Microsoft Windows Remote Desktop Services Web Access

From Swivel Knowledgebase Wiki

Jump to: navigation, search


Image:logo.gif

Contents

Introduction

This filter allows you to protect Windows Remote Desktop Services (RDS) Web Access with PINsafe authentication.

Prerequisites

You will need a Windows Server 2008 with RDS Web Access already installed. You will also need the Microsoft.Net Framework version 4, full edition (rather than client-only) installed.

PINsafe Server Configuration

The only configuration you need to do on the PINsafe server is to ensure that the RDS server is configured as an Agent for PINsafe (under Server -> Agents), and if you are using the TURing image, that under Server -> Single Channel, the option Allow session request by username is set to Yes.

Installation

You can download the filter from here.

Installation consists of a single executable, RDSWebFilter.exe. In most cases you can accept the default settings during installation. When you get to the destination folder, make sure that the RDS web root folder is selected correctly. In most cases, C:\Windows\Web\RDWeb will be correct, but make sure if your configuration is not a default installation that the right folder is selected.

Image:RDSWebDestFolder.png

Configuration

When installation is completed, you will be presented by the configuration page, as shown here.

Image:Config.png

You should know what URL you need to enter for PINsafe. Note that if you are using a PINsafe appliance, do not use the “:8443/proxy” URL, as that is not valid for authentication.

Enter the agent secret as you entered it in the PINsafe server configuration.

If you are using TURing image or dual channel on-demand, make sure the appropriate check boxes are ticked.

If your first language is not English, and you are using a different set of pages from en-US, make sure you change the language folder to match the one you are using.

The rest of the settings you will probably not need to change, unless you have customised your login page. In this case, make sure that any images, scripts or stylesheets you have added are listed under the Excluded URLs. An entry beginning with “./” will match any path that ends with the remaining part of the path: for example, “./renderscripts.js” will match the file renderscripts.js wherever it is in the web hierarchy. Any files not listed under Excluded URLs, or the logon or logoff path, will be blocked by the PINsafe filter, until you have authenticated to PINsafe.

If you need to change any of these settings later, a link to the configuration program is provided on the shortcut menu.

Changes to Existing Files

The installer will make modifications to three files within the RDS web hierarchy:

  • Login.aspx from within the language folder. The appropriate buttons to display a TURing image are added if required. If you have significantly altered the login page, the installer may not be able to make its changes. Contact Swivel Secure for advice in this case.
  • Renderscripts.js. A new function is added to display a TURing image, or to request a message on demand.
  • Web.config. The PINsafe filter is added as a new module, and the PINsafe server details are stored under appSettings.

Additionally, the filter copies two DLLs to the bin folder of RDWeb/Pages: the filter itself and the PINsafe client. It also copies a TURing image proxy, pinsafe_image.aspx, to the language folder.

Uninstalling

An uninstall program is provided, so you can either uninstall from the Windows Control Panel, or from the uninstall link on the shortcut menu.

The uninstall process requires that the files login.aspx.sav and renderscripts.js.sav, which are created when the appropriate files are modified, remain in their initial locations. These are the original files, without the PINsafe modifications. If these files do not exist, the filter cannot be properly uninstalled.

Retrieved from "http://kb.swivelsecure.com/wiki/index.php/Microsoft_Windows_Remote_Desktop_Services_Web_Access"
Personal tools