Configuring RAWeb for a multi-user environment
RAWeb allows different users to see different apps by configuring IIS and setting some permissions.
You control access to your remote apps by setting file permissions on the RDP files. You can grant access to Active Directory or local users or groups.
This works with both the web-based RAWeb and also the webfeed.
This guide will show you how to setup a basic configuration to give a single local user access to some apps as an example.
Install
Install RAWeb as per the instructions on the main RAWeb page.
You will also need to add Windows Authentication to IIS by adding the Windows Feature:
Configure authentication
In IIS Manager, open the Authentication feature for your site.
Select authentication method
Disable Anonymous Authentication and enable Windows Authentication. Other methods may work but are untested.
Permissions
Summary:
- RAWeb users (or groups) should *only *have List folder contents permissions on the rdp directory (disable inheritance).
- Any user or group requiring access to a remoteapp must have Read permissions to the RDP file for the app.
Example:
In the example that follows, we will give a single local user access to some (but not all) apps available.
Go to the **Security **tab in **Properties **of the rdp directory, and click Advanced, then Change Permissions.
Disable inheritance
Depending on your OS, click either Disable inheritance or untick Include inhertiable permissions from this object's parent.
Keep permissions
Again depending on your OS, click either Convert inherited permissions into explicit permissions on this object or Add.
Set rdp folder permission
Click OK, and go back to the main **Properties **window. Edit the permissions: Click on the **Users **group and ensure that only List folder contents permission is allowed (untick the others).
Add RDP files
Now fill up your rdp folder with some RDP files.
Assign RemoteApps to users by setting permissions
Now to assign an app to a user, give the user Read permissions to the appropriate RDP files.
In this example, there is a local user named TestUser who will be granted access to Calculator and Chrome but *not *TestApp.
Simply add **Read **permissions for **TestUser **on Calculator.rdp and Chrome.rdp.
ScreenHunter_17 Oct. 01 13.46.jpg
In this case, TestApp is not displayed (as desired).
This applies to web-based RAWeb as well as the webfeed feature.