Using Remote Web Workplace

Each of the tools linked from RWW is fairly self-explanatory. You can access Outlook Web Access (OWA) and the Companyweb site without using the RWW interface, but accessing those sites through RWW may be easier for your users. In fact, because users can get to OWA, Companyweb, and many other features through RWW, some companies only share the RWW web address with their users who need remote access. Remembering or bookmarking a single entry point is simpler for some users than having to remember one bookmark for OWA, one for RWW, and a separate one for Companyweb.

One of the biggest myths related to RWW is that you cannot access the RWW interface from a Macintosh or a web browser that does not support ActiveX controls, such as Firefox. This is simply not the case. The Firefox browser and almost all Macintosh web browsers can access most of the functions of RWW with minimal differences. Only the connections to server and workstation desktops will not work because those connections are handled with an ActiveX control.

Note

The only browser that simply will not work at all with RWW is Internet Explorer for the Macintosh, and even then only under one condition. Internet Explorer for the Macintosh has no mechanism for interacting with SSL certificates that have not been generated by "trusted" third-party providers. When IE for the Mac encounters the self-signed certificate generated by SBS, it will not continue the connection. For more information about Macintosh web browsers and the self-signed SSL certificate with SBS, see Chapter 17, "Integrating the Macintosh into a Small Business Server 2003 Environment."

This section of the chapter covers the most commonly used features of RWW, how they work, and how they differ from standard access methods.

Connecting to RWW

The first step to accessing any of the features of RWW is to log in to the interface. From inside the network, open https://servername/remote in your browser. From outside the network, use https://publicdnsname/remote instead. If you configured your SBS server with the self-signed certificate, you will get a prompt alerting you that the certificate is from an untrusted source. You can click OK to bypass the warning or, if you are using a computer that you will use to access RWW regularly, you can install the certificate in the local certificate store to bypass this warning every time you access the logon page. The SSL certificate is automatically stored in the proper certificate store on workstations that have been joined to the domain using Connect Computer, so you should not see this warning on workstations on the internal network.

When you get the logon page, enter your network username and password and press Enter to log in. You can also adjust your connection speed in the drop-down menu. After you are logged in, you get either the Administrator menu or the Client menu, depending on your account permissions.

Connecting to OWA

In traditional Exchange installations, OWA Access is accessed through its own web page, usually https://publicdnsname/exchange. This interface is also available with SBS and is covered in more detail in Chapter 11. The significant difference between accessing OWA directly through its web interface and the RWW interface is in the way authentication is handled.

When you access OWA through its own page, you have to enter your username and password to access the site. When you access OWA through the RWW interface, you do not need to give a username and password a second time. RWW passes the credentials you used to log in to RWW to OWA so that the OWA interface is brought up directly for your user account.

One particular item to note here is that you can only access your Exchange account through OWA from RWW. Because no authentication prompt appears when you click on Use Outlook Web Access from the Administrator view or Read My Company E-mail from the Mobile User's view, you cannot provide different credentials and access a different mailbox.

By default, RWW attempts to access OWA using the Premium interface, which gives the most Outlook-like look and feel. When you access OWA through RWW from a browser other than Internet Explorer on Windows, you get the Basic OWA interface instead.

One other difference between Internet Explorer for Windows and other browsers is in the way the Log Off function is handled within OWA. If you click the Log Off button in the OWA premium interface, you get the OWA logon screen inside the RWW shell. If you then click on the RWW Main Menu link, you are taken back to the RWW logon page. Clicking Log Off from the OWA Premium interface logs you out of the RWW session as well. If you select Log Off from the OWA Basic interface, however, you still get the OWA logon screen, but when you click the RWW Main Menu link, you are taken back to the RWW menu. The Log Off from the Basic OWA interface does not impact the logon credentials for OWA.

Connecting to Companyweb

The entry point into Companyweb is different depending on whether you logged in to RWW as an administrator or as a normal user, and is present only if access to the Windows SharePoint Services intranet site has been enabled in the Connect to the Internet Wizard (CEICW). For more information on this configuration setting, see Chapter 14, "SharePoint and the Companyweb Site." From the Administrator's menu, you can jump into the Help Desk section of Companyweb, or you can access the Site Settings. The user menu takes you straight to the root of the Companyweb site. In either case, you are prompted for your username and password to access Companyweb. The single sign-on support for OWA does not apply to Companyweb.

When using Internet Explorer for Windows, if you log out of RWW and log back in without closing the IE window, you are prompted for authentication credentials again when you try to access any of the Companyweb links in the RWW menu. This is not the case with other browsers. The credentials used to access Companyweb continue to be stored in the browser until the browser window is closed and reopened. This could present issues if you are verifying user access to Companyweb through RWW.

For example, if you connect to RWW from a non-IE Windows browser, log in as Administrator, and access Companyweb, you are prompted to enter your username and password, which is the same Administrator logon information you provided when logging in to RWW. After you have made changes to the Companyweb interface and want to test it as a regular user, you might log out of RWW and log in again without closing the window. No matter how you log in to RWW, when you click on one of the links that takes you in to the Companyweb interface, you will not be prompted to log in again. Companyweb uses the same credentials that had been entered earlier. The only way to ensure that you get completely disconnected from Companyweb when you log out of RWW is to close the browser window and open a new one before trying to access Companyweb through RWW again.

Connecting to Server Desktops

Connecting to servers using the remote desktop protocol is one of the main administrative uses of RWW in the SBS community. When administrators log in to RWW, the first link listed in the Administrator menu is Connect to Server Desktops. This link opens the remote desktop ActiveX control and lists all servers in the network. This list includes the SBS server, any member servers, any domain controllers, and any terminal servers in the domain. This list is the only way to access the SBS server, member servers, and domain controllers through RWW.

Note

Only Windows 2003 servers and Windows 2000 servers running Terminal Services appear in the server list. Regular Windows 2000 servers do not support remote desktop and cannot be accessed using this interface.

Terminal severs are a bit different. Because users need access to the terminal server desktop, a special menu item is made available in the uses RWW menuConnect to My Company's Application-Sharing Server. When a user selects this item, a list of available terminal servers appears for the user to select from. No other servers are listed in any RWW interface for non-administrator users.

Figure 15.3 shows the Connect to Server Desktops interface with the Optional Settings menu expanded. From this screen, you can select the server computer to connect to, specify any particular settings you want for the connection, and select the screen size for the connection.

Figure 15.3. Options for connecting to server desktops.

Table 15.4 briefly describes the connection options available for server connections.

Table 15.4. Options for Connecting to Server Computers
Item	Description
Log On to or Resume the Console Session of the Remote Computer	Allows you to connect to the console session of the server, not just a standard remote session.
	See Chapter 8, "Terminal Services," for an explanation of connecting to console sessions versus remote sessions.
Log On to the Selected Computer as Administrator	By default, the connection to the remote computer uses the same username provided for the RWW session.
	Removing this check box allows you to provide a different username for the connection.
Enable Files or Folders to Be Transferred Between the Remote Computer and This Computer	When enabled, this option creates a network drive mapping for each drive on the local computer at the remote computer.
Enable Documents on the Remote Computer to Be Printed on a Local Printer	When enabled, this option creates a printer object on the remote computer for each printer defined on the local computer.
Hear Sounds from the Remote Computer on This Computer	When enabled, audio from the remote computer, if any, will be mapped to and played on the local computer. This includes system alert sounds as well as other audio, if audio is supported on the remote computer.

By default, only the Log On to the Selected Computer as Administrator and Enable Documents on the Remote Computer to Be Printed on a Local Printer options are enabled.

Caution

Not all printers connected to the local machine can support remote desktop printing. Most USB printers and some printers connected via the parallel port will not work in this configuration.

You can also select the screen size you want to use for the remote connection from the drop-down menu. The default setting is Full Screen, but other standard screen sizes (640x480, 800x600, 1024x768, 1280x1024, and 1600x1200) can be selected as well.

When you click Connect, the ActiveX client makes a connection to the remote machine through the Terminal Services Proxy port (4125). The Terminal Services Proxy services on the SBS server get the incoming connection on port 4125, get the name of the machine from the connection, and then open a connection to port 3389 (the remote desktop port) on the destination machine and tunnel data between the remote machine to the internal machine. This data connection is configured automatically in the CEICW, but if you have a standalone router/firewall between the SBS server and the Internet, you will have to configure the firewall to allow port 4125 inbound to the SBS server before remote machine connections will work.

Connecting to Client Desktops

Connecting to client desktops (called Connect to Client Desktops in the admin menu and Connect to My Computer at Work in the user menu) is similar to the server desktop connections, with a few key differences. First, only Windows XP workstations with Remote Desktop enabled are listed in the selection screen. Windows XP workstations that have been joined to the domain using the Connect Computer Wizard have this configuration enabled by default. Second, the option to connect to the console session is not available in this interface because console connections are the only connections supported in Windows XP. This also means that only one person can be logged in to the Windows XP workstation at a time. If someone is using the workstation locally and a remote user attempts to connect to it, the local user could be logged off or have his session taken over and be locked out of the connection while the remote connection is in place. Otherwise, the steps to connect to a client desktop are the same as connecting to a server desktop.

One issue that users may complain about is performance when connecting to their desktops remotely. The user interface in Windows XP is more graphical than the interface in Windows Server 2003. Even though the remote connection transmits only screen information and keyboard/mouse data across the network, an XP workstation with a high-resolution background image or special cursor images can significantly slow down the session to a point that the user may feel it's unusable. Many of these graphics can be reduced and overall performance improved by selecting a slower connection speed at the initial RWW logon screen. This is one complaint about the RWW interfaceyou can adjust the connection speed setting only at the initial logon.

Best Practice: Set the RWW Connection Speed to Modem (28.8Kbps)

When showing users how to log in to the RWW interface, have them select the Modem (28.8 Kbps) option in the Connection Speed drop-down menu. This setting configures the remote desktop connections to use minimal graphics on the remotely connected desktop to improve performance across the network. When choosing this setting, the user's desktop background image will not be displayed, and the Start menu and other interfaces will revert to classic mode, reducing the amount of visual data that must be sent across the wire.

Even when connecting across a high-speed connection in both directions, this setting significantly improves remote desktop performance. If users complain about the lack of graphics, you can have them step up the options one at a time until they reach a balance of the visual environment they are used to and a connection speed they can live with. In most cases, though, users get used to the quicker speed they get by using the lowest connection speed setting.