Jump to content

Getting back SBS TS access

Guest Bill M.

By Guest Bill M.
in Windows NT Server

 Share

Recommended Posts

Guest Bill M.

Guest Bill M.

Posted
Posted

I made the choice due to the numbers of workstations to move from SBS 2003

R2 to full dedicated servers with roles on many servers. After weeks of

fighting. Four calls to Microsoft at hundreds of dollars and we are up and

running on the new gear.. What a month. So now I have two items that I am

lost to fix. ( Well with out a further expensive call to Microsoft) So lets

see if I can solve it with the wisdom on line here. Both are related to

Termnal Service.

 

a) On the server that has the Terminal Server running .. If I log onto the

TS I of course need to be approved for access . If I go to the Domain Active

Directory there is no Remote Desktop Group to assign for that user. But

there is on the server that has the TS on it. So I need to approve the user

local and it works.. How do I get this up to the Domain level of control

rather then local...

 

b) So on SBS there is the great web based interface that allows you to

connect to the Server or a Workstation attached to the LAN.. No one told me

that I was going to loose this when I did the Transition Pack but my users

love to remind me about the lack of remote access to the Workstation.. So

not being a web developer .. Any suggestions on getting back the ability to

access the workstation.

 

Many thanks to those who respond

 

Bill

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: Getting back SBS TS access

 

Bill M. <BillM@discussions.microsoft.com> wrote:

> I made the choice due to the numbers of workstations to move from

> SBS 2003 R2 to full dedicated servers with roles on many servers.

> After weeks of fighting. Four calls to Microsoft at hundreds of

> dollars and we are up and running on the new gear.. What a month.

 

Congratulations on your survival....

> So now I have two items that I am lost to fix. ( Well with out a

> further expensive call to Microsoft) So lets see if I can solve it

> with the wisdom on line here. Both are related to Termnal Service.

>

> a) On the server that has the Terminal Server running ..

 

Which is a member server, right?

> If I log

> onto the TS I of course need to be approved for access . If I go to

> the Domain Active Directory there is no Remote Desktop Group to

> assign for that user. But there is on the server that has the TS on

> it. So I need to approve the user local and it works.. How do I get

> this up to the Domain level of control rather then local...

 

Create an AD security group called "TS Users". Add it to the server's local

Remote Desktop Users group.

Add the domain users you wish to TS Users.

>

> b) So on SBS there is the great web based interface that allows you to

> connect to the Server or a Workstation attached to the LAN.. No one

> told me that I was going to loose this when I did the Transition Pack

> but my users love to remind me about the lack of remote access to the

> Workstation.. So not being a web developer .. Any suggestions on

> getting back the ability to access the workstation.

 

There's no Remote Web Workplace in non-SBS environments (and yes, I agree

that it'd be nice to have). Since you've got TS, the users can't

legitimately need RD access to their desktops any longer, can they? You can

just have them use the RD client to get to server.domain.com - or install

TSWeb.

>

> Many thanks to those who respond

>

> Bill

Guest AnchorDave

Guest AnchorDave

Posted
Posted

Re: Getting back SBS TS access

 

I agree the SBS remote web workplace is a nice feature but this is easy to

duplicate in a non sbs environment.

 

on your firewall create a range of open ports , for example 10,000-10,100

 

for each internal machine that a user wants external access to create a

custom firewall rule that redirect the external port to the internal RDP

port( default of 3389)

 

eg. a user with internal ip address of 10.1.1.50 and the assigned firewall

port of 10,001 and an external domain name of domain.com could connect to

their workstation from any computer using.

 

mstsc /v:domain.com:10001

 

there are other ways of doing this also but this for me is the best and most

secure

 

"Lanwench [MVP - Exchange]" wrote:

> Bill M. <BillM@discussions.microsoft.com> wrote:

> > I made the choice due to the numbers of workstations to move from

> > SBS 2003 R2 to full dedicated servers with roles on many servers.

> > After weeks of fighting. Four calls to Microsoft at hundreds of

> > dollars and we are up and running on the new gear.. What a month.

>

> Congratulations on your survival....

>

> > So now I have two items that I am lost to fix. ( Well with out a

> > further expensive call to Microsoft) So lets see if I can solve it

> > with the wisdom on line here. Both are related to Termnal Service.

> >

> > a) On the server that has the Terminal Server running ..

>

> Which is a member server, right?

>

> > If I log

> > onto the TS I of course need to be approved for access . If I go to

> > the Domain Active Directory there is no Remote Desktop Group to

> > assign for that user. But there is on the server that has the TS on

> > it. So I need to approve the user local and it works.. How do I get

> > this up to the Domain level of control rather then local...

>

> Create an AD security group called "TS Users". Add it to the server's local

> Remote Desktop Users group.

> Add the domain users you wish to TS Users.

>

> >

> > b) So on SBS there is the great web based interface that allows you to

> > connect to the Server or a Workstation attached to the LAN.. No one

> > told me that I was going to loose this when I did the Transition Pack

> > but my users love to remind me about the lack of remote access to the

> > Workstation.. So not being a web developer .. Any suggestions on

> > getting back the ability to access the workstation.

>

> There's no Remote Web Workplace in non-SBS environments (and yes, I agree

> that it'd be nice to have). Since you've got TS, the users can't

> legitimately need RD access to their desktops any longer, can they? You can

> just have them use the RD client to get to server.domain.com - or install

> TSWeb.

> >

> > Many thanks to those who respond

> >

> > Bill

>

>

>

>

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: Getting back SBS TS access

 

AnchorDave <AnchorDave@discussions.microsoft.com> wrote:

> I agree the SBS remote web workplace is a nice feature but this is

> easy to duplicate in a non sbs environment.

>

> on your firewall create a range of open ports , for example

> 10,000-10,100

>

> for each internal machine that a user wants external access to create

> a custom firewall rule that redirect the external port to the

> internal RDP port( default of 3389)

>

> eg. a user with internal ip address of 10.1.1.50 and the assigned

> firewall port of 10,001 and an external domain name of domain.com

> could connect to their workstation from any computer using.

>

> mstsc /v:domain.com:10001

>

> there are other ways of doing this also but this for me is the best

> and most secure

 

Oy. I've had to deal with this before. It's a complete nightmare to manage,

doesn't scale well, and you have to have non-changing LAN IPs on the

workstations. Not worth it!

 

Better option would be something like an SSL VPN appliance....Sonicwall or

other.

>

> "Lanwench [MVP - Exchange]" wrote:

>

>> Bill M. <BillM@discussions.microsoft.com> wrote:

>>> I made the choice due to the numbers of workstations to move from

>>> SBS 2003 R2 to full dedicated servers with roles on many servers.

>>> After weeks of fighting. Four calls to Microsoft at hundreds of

>>> dollars and we are up and running on the new gear.. What a month.

>>

>> Congratulations on your survival....

>>

>>> So now I have two items that I am lost to fix. ( Well with out a

>>> further expensive call to Microsoft) So lets see if I can solve it

>>> with the wisdom on line here. Both are related to Termnal Service.

>>>

>>> a) On the server that has the Terminal Server running ..

>>

>> Which is a member server, right?

>>

>>> If I log

>>> onto the TS I of course need to be approved for access . If I go to

>>> the Domain Active Directory there is no Remote Desktop Group to

>>> assign for that user. But there is on the server that has the TS on

>>> it. So I need to approve the user local and it works.. How do I

>>> get this up to the Domain level of control rather then local...

>>

>> Create an AD security group called "TS Users". Add it to the

>> server's local Remote Desktop Users group.

>> Add the domain users you wish to TS Users.

>>

>>>

>>> b) So on SBS there is the great web based interface that allows you

>>> to connect to the Server or a Workstation attached to the LAN..

>>> No one told me that I was going to loose this when I did the

>>> Transition Pack but my users love to remind me about the lack of

>>> remote access to the Workstation.. So not being a web developer

>>> .. Any suggestions on getting back the ability to access the

>>> workstation.

>>

>> There's no Remote Web Workplace in non-SBS environments (and yes, I

>> agree that it'd be nice to have). Since you've got TS, the users

>> can't legitimately need RD access to their desktops any longer, can

>> they? You can just have them use the RD client to get to

>> server.domain.com - or install TSWeb.

>>>

>>> Many thanks to those who respond

>>>

>>> Bill

Guest AnchorDave

Guest AnchorDave

Posted
Posted

Re: Getting back SBS TS access

 

Totally agree, nightmare to manage and requires static ip's but for 1 or 2

users a valid and easy quick solution that requires no additional hardware or

software.

 

the functionality of the sbs desktop gateway is hard to duplicate at any

price really, i would love to see it available for non SBS server

environments.

 

a ssl vpn is the best solution, fortinet have a ssl remote desktop client

built in to their firewalls

 

 

 

"Lanwench [MVP - Exchange]" wrote:

> AnchorDave <AnchorDave@discussions.microsoft.com> wrote:

> > I agree the SBS remote web workplace is a nice feature but this is

> > easy to duplicate in a non sbs environment.

> >

> > on your firewall create a range of open ports , for example

> > 10,000-10,100

> >

> > for each internal machine that a user wants external access to create

> > a custom firewall rule that redirect the external port to the

> > internal RDP port( default of 3389)

> >

> > eg. a user with internal ip address of 10.1.1.50 and the assigned

> > firewall port of 10,001 and an external domain name of domain.com

> > could connect to their workstation from any computer using.

> >

> > mstsc /v:domain.com:10001

> >

> > there are other ways of doing this also but this for me is the best

> > and most secure

>

> Oy. I've had to deal with this before. It's a complete nightmare to manage,

> doesn't scale well, and you have to have non-changing LAN IPs on the

> workstations. Not worth it!

>

> Better option would be something like an SSL VPN appliance....Sonicwall or

> other.

> >

> > "Lanwench [MVP - Exchange]" wrote:

> >

> >> Bill M. <BillM@discussions.microsoft.com> wrote:

> >>> I made the choice due to the numbers of workstations to move from

> >>> SBS 2003 R2 to full dedicated servers with roles on many servers.

> >>> After weeks of fighting. Four calls to Microsoft at hundreds of

> >>> dollars and we are up and running on the new gear.. What a month.

> >>

> >> Congratulations on your survival....

> >>

> >>> So now I have two items that I am lost to fix. ( Well with out a

> >>> further expensive call to Microsoft) So lets see if I can solve it

> >>> with the wisdom on line here. Both are related to Termnal Service.

> >>>

> >>> a) On the server that has the Terminal Server running ..

> >>

> >> Which is a member server, right?

> >>

> >>> If I log

> >>> onto the TS I of course need to be approved for access . If I go to

> >>> the Domain Active Directory there is no Remote Desktop Group to

> >>> assign for that user. But there is on the server that has the TS on

> >>> it. So I need to approve the user local and it works.. How do I

> >>> get this up to the Domain level of control rather then local...

> >>

> >> Create an AD security group called "TS Users". Add it to the

> >> server's local Remote Desktop Users group.

> >> Add the domain users you wish to TS Users.

> >>

> >>>

> >>> b) So on SBS there is the great web based interface that allows you

> >>> to connect to the Server or a Workstation attached to the LAN..

> >>> No one told me that I was going to loose this when I did the

> >>> Transition Pack but my users love to remind me about the lack of

> >>> remote access to the Workstation.. So not being a web developer

> >>> .. Any suggestions on getting back the ability to access the

> >>> workstation.

> >>

> >> There's no Remote Web Workplace in non-SBS environments (and yes, I

> >> agree that it'd be nice to have). Since you've got TS, the users

> >> can't legitimately need RD access to their desktops any longer, can

> >> they? You can just have them use the RD client to get to

> >> server.domain.com - or install TSWeb.

> >>>

> >>> Many thanks to those who respond

> >>>

> >>> Bill

>

>

>

>

 Share
Go to topic listing
×
×
  • Create New...