zabpehely
/
raweb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Page: Configuring RAWeb for a multi user environment
Pages
Configuring RAWeb for a multi user environment File type associations for RAWeb webfeed clients Home Setup RAWeb Web Interface Setup RAWeb Webfeed with a Self Signed Certificate
1 Configuring RAWeb for a multi user environment
kimmknight edited this page 2019-10-12 02:14:33 +11:00
Table of Contents

Configuring RAWeb for a multi-user environment

RAWeb allows different users to see different apps by configuring IIS and setting some permissions.

You control access to your remote apps by setting file permissions on the RDP files. You can grant access to Active Directory or local users or groups.

This works with both the web-based RAWeb and also the webfeed.

This guide will show you how to setup a basic configuration to give a single local user access to some apps as an example.

Install

Install RAWeb as per the instructions on the main RAWeb page.

You will also need to add Windows Authentication to IIS by adding the Windows Feature:

Configure authentication

In IIS Manager, open the Authentication feature for your site.

Select authentication method

Disable Anonymous Authentication and enable Windows Authentication. Other methods may work but are untested.

Permissions

Summary:

  • RAWeb users (or groups) should *only *have List folder contents permissions on the rdp directory (disable inheritance).
  • Any user or group requiring access to a remoteapp must have Read permissions to the RDP file for the app.

Example:

In the example that follows, we will give a single local user access to some (but not all) apps available.

Go to the **Security **tab in **Properties **of the rdp directory, and click Advanced, then Change Permissions.

Disable inheritance

Depending on your OS, click either Disable inheritance or untick Include inhertiable permissions from this object's parent.

Keep permissions

Again depending on your OS, click either Convert inherited permissions into explicit permissions on this object or Add.

Set rdp folder permission

Click OK, and go back to the main **Properties **window. Edit the permissions: Click on the **Users **group and ensure that only List folder contents permission is allowed (untick the others).

Add RDP files

Now fill up your rdp folder with some RDP files.

Assign RemoteApps to users by setting permissions

Now to assign an app to a user, give the user Read permissions to the appropriate RDP files.

In this example, there is a local user named TestUser who will be granted access to Calculator and Chrome but *not *TestApp.

Simply add **Read **permissions for **TestUser **on Calculator.rdp and Chrome.rdp.

ScreenHunter_17 Oct. 01 13.46.jpg

In this case, TestApp is not displayed (as desired).

This applies to web-based RAWeb as well as the webfeed feature.