Configuring RAWeb for a multi-user environment

RAWeb allows different users to see different apps by configuring IIS and setting some permissions.

You control access to your remote apps by setting file permissions on the RDP files. You can grant access to Active Directory or local users or groups.

This works with both the web-based RAWeb and also the webfeed.

This guide will show you how to setup a basic configuration to give a single local user access to some apps as an example.

Setup
Install RAWeb as per the instructions on the main RAWeb page.

You will also need to add Windows Authentication to IIS by adding the Windows Feature:


In IIS Manager, open the Authentication feature for your site.


Disable Anonymous Authentication and enable Windows Authentication. Other methods may work but are untested.


Permissions
From here you need to setup permissions. This will work with local users/groups or Active Directory users/groups.

Summary:
-RAWeb users (or groups) should only have List folder contents permissions on the rdp directory (disable inheritance).
-Any user or group requiring access to a remoteapp must have Read permissions to the RDP file for the app.

Example:
In the example below example, we will give a single local user access to some (but not all) apps available.

Go to the Security tab in Properties of the rdp directory, and click Advanced, then Change Permissions.


Depending on your OS, click either Disable inheritance or untick Include inhertiable permissions from this object's parent.
 -or- 


Again depending on your OS, click either Convert inherited permissions into explicit permissions on this object or Add.
 -or- 


Click OK, and go back to the main Properties window. Edit the permissions: Click on the Users group and ensure that only List folder contents permission is allowed (untick the others).


Click OK. Now fill up your rdp folder with some RDP files.


Now to assign an app to a user, give the user Read permissions to the appropriate RDP files.

In this example, there is a local user named TestUser who will be granted access to Calculator and Chrome but not TestApp.

Simply add Read permissions for TestUser on Calculator.rdp and Chrome.rdp.


When TestUser logs on to RAWeb, they will be prompted for credentials (or credentials of the logged on user may be passed through if part of a domain). TestUser will only see the apps assigned to them:

In this case, TestApp is not displayed (as desired).

This applies to web-based RAWeb and also the webfeed feature.

Please provide feedback using the software feedback form.