Skip to main content

Window Server Essentials 2012 RC Standard User Login

fonte: https://social.technet.microsoft.com/Forums/windowsserver/en-US/6aec0d9b-b584-41d1-9a4d-5216d696f71d/window-server-essentials-2012-rc-standard-user-login

WSE 2012 is targeted at small businesses.  In small businesses, like ours, it is not unusual for the “server” to also be someone’s workstation.  After 2 days of searching, I finally found where in the WSE 2012 group policy manager the Allow log on locally policy ended up.  Once I found the policy command, I found it works just like it always did.  Its really buried deep now.  To find it:

1. Invoke the Group Policy Management Editor from the command line or power shell using the command gpmc.msc.  This command invokes a Group Policy Management window.

2. In the Group Policy Management window Click Group Policy Management

3. Click Forest <yourforestname>.local

4. Click Domains

5. Click <yourdomainname>.local

6. Click Group Policy Objects

7. Click Default Domain Controllers Policy

8. Right Click on Default Domain Controllers Policy and select Edit by click.  This opens a Group Policy Management Editor window.

9. In the Group Policy Management Editor window, click Default Domain Controllers Policy (<yourservername>.<yourdomainname>)

10. Click Computer Configuration

11. Click Policies

12. Click Windows Settings

13. Click Security Settings

14. Click Local Policies

15. Click User Rights Assignments. This causes the right pane in the opens a Group Policy Management Editor window to populate with a list on policies.

16. In the right pane in the opens a Group Policy Management Editor window double click Allow log on locally.  This opens an Allow log on locally Properties window.

17. In the Allow log on locally Properties window click the button Add User or Group..  This opens an Add User or Group window.

18. In the Add User or Group window type the name to be added or click Browse.. to search for a name.

19. After a valid user or group name is typed into the edit box in the Add User or Group window click OK.  This brings you back to the Allow log on locally Properties window .

20. Repeat steps 17-19 to add more users or groups if needed.

21. After all users and groups have been added to this policy click on OK or APPLY in the Allow log on locally Properties window.

22. Close the remaining Group Policy Management window and child windows and return where you started at the command line prompt or power shell prompt.

23. At the prompt type gpupdate /force to apply the policy.

This may not be the most direct route but it works.

***************    On the Desktop

Right click Computer > Properties > Remote > Select User > Add > Advance > Find Now >

Select any user and click Ok.

*********************

Note: https://social.technet.microsoft.com/Forums/windowsserver/en-US/cd20fb7f-42e2-474b-9f91-f585284d4324/windows-server-2012-essentials-remote-desktop-services

Install Anywhere Access (Remote Web Access) on Windows Server 2012 Essentials

fonte:https://www.youtube.com/watch?v=aXBiV3pQrLg

fonte: http://blogs.technet.com/b/sbs/archive/2014/05/07/configuring-and-customizing-remote-web-access-on-windows-server-2012-r2-essentials.aspx

Configuring and Customizing Remote Web Access on Windows Server 2012 R2 Essentials

[This post comes to us courtesy of Maanavi Bisaria and Rituraj Choudhary from Global Business Support]

We will cover the following aspects of Remote Web Access (RWA) on Windows Server 2012 R2 Essentials in this blog:

  • Configuring Remote Web Access
  • Customizing Remote Web Access

Configuring Remote Web Access

To configure RWA, open the HOME tab on the Windows Server Essentials Dashboard. On the Get Started page, click Set up Anywhere Access, and then click Click to configure Anywhere Access.

image

This will open Set up Anywhere Access wizard. On the first screen, if you don’t have a UPnP router, you should check the option Skip router setup. I want to set up my router manually as indicated below, and then click Next.

image

You would then see a Getting Started page. Click Next to proceed. On the following screen, check the box I want to set up a new domain name.

image

The wizard would search for the available domain name service providers on the next screen and presents you with these two options:

image

The first option Purchase professional domain name from a supported provider offers GoDaddy.com and eNomCentral as the supported domain name service providers. However, if you don’t intend to pay for the domain name services, choose the second option Get a personalized domain from Microsoft.

Once you hit Next on this screen, you need to sign in to your Microsoft account with your Live ID. Accept the Privacy Statement and Agreement, and then type a name for your domain (remotewebaccess.com is provided as a default domain name suffix). Click on the Check Availability button to check the availability of the domain name. Click on Set Up when you find a suitable domain name available for use.

image

Once your domain name has been set up, you may configure Remote Web Access. To do so, check the box Remote Web Access and click Next. You may also choose to enable VPN in this step, however, we will discuss VPN on a separate blog post.

image

This step in the background installs and configures Network Policy Server, Remote Desktop Gateway, Client Certificate Mapping Authentication, and RPC over HTTP Proxy. You may verify these roles/features in the Server Manager.

Once this is completed successfully, your Remote Web Access has been set up successfully and can be browsed at https:// <yourdomainname>.remotewebaccess.com.

Customizing Remote Web Access

Once the Anywhere Access Wizard has been completed, open the HOME tab on the Windows Server Essentials Dashboard. On the Get Started page, click Set up Anywhere Access, and then click Click to configure Anywhere Access. This will open the Settings page of Anywhere Access. Please note that once we have configured RWA, you can view the status of Anywhere Access at the top of this window, along with Configure and Repair options.

Let’s now click Customize in the Web site settings section to see what it holds.

image

On the Customize Remote Web Access window, you can customize the Logon page, Home page links and Server Connection options. Click on Logon page tab to customize Web site title, Background image and Web site logo.

image

The Home page links tab offers you option of adding or removing links that appear on the RWA home page.

image

The Server connection options page provides the way RDP connection is made to the Server. The default option is Open Dashboard (Default). You may choose to connect to the Server normally by selecting Open Remote Desktop.

image

To sum up, configuration and customization of Remote Web Access on Windows Server 2012 R2 Essentials is a stress-free procedure, and the result is a clutter free RWA user interface:

image

The Devices tile group contains the computers you have rights to connect to. There are similar tiles for Shared Folders, Linksand Microsoft Office 365. If you click the user account on the top-right of the page, you have an option to change your user account password. We will discuss these features with time. In the meantime you may refer to this TechNet.

How to Enable / Disable Multiple RDP Sessions in Windows 2012

fonte:https://support.managed.com/kb/a1816/how-to-enable-disable-multiple-rdp-sessions-in-windows-2012.aspx

How to Enable/Disable Multiple RDP Sessions in Windows 2012By default, Windows 2012 servers allow a single Remote Desktop session. If only one session is available and you take over another person’s live session, you may choose to enable multiple RDP sessions. This article describes the process for enabling and disabling multiple sessions.

Enable Multiple RDP Sessions

  1. Log into the server using Remote Desktop.
  2. Open the start screen (press the Windows key) and type gpedit.msc and open it
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
  4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Disabled.
  5. Double click Limit number of connections and set the RD Maximum Connections allowed to 999999.

Disable Multiple RDP Sessions

  1. Log into the server using Remote Desktop.
  2. Open the start menu and type ‘gpedit.msc’ and open it
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
  4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Enabled.

Windows Server 2012 and 2008 R2 – Enable Multiple RDP sessions

fonte:http://www.petenetlive.com/KB/Article/0000471.htm

Windows Server 2012 and 2008 R2 – Enable Multiple RDP sessions

KB ID 0000471 Dtd 28/08/13

Problem

Server 2012/2008 R2 unlike their predecessors, comes with the multiple remote desktop session restriction enabled. If you are only connecting to a server for remote administration purposes that can get a bit annoying, especially if you have a generic administrative account that multiple techs are using, and you keep kicking each other off the server.

Just as with earlier versions of Windows server you CAN have two RDP sessions at any one time, the restriction is one logon for one account. Thankfully you can disable the restriction and there are a number of ways to do so.

Solution

Server 2008 R2 Option 1: Enable Multiple RDP sessions from TSCONFIG

Note: tsconfig.msc does not work on Windows Server 2012

1. On the server, click Start and in the search/run box type tsconfig.msc{enter}. Locate “Restrict each user to a single session” Right click > Properties.

TSCONFIG

2. Remove the tick from “Restrict each user to a single session” > Apply > OK.

Restric each logon to a single session

Server 2012 and 2008 R2 Option 2: Enable Multiple RDP sessions via the registry

1. Start > in the search/run box type regedit {enter} > Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

Locate the fSingleSessionPerUser value > Set it to 0 (Multiple sessions allowed), or 1 (Multiple sessions NOT allowed).

multiple rdp

Server 2012 and 2008 R2 Option 3: Enable Multiple RDP sessions via Local Policy

1. Start > in the search/run box type gpedit.msc {enter}.

GPO multiple RDP

2. Navigate to:

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

Remote Desktop multiple logons group policy

3. To enable multiple sessions set the policy to disabled > Apply > OK.

RDP GPO

Server 2012 and 2008 R2 Option 4: Enable Multiple RDP sessions via Group Policy

1. On a domain controller > Start > in the search/run box type gpmc.msc {enter}.

local policy RDP

2. Either edit an existing GPO that’s linked to your COMPUTERS, or create a new one and give it a sensible name.

group policy multiple logons

3. Navigate to:

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

GPO 3389

4. To enable multiple sessions set the policy to disabled > Apply > OK.

more than one login

5. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Force GPO

 

Related Articles, References, Credits, or External Links

Original Article Written 27/06/11

Send on Behalf and Send As

fonte:http://www.shudnow.net/2007/08/12/send-on-behalf-and-send-as/

Send on Behalf and Send As

Send on Behalf and Send As are similar in fashion. Send on Behalf will allow a user to send as another user while showing the recipient that it was sent from a specific user on behalf of another user. What this means, is that the recipient is cognitive of who actually initiated the sending message, regardless of who it was sent on behalf of. This may not be what you are looking to accomplish. In many cases, you may want to send as another person and you do not want the recipient to be cognitive about who initiated the message. Of course, a possible downside to this, is that if the recipient replies, it may go to a user who did not initiate the sent message and might be confused depending on the circumstances. Send As can be useful in a scenario where you are sending as a mail-enabled distribution group. If someone replies, it will go to that distribution group which ultimately gets sent to every user who is a part of that distribution group. This article will explains how to use both methods.

Send on Behalf

There are three ways to configure Send on Behalf. The first method is by using Outlook Delegates which allows a user to grant another user to Send on Behalf of their mailbox. The second method is having an Exchange Administrator go into the Exchange Management Shell (EMS) and grant a specific user to Send on Behalf of another user. The third and final method is using the Exchange Management Console (EMC).

Outlook Delegates

There are major steps in order to use Outlook Delegates. The first is to select the user and add him as a delegate. You then must share your mailbox to that user.

  1. Go to Tools and choose Options
  2. Go to the Delegates Tab and click Add
  3. Select the user who wish to grant access to and click Add and then Ok

Note: There are more options you can choose from once you select OK after adding that user. Nothing in the next window is necessary to grant send on behalf.

  1. When back at the main Outlook window, in the Folder List, choose your mailbox at the root level. This will appear as Mailbox – Full Name
  2. Right-click and choose Change Sharing Permissions
  3. Click the Add button
  4. Select the user who wish to grant access to and click Add and then Ok
  5. In the permissions section, you must grant the user at minimum, Non-editing Author.

Exchange Management Shell (EMS)

This is a fairly simple process to complete. It consists of running only the following command and you are finished. The command is as follows:

Set-Mailbox UserMailbox -GrantSendOnBehalfTo UserWhoSends

Exchange Management Console (EMC)

  1. Go to Recipient Management and choose Mailbox
  2. Choose the mailbox and choose Properties in Action Pane
  3. Go to the Mail Flow Settings Tab and choose Delivery Options
  4. Click the Add button
  5. Select the user who wish to grant access to and click Add and then Ok

Send As

As of Exchange 2007 SP1, there are two ways to configure SendAs. The first method is having an Exchange Administrator go into the Exchange Management Shell (EMS) and grant a specific user to SendAs of another user. The second and final method (added in SP1) is using the Exchange Management Console (EMC).

Exchange Management Shell (EMS)

The first method is to grant a specific user the ability to SendAs as another user. It consists of running only the following command and you are finished. The command is as follows:

Add-ADPermission UserMailbox -ExtendedRights Send-As -user UserWhoSends

Exchange Management Console (EMC)

  1. Go to Recipient Management and choose Mailbox
  2. Choose the mailbox and choose Manage Send As Permissions in Action Pane
  3. Select the user who wish to grant access to and click Add and then Ok

Miscellaneous Information

No “From:” Button

In order for a user to Send on Behalf or Send As another user, their Outlook profile must be configured to show a From: button. By default, Outlook does not show the From: button. In order to configure a user’s Outlook profile to show the From: button:

Replies

If you are sending as another user, the recipient user might reply. By default, Outlook is configured to set the reply address to whoever is configured as the sending address. So if I am user A sending on behalf of user B, the reply address will be set to user B. If you are the user initiating the sending message, you can configure your Outlook profile to manually configure the reply address.

Conflicting Methods

If you are configuring Send on Behalf permissions on the Exchange Server, ensure that the user is not trying to use the Outlook delegates at the same time. Recently, at a client, I was given the task to configure Send As as well as Send on Behalf. As I was configuring Send As on the server, I found out that the client was attempting to use Outlook Delegates at the same time. Send As would not work. Once the user removed the user from Outlook Delegates and removed permissions for that user at the root level of your mailbox that appears as Mailbox – Full Name, Send As began to work. So keep in mind, if you are configuring Send As or Send on Behalf, use only one method for a specific user.

SendAs Disappearing

If you are in a Protected Group, something in Active Directory called SDProp will come by every hour and remove SendAs permissions on users in these protected groups.  What security rights are configured on these security accounts are determined based on what security rights are assigned on the adminSDHolder object which exists in each domain.  The important part for you to remember is that every hour, inheritance on these protected groups will be removed and SendAs will be wiped away.

A good blog article explaining what adminSDHolder and SDprop are and what Protected Groups  is located here.

How to Send E-mails with Exchange Using a Different “From” Address

fonte: http://blogs.technet.com/b/sbs/archive/2007/11/06/how-to-send-e-mails-with-exchange-using-a-different-from-address.aspx

[Today’s post comes to us courtesy of Damian Leibaschoff]

DISCLAIMER: There are many different ways to implement this solution, this is just one of them.

A very common request we get is people wanting to be able to send outbound Internet e-mails from Outlook using different addresses as the originating address. This is different than just using a delegation or Sending on Behalf, this is truly sending the e-mail with a different “From:” address. The solution presented here will focus in using Outlook and Exchange without the need to create new accounts in Outlook. It will not only allow a user to send using a different e-mail address, it will also allow a user or a group of users to send using the e-mail address of a mail enabled security group.

An example would be: You have a mail enabled security group or a distribution group with an address ofsales@contoso.com and you want to send your replies as coming from that address instead of your personal one. The same concept can be used for a single user that wants to be able to send using other addresses.

1. Removing the additional E-mail addresses from your existing user

This first step is optional and it really depends on where you are in the implementation of this process. If you already have a mail enabled security group or distribution group with the desired e-mail address, then you can skip it. On the other hand if your user already has the address you want to use to send as (as a secondary e-mail address in Active Directory), we will need to remove it from the user itself, we cannot have two objects in active directory with the same e-mail address. We will need to add this e-mail address to another object that we will create shortly, so for now, we need to remove it. Remember, Exchange will always use your default e-mail address as the reply-to/from address, so we need to work around this limitation.

  • Open AD Users and Computers
  • Find the user that might have the needed e-mail added as a secondary e-mail address and open its properties. If you are not sure you can use the FIND feature:
    • Right click on the domain container and select Find
    • Go to the Advanced tab
    • Click on Field, select User and pick Proxy Addresses, change the condition to Is (exactly), and on the Value type in the e-mail address you are searching for (prefix it always with SMTP:, for example, SMTP:sales@contoso.com), click Add.
    • Click Find Now
  • Once you find the user, open its properties and go to the E-mail addresses tab
  • Remove the secondary E-mail address that you want to use as an alternate primary address. It is recommended that you temporally stop mail flow by stopping the SMTP Virtual Server from Exchange System Manager (under protocols\SMTP) as to avoid receiving e-mails to this address for the few minutes that this procedure will take until the e-mail is moved to another object.
  • Click OK to accept the changes.

1.jpg

2.jpg

2. Creating the new Mail Enabled Security Group.

  • Open AD Users and Computers from Administrative Tools.
  • Expand your domain, MyBusiness, and select Security Groups
  • Do right click, New, Group
  • Selected Global and Security, give it a distinctive name (it will show up when sending e-mails) and click Next.
  • Put a check next to “Create an Exchange e-mail address”, don’t worry about the alias, we can modify it to match the address we need once the object is created.
  • Click next and finish.

Wait a few minutes for the object to be stamped by the Exchange Recipient Update Service.

  • Now open the Properties of the Security Group you just created.
  • Go to the E-mail Addresses tab, if this is blank, stop, the object has not been stamped yet. Once you have address in the E-mail addresses tab, you can proceed.
  • If you see the e-mail address you need as the primary, then you can skip the next few steps, if you don’t, then add it:
    • Click New, SMTP Address, and add the e-mail address we removed from step 1 (for examplesales@contoso.com).
    • Click ok to accept.
    • Select the newly added SMTP E-mail address and click Set As Primary.
    • Also uncheck the “Automatically update e-mail addresses based on recipient policy”.
  • Click Ok to close the properties. Note: It is important not to make this security group a member of any other groups, this will help prevent issues with the AdminSDHolder resetting the security permissions we are going to be changing in the next section.

3.jpg

4.jpg

5.JPG

6.jpg

7.JPG

3. Adding the group membership and setting the proper security to allow the Send As.

We will be working on the properties of the Security Group we just created, but before we continue, we need enabled the Advanced Features in AD Users and Computers.

  • Select View on the top menu and then select Advanced Features.

Now we can open the properties of the Security Group we just created.

  • Expand your domain, MyBusiness, and select Security Groups
  • Right Click the desired Security Group we just created and select properties.
  • Go to the Members tab
  • Click Add
  • Type the name of the User who is going to be receiving the e-mails sent to the E-mail address what we have configured for this Group. Remember, e-mails sent to the e-mail address that we added on step 2 will be delivered to members of this group only, if this is just one user that needs to send and receive using the second e-mail address, then you would have only 1 member, if this is a shared address, then you can have multiple members, they will all get a copy of e-mail sent to the address in question.
  • Repeat the Add process as needed.
  • Once you have added the members, click Apply, inbound e-mail sent to the address in question will start flowing again. Start the SMTP Virtual Server if you had that stopped. Do not close the properties yet.

8.jpg

Now we need to set up the proper security. We will need to add the user or group accounts we will want to allow to send as using this Security Groups primary e-mail address. This is the key step that will allow us to use the e-mail address as our new From. Keep in mind that Domain Administrators and Account Operators will already be able to Send As this group and no changes are needed.

  • Go to the Security tab
  • Click Add
  • Type the name of the User who is going to be sending the e-mails using the e-mail address configured for this mail enabled Security Group. If you want to allow all members of this group to be able to send using the e-mail address here, then add the security group name (Sales Group in our example).
  • Once you have added the user/users/groups, find them on the security list, select the object, and scroll down on the Permissions half of the window until you find the “Send As” right. Put a check on the Allow column. You are basically giving the user Send As rights on the Security Group.
  • Click ok
  • Open the Services MMC
  • Re-start the Microsoft Exchange System Attendant service (and its dependants)

Picture showing the allow just on a per user basis scenario:

9.JPG

Picture showing the allow all group members to Send As:

10.JPG

4. Testing from Outlook

At this point all the pieces should be in place. Mail should be flowing to the e-mail address in question and the only thing left is for the user to learn how to pick which account to use when sending outbound e-mail. Please note that this will not happen automatically, the user will have to take action for every e-mail they want to use a different address for.

  • In Outlook while logged in to the user’s mailbox that has Send As permissions to the newly created group (so basically, open Outlook as normal, nothing should change from the client perspective), click to open a new email
    • Outlook 2003: Click View, and select “From Field”
    • Outlook 2007: Click Options and select “Show From”
  • Click on the From: and pick the Group that has the address we want to use or type the Group name or just type the e-mail address (on our case sales@contoso.com). Due to potential timing issues while updating the offline address book while in cached mode, the new group may not show up to be selected. It should eventually show up, if it doesn’t then something is not working as expected with the OAB generation.
  • Fill in the To, Subject, write up your email and click Send email
  • The receiver should only see the alternate email address as the From.

11.JPG

12.jpg

5. Troubleshooting

  • You get the following NDR:

Your message did not reach some or all of the intended recipients.

Subject: Test

Sent: 10/31/2007 2:27 PM

The following recipient(s) could not be reached:

usera@msft.local on 10/31/2007 2:27 PM

You do not have permission to send to this recipient. For assistance, contact your system administrator.

MSEXCH:MSExchangeIS:/DC=local/DC=MSFT:SERVER

  • Or the following error (if you are not in cached mode):

    • This is a sign that the security was not setup properly or has not taken effect. Re-check step 3. Do not forget to re-start the Microsoft Exchange System Attendant Service on the server and Outlook on the client. If permissions have been changed on the security group, check the group membership of that group, make sure it is not a member of a protected AdminSDHolder group (direct or transitive). See the following KB for additional information http://support.microsoft.com/default.aspx?scid=kb;EN-US;907434 .