

Figure 8-3

The infamous Remote Web Workplace welcome page. The ability to connect to your computer is only one of four options on this menu.

BEST PRACTICE: Exactly how does the RWW welcome page get built and know what options to display? In part, the RWW welcome page menu options are built from the options you select on the Web Services Configuration page in the EICW (refer to Figure 4-10). Another element is that an Active Directory query is run to look for computer objects. If none are found, the link to connect to desktop computers is suppressed. If you haven’t completed the Remote Access Wizard from the To Do List in Server Manager, the Connection

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Manager link is suppressed. That’s what does it for mere mortals, but read on.

If you want to manually light up links in RWW, you can flip the DWORD value in the Registry for any menu link. Go to the following SBS 2003 Registry location in the Registry Editor (REGEDIT):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal

and then drill into the two folders (AdminLinks, KWLinks) and look at the DWORD values (these line items list each RWW menu link). Choose the AdminLinks folder when you use RWW as Administrator. Select the KWLinks folder when you use RWW as a user who has Mobile User template membership or Power User template membership.

 

12.       Click Yes when asked by the Security Warning dialog box to install the Remote Destkop Active X control. This control will install in the background. Note this is a one-time event that runs the first time you perform this procedure. You won’t see it again.

 

13.       Select PRESIDENT from the Computers list. Click the Optional Settings link and observe the settings. Select the Enable files and folders to be transferred between the remote computer and this computer and Hear sounds from the remote computer on this com­puter. The options you have just selected are self-explanatory. Your screen should look similar to Figure 8-4 (I realize the figure is slightly cropped). Click Connect.

 

14.       Click OK after reading the Remote Desktop Connection Security Warning (Figure 8-5).

 

15.       On the Log on to Windows dialog box that appears for the PRESI­DENT client computer, type NormH as the user and Purple3300 as the password. This step is identical to logging on to a Terminal Ser­vices server machine from a remote location, so it’s likely within your comfort level.

 

Figure 8-4

Explore the options on the page where you select the computer you want to log on to remotely.

BEST PRACTICE: Hold the phone! Didn’t you observe in step 13 that the RWW session had you log on as NormH yet you were challenged and had to log on as NormH in the Log on to Windows dialog box? This relates to the fact that user authentication credentials from the RWW sign on (step 10) aren’t being passed on to step 15.

Technically speaking, here is what’s up. The Remote Desktop ActiveX Control can only accept credentials in clear text before connecting to a client. Once you connect, the channel is encrypted, and passwords are sent securely. Microsoft could not allow people to have their credentials stored in clear text on a client ever, which is what would have to occur in order to automatically sign you in. It’s too risky. Who knows? Maybe in the future this pass through will be securely perfected, saving that step. Good news, though. The step

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

does preset your user name for you, saving you some typing (e.g., not having to type NormH again).

Figure 8-5

Approve this security warning which speaks towards local drive mappings.

16.       You are now using the PRESIDENT machine at work as NormH. THIS IS SO COOL (NormH’s exact words as he sipped a triple cappuccino at Starbucks!). Go ahead and perform a simple action such as launching his Outlook 2003 e-mail client from Start, E-mail and perhaps launch Microsoft Word from Start, All Programs, Microsoft Office, Microsoft Office Word 2003 (the result would be similar to Figure 8-6).

BEST PRACTICE: Can anyone log on to any client computer on the SBS 2003 network using this RWW-based work from home or Starbucks approach? Nope! Remember back in Chapter 4 that the Add User Wizard process made the assigned user a local administrator and eligible to log on to the client computer via the Remote Desktop capability in Windows XP Pro (see from Start, right-click My Computer, select Properties, select Remote tab and explore the Remote Desktop section of the tab sheet). Bottom line: You have to be allowed to log on to a client computer.

Figure 8-6

Working remotely, Norm has hijacked his desktop machine back at SPRINGERS and typed a document in Word 2003. Cool!

BEST PRACTICE: By the way, I remember a heated debate between individuals at the Fall 2003 Miami SBS 2003 hands-on lab regarding the Remote Desktop logon behavior in RWW. It was like witnessing a beer battle with one side claiming the brew was less filling, the other side insisting the brew tasted great. One party claimed that the auto-logoff that occurs, for example, on Norm’s PRESIDENT machine (assuming it was logged on at the time back at the office) when Norm uses RWW to initiate a Remote Desktop session is a flaw. His point was someone could be working on PRESIDENT and receive no prior notification they are being logged off (work could be lost, etc.). The other party to the debate saw the situation much differently and claimed it was a feature! Performing this log off on the local desktop when a Remote Desktop session via RWW

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

commenced enforced security and prevented snooping. So one man’s flaw is another man’s feature!

Oh-oh. Just one minor clarification to the story above. When Norm, who is working remotely, commences the Remote Desktop session, he will receive a notice that he’s about to log off the local user (in this case we’ll say Linda). It’s Linda who doesn’t receive the log off notification (Linda just finds herself being logged off).

17.       Let’s pretend you walked up to the counter and ordered another triple cappuccino. The line was long with worker bees and it was over 20 minutes before you returned to your remote session on your laptop (e.g., NormLap). You’re greeted by Figure 8-7. Why? Because back in Step 9 at the RWW logon box, you told SBS 2003 that you were logging on from a public or shared computer. Knowing that, SBS 2003 will terminate your session after 20 minutes of idle time (a private or non-public computer has two hours). Note that you will always receive a RWW warning that you’re about to time out at the remaining one-minute mark. Click on the Return to the Remote Web Workplace link.

Notes:

 Figure 8-7

Oops. You took to much time getting the cappuccino and were logged off for security purposes!

BEST PRACTICE: When you were auto-logged off, this wasn’t just a termination of the Remote Desktop session with the PRESIDENT desktop machine. No sir! This was a total log out from RWW (that’s going back a couple of steps there).

18.       Complete the logon (again) to RWW in a manner similar to Step 10 above as NormH. Select Connect to my computer at work. Select PRESIDENT and click Connect. Log on as NormH using the Purple3300 password. Whew! You’re returned to the Word 2003 document shown in Figure 8-6. Yes Virginia, Windows XP Pro has session maintenance upon disconnect or forced logoff.

BEST PRACTICE: Note that RWW will display a list of Windows XP Pro machines with Remote Desktop and Windows 2000 Server/ Windows Server 2003 machines running Terminal Services in

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Application Sharing Mode here. This is accomplished by a background query that pools network membership for machines that meet this specific criteria. This is an SBS 2003 feature and not found in the full Windows Server 2003 network. Yee-haw.

And by the way, if you connect to a server machine running Terminal Services in Application Sharing Mode via RWW, it will be over port 4125, not port 3389 (the traditional way). You read it here first.

 

19.       You will now disconnect properly! Close Word 2003 (save the file if you like). Close Outlook 2003. Click Start, Disconnect. Select Dis­connect when the Disconnect Windows dialog box appears. When you perform this step, a local user could log on to the machine again and commence working (e.g., Linda uses the desktop computer again).

 

20.       You are returned to RWW’s screen displaying computer names. Click the Main Menu link.

 

21.       Click on the Use my company’s internal Web site link.

 

22.       Complete the connection dialog box that appears as NormH in the User name and Purple3300 in the Password field.

 

23.       The Windows SharePoint Services (WSS) Home page appears as seen in Figure 8-8.

 

Notes:

Figure 8-8

The WSS Home page as you left it in Chapter 7 but viewed via RWW.

24. Select Log Off. Then click Close. When asked to close the window in the Microsoft Internet Explorer dialog box, click Yes.

Notes:

 Visit http://www.microsoft.com/technet for the latest updates for any Microsoft product.

Advertisements

Leave a comment

Filed under Book

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s