Applies To: Windows Server 2016 Essentials, Windows Server 2012 R2 Essentials, Windows Server 2012 Essentials
Remote Web Access in Windows Server Essentials, or in Windows Server 2012 R2 with the Windows Server Essentials Experience role installed, provides a streamlined, touch-friendly browser experience for accessing applications and data from virtually anywhere that you have an Internet connection and by using almost any device. To use the Remote Web Access functionality, you must first turn it on by using the Set Up Anywhere Access Wizard, and then set up your router and ___domain name.
In this topic
Turn on and configure Remote Web Access
The following topics will help you turn on and configure Remote Web Access:
Remote Web Access overview
When you are away from your office, you can open a web browser and access Remote Web Access from anywhere that has Internet access. In Remote Web Access, you can:
Access shared files and folders on the server.
Access your server and computers on the network. This means that you can access the desktop of a networked computer as if you were sitting in front of it at your office.
Remote Web Access is not turned on by default. When you run the Set up Anywhere Access Wizard, the wizard attempts to set up your router and Internet connectivity. After Remote Web Access is turned on, you can set up a ___domain name for your server and customize Remote Web Access. You can also set up the router again if you change your router.
Permission to access Remote Web Access is not automatically granted when you add a new user account. When you add a user account, you can choose to allow access to shared folders, the Media Library, computers, Home page links, and the server Dashboard. You can also specify that a user not be allowed to use Remote Web Access.
The Remote Web Access setting is displayed for each user account on the USERS tab of the Windows Server Essentials Dashboard. To change the Remote Web Access setting, right-click the user account, and then click View the account properties.
Turn on Remote Web Access
You can turn on Remote Web Access by running the Set up Anywhere Access Wizard from the server Dashboard.
To turn on Remote Web Access
Open the Dashboard.
Click Settings, and then click the Anywhere Access tab.
Click Configure. The Set Up Anywhere Access Wizard appears.
On the Choose Anywhere Access features to enable page, select the Remote Web Access check box.
Follow the instructions to complete the wizard.
Change your region
You must be a network administrator to change the region setting in Windows Server Essentials.
To change the region setting
On a computer that is connected to Windows Server Essentials, open the Dashboard.
Click Settings.
On the General tab, click the drop-down list in the Country/Region ___location of server section.
From the drop-down list, select the new region, and then click Apply to accept the new region setting.
Manage Remote Web Access permissions
When you add a user account in Windows Server Essentials, the new user is allowed by default to use Remote Web Access. If you chose not to allow Remote Web Access for a user account, and then find that the user needs to use Remote Web Access, you can update the user account's properties.
To manage Remote Web Access permissions for a user account
Log on to the Dashboard, and then click Users.
Click the user account that you want to manage, and then click View the account properties in the Tasks pane.
In the Properties dialog box, click the Anywhere Access tab.
On the Anywhere Access tab, select the Allow Remote Web Access and access to web services applications check box to allow a user to connect to the server using Remote Web Access.
Click Apply, and then click OK.
For more information, see Manage User Accounts.
Secure Remote Web Access
Windows Server Essentials uses a security certificate to help secure the information that is exchanged between the software and a web browser. When you install the Connector software on your computers, the security certificate for Windows Server Essentials is added to the trusted certificate list on your computers. The best way for users to access Remote Web Access when they are away from your office is to use a portable computer that has the Connector software installed on it.
Warning
Users who use Remote Web Access from public locations or other untrusted computers should ensure that they log off the website before leaving the computer unattended or when they are finished with their session.
Manage Remote Web Access and VPN users
You can use VPN to connect to Windows Server Essentials and access all your resources that are stored on the server. This is especially useful if you have a client computer that is set up with network accounts that can be used to connect to a hosted Windows Server Essentials server through a VPN connection. All the newly created user accounts on the hosted Windows Server Essentials server must use VPN to log on to the client computer for the first time.
To set VPN and Remote Web Access permissions for network users
Open the Dashboard.
On the navigation bar, click USERS.
In the list of user accounts, select the user account that you want to grant permissions to access the desktop remotely.
In the <User Account> Tasks pane, click Properties.
In <User Account> Properties, click the Anywhere Access tab.
On the Anywhere Access tab, do the following:
To allow a user to connect to the server by using VPN, select the Allow Virtual Private Network (VPN) check box.
To allow a user to connect to the server by using Remote Web Access, select the Allow Remote Web Access and access to web services applications check box.
Click Apply, and then click OK.
Set up your router
When you configure your server for Remote Web Access, the Set Up Anywhere Access Wizard attempts to set up the router. If you change routers or change settings on the router, you must rerun the Set Up Your Router Wizard. For more information, see the following topics:
Set up your router
During this step, Windows Server Essentials attempts to automatically configure your router by using UPnP commands. To do this, your router must support UPnP standards, and the UPnP setting must be enabled on your router.
Note
Your network configuration should follow the supported network requirements for Windows Server Essentials. There should be only one router on your network.
If the router is not set up by the Set Up Your Domain Name Wizard, you must manually forward port 443. For information about how to set up port forwarding on your router, see the Small Business Server forum.
Replace a router
Replace the router according to the manufacturer's instructions, and then run the Set Up Your Router Wizard to configure the new router.
To set up your new router
On the Windows Server Essentials Dashboard, click Settings.
Click the Anywhere Access tab, and then in the Router section, click Set up. The Set Up Your Router Wizard starts.
Follow the instructions in the wizard to finish setting up your new router.
Network ___location defined
A network ___location is a collection of network settings that Windows applies when you connect to a network. The settings vary and can be customized based on the type of network that you use. The settings for a network ___location determine whether certain features (such as file and printer sharing, network discovery, and public folder sharing) are turned on or off. Network locations are useful when you need to connect to different networks.
As an example, you may own a laptop computer that you use at home and on the job. When you are in the office, you connect to the office network. However, when you come home, you use your laptop to access and play videos and music that is stored on the home server. When you connect to a new network and specify the ___location type, Windows assigns a network profile that is preset for that type of ___location. The next time you connect to that network, Windows recognizes the network and automatically assigns the correct settings. This adds a layer of security to help protect the information on your computer, and only the network features that you need for that ___location are turned on.
There are four kinds of network locations:
Home network Choose this network for home networks or when you know and trust the people and devices on the network. Computers on a home network can belong to a home group. Network discovery is turned on for home networks, which allows you to see other computers and devices on the network and allows other network users to see your computer.
Work network Choose this network for small office or other workplace networks. Network discovery, which allows you to see other computers and devices on a network and allows other network users to see your computer, is on by default, but you cannot create or join a home group.
Public network Choose this network for public places (such as coffee shops or airports). This ___location is designed to keep your computer from being visible to other computers and to help protect your computer from malicious software from the Internet. Home group is not available on public networks, and network discovery is turned off. You should also choose this option if you're connected directly to the Internet without using a router, or if you have a mobile broadband connection.
Domain Choose this network for domains such as those at enterprise workplaces. This type of network ___location is controlled by your network administrator, and it cannot be selected or changed.
Enable Remote Desktop Services ActiveX controls
The Remote Desktop Services ActiveX controls allows you to access your home or business computer, via the Internet, from another computer by using Remote Web Access.
To enable Remote Desktop Services ActiveX controls
In Internet Explorer, click Tools, and then click Internet Options.
On the Security tab, click Custom level.
In the ActiveX controls and plug-ins section, do the following:
Under Download signed ActiveX controls, click Prompt.
Under Run ActiveX controls and plug-ins, click Enable.
Click OK twice to accept the changes and close the dialog box.
Set up your ___domain name
After Remote Web Access is turned on, you can set up a ___domain name for your server that is running Windows Server Essentials. This is a necessary step if you plan to use Remote Web Access from a remote computer. For more information, see the following topics:
Domain names overview
A ___domain name uniquely identifies your server on the Internet. Domain names consist of at least two parts: a top level ___domain name (TLD) and a second level ___domain name. For example, in contoso.com, com is the TLD and contoso is the second level ___domain name.
While you are away from your office, you can use your ___domain name to access shared files on the server or computers on the network. You can also manage your server when you are away. For example, you register contoso.com for your server. When you are away from your office, you can open a web browser on your laptop and type contoso.com in the address text box to connect to the instance of Remote Web Access that you set up on Windows Server Essentials.
Understand Microsoft personalized ___domain names
A Microsoft personalized ___domain name includes the following features:
A custom ___domain name for Remote Web Access (for example, yourhostname.remotewebaccess.com). Your ___domain name is associated with your public IP address.
A DNS dynamic update protocol service so that Remote Web Access using your ___domain name will not be interrupted if your public IP address changes. Typically, Internet Service Providers (ISPs) for your organization's broadband connections provide dynamic public IP addresses that can change.
A trusted certificate associated with the ___domain name.
To integrate a Microsoft personalized ___domain name with your server, you need a Microsoft account (formerly known as a Windows Live ID). If you do not have a Microsoft account, you can sign up for one at the Microsoft Hotmail website.
Important
Windows Live allows special characters in your Microsoft account password that the server does not support. If you use a Microsoft personalized ___domain, ensure that your Microsoft account password contains only characters that the server supports. The server does not support use of the characters $, /, ', and %.
Use a new or existing ___domain name
To automatically set up your ___domain name on a server running Windows Server Essentials, you must use a ___domain name service provider that is listed in the Set Up Your Domain Name Wizard. You may choose to get a new ___domain name or use an existing ___domain name. Do one of the following:
If you want to get a new ___domain name from one of the ___domain name service providers that are listed in the wizard, click I want to set up a new ___domain name.
If you have an existing ___domain name that you purchased from one of the supported ___domain name service providers, you can use the Set Up Your Domain Name Wizard to set up the ___domain name for your server. Click I want to use a ___domain name I already own, and then type the ___domain name in the Set Up Your Domain Name text box. You must provide the user name and password that you used to purchase the ___domain name.
If you have an existing ___domain name that you purchased from a ___domain name service provider that is not supported by Windows Server Essentials, and you want to use the Set Up Your Domain Name Wizard to set up the ___domain name for your server, you can transfer the ___domain name to one of the ___domain name service providers listed in the wizard. Click I want to use a ___domain name I already own, type the ___domain name in the Domain Name text box, and then follow the instructions on the ___domain name service provider's website to transfer the ___domain name.
Set up a ___domain name
When you turn on Remote Web Access, you can choose to set up the Internet ___domain name of the server.
To set up or manage an Internet ___domain name
Open the Dashboard.
Click Server settings, and then click the Anywhere Access tab.
In the Domain name section, click Set up.
Follow the instructions to complete the wizard. If you do not already own a ___domain name and certificate, the wizard helps you find a ___domain name provider to purchase a ___domain name and certificate, or you can get a personalized Microsoft ___domain name.
Choose a ___domain name service provider
You should choose a ___domain name service provider that supports the ___domain name extension that you want to use. The Set Up Your Domain Name Wizard includes a list of qualified providers that you can use with a link to each provider's website. Click the More Info link beside each provider's name to obtain information about the services and prices that are offered by the provider.
Note
Some ___domain name service providers serve broad international regions and others serve smaller markets. Because of this, some providers may not offer a website that is translated into your language of preference.
When you purchase your ___domain name, you might also consider purchasing the Domain Name System (DNS) dynamic update protocol service from your ___domain name service provider. DNS dynamic update protocol is a service that lets anyone on the Internet gain access to resources on a local network when the IP address of that network is constantly changing. Or you can purchase a static IP address from your Internet Service Provider (ISP) to assure that your IP address does not change.
Choose a ___domain name
Choose a name that uniquely identifies your business server. For example, if your business name is Contoso Ltd, you might choose Contoso to uniquely identify your home or business server on the Internet. If the ___domain name is not available, try another variation of that name, or perhaps something completely different.
The name you type can contain the following:
63 characters maximum
Letters (English or your localized characters), numbers, or hyphens (-). The name must begin and end with a letter or a number.
Note
Domain names are not case sensitive.
Choose a ___domain name prefix
A ___domain name consists of hierarchical labels.
The top-level ___domain extension is the right-most label in the ___domain name. For example, in www.contoso.com, com is the top-level ___domain name extension.
The second-level ___domain name is the label next to the top-level ___domain name extension. The second-level ___domain name is often created based on the company name, products, or services. For example, in www.contoso.com, contoso is the second-level ___domain name and was chosen for the company name Contoso Pharmaceuticals. The second-level ___domain is sometimes referred to as the hostname, which has an IP address associated with it.
The ___domain name prefix identifies a subdomain. The subdomain name can be used to identify services, devices, or regions. For example, Contoso Pharmaceuticals wants to allow remote users to log on to Remote Web Access, but does not want the website to be available to the public, so they create a subdomain that allows only users with appropriate permissions to access the website. Contoso Pharmaceuticals sets up remote.contoso.com as the subdomain, and remote is the ___domain name prefix.
Tip
It is recommended that you use the default Remote as the prefix for your ___domain name.
Choose a ___domain name extension
When you choose a ___domain name for your Internet website, you also need to specify the ___domain name extension that you want to use. The extension is identified by the letters that follow the final period of any ___domain name. (The formal term for the extension is the top-level ___domain or TLD.)
There are two main types of ___domain extensions that you can use: generic and country-code.
Generic top-level domains
Generic ___domain extensions are three or more letters in length, and they are typically used by certain types of organizations.
Examples of generic top-level domains
| Domain Extension | Description |
|---|---|
| .com | Typically used by commercial organizations, but it can be used by anyone. |
| .net | Designed for businesses that offer network infrastructure services. |
| .org | Originally used by non-profit agencies and other business that did not fall into another generic top-level ___domain category. Can be used by anyone. |
| .edu | Restricted for use by educational organizations. |
Country-code top-level domains
These ___domain extensions are two letters in length. They are designed to be used by organizations in the country or region that is associated with that code. Some country-code top-level domains are restricted for use by citizens of that country or region. Others are available for use by anyone.
Examples of country-code top-level domains
| Domain Extension | Description |
|---|---|
| .ca | For use by websites in Canada |
| .cn | For use by websites in China |
| .de | For use by websites in Germany |
| .co.uk | For use by websites in the United Kingdom |
To view the complete list of top-level domains, see the Internet Assigned Numbers Authority website.
If a ___domain extension is not available to select in the Set Up Domain Name Wizard
When you run the Set Up Domain Name Wizard, the wizard looks at your system information to determine your country or region. The wizard then displays only those ___domain extensions that the participating providers in your area support. If the ___domain extension that you want does not appear in the list, you must choose a different ___domain extension to continue. Select an extension from the list that the wizard returned.
Update or upgrade your ___domain name service
You may need to update or upgrade your ___domain name service if you purchased a ___domain name, but did not purchase a certificate. You must have a certificate for your ___domain name from your ___domain name service provider.
Note
Work with your ___domain name service provider to determine the type of certificate that you need. The certificate can be one of the inexpensive certificates that are offered. However, you should review the documentation and features of higher level security certificates to determine if they better meet your business needs.
Export or import your certificate on your server
If you want to create a backup copy of a certificate or use it on another server, you must export the certificate. For information about exporting certificates, see Export a Certificate.
Set up a ___domain name manually
If you choose this option, the server does not monitor or maintain your ___domain name, and it does not alert you if there is a configuration issue. You might also consider this option if any of the following is true:
No partner ___domain name providers are listed for your country or region.
The partner ___domain providers listed do not support your ___domain name extension.
You have an existing ___domain name from a ___domain name provider that is not currently a partner, and you do not want to transfer that ___domain name to a Windows Server Essentials supported ___domain name provider.
The wizard does not list the ___domain name extension that you want to use, but the extension is available from a ___domain name provider that is not currently a partner.
If you choose to set up your ___domain name manually, work with your ___domain name service provider to create an A Record for your ___domain.
To create an A Record
Decide on a host name, such as remote. This is the ___domain name prefix. The ___domain name prefix plus your ___domain name will define the URL to open your Remote Web Access logon page; for example,
https://remote.contoso.com.In your ___domain name service providers configuration dashboard (usually on their webpage), create the A record for the host name that you decided on in Step 1. Ensure that the IP address that you specify in the A record is the IP address on the WAN side of your router (the Internet facing side). Consult your router documentation to find your WAN IP address.
It is recommended that you contact your Internet Service Provider (ISP) to purchase a static IP address for your network. This ensures that the IP address does not change and that your DNS entry does not become outdated.
If you do not have the option to obtain a static IP address from your ISP, you might also consider purchasing the Domain Name System (DNS) dynamic update protocol service from your ___domain name service provider or another service provider. DNS dynamic update protocol is a service that keeps the WAN IP address for your network up to date so that the IP address can be resolved to your ___domain name even if the IP address changes.
Import a trusted certificate when the wizard prompts you. If you do not have a trusted certificate, you can obtain one from one of the supported ___domain name providers listed in the wizard or purchase one from the trusted provider of your choice. For more information about a trusted certificate, contact your ___domain name provider.
Find your ___domain name service provider
To find the ___domain name service provider for your ___domain name
Open a web browser, and then type www.internic.com in the address bar to go to the InterNIC home page.
On the InterNIC home page, click Whois.
In the Whois box, type your ___domain name (for example contoso.com).
Click the Domain option, and then click Submit.
In the search results, the name of your ___domain name service provider is listed under Registrar.
Customize Remote Web Access
You can customize your Remote Web Access site by adding a personal logo or background image. You can also add links on the Home page so that this information is available to all of your users. For more information, see the following topics:
Customize Remote Web Access
You can customize Remote Web Access by changing the title of the website, changing the background image and logo, and adding links to other websites on the home page.
To customize Remote Web Access
Open the Dashboard.
Click Settings, and then click the Anywhere Access tab.
In the Web site settings section, click Customize.
When you finish customizing Remote Web Access, click OK. Test your changes on Remote Web Access.
Customize images for backgrounds and logos
This section provides information about the images that you can use to customize Remote Web Access.
Image size
Logo images
It is recommended that you use logo images that are 32x32 pixels. Larger images are shrunk to 32x32 and smaller images are stretched to 32x32, which could distort the image.
Background images
While there is no size limit for background images, for best results, it is recommended that you use images that are approximately 800x500 pixels. The background image is placed in the center (horizontal and vertical) of the logon page. To help make the text on the logon page easy to read, the center of the background image should be light in color.
Image file types
The following image file types can be used to replace the default background and website logo:
Bitmap (*.bmp, *.dib, *.rle)
GIF (*.gif)
PNG (*.png)
JPG (*.jpg)
Repair Remote Web Access
The Repair Wizard helps you detect and resolve problems with your router or ___domain name. There are two ways to discover issues with Remote Web Access:
In Server Settings on the Dashboard, on the Anywhere Access tab, an icon is displayed with a red X along with a description of the issue.
An alert in the Alert Viewer.
Note
The Repair Wizard is not available until you turn on Remote Web Access. For information about turning on Remote Web Access, see Turn on Remote Web Access.
To repair Remote Web Access
Log on to the Dashboard.
Click Settings, and then click the Anywhere Access tab.
Click Repair. The Repair Remote Web Access Wizard starts.
Click Next. The wizard analyzes Remote Web Access, identifies the issue, and then attempts to repair the issue.
If you receive an alert when the wizard finishes, you can click Retry to try to repair the issue again. If you continue to receive an alert, check the alert for additional information about the issue and troubleshooting steps.