In Forefront Unified Access Gateway (UAG), you can use the File Access Web application to enable remote users to share, access, view, and download files from the Windows and Novell NetWare file servers. Users can also upload files to the servers by using a browser. When you publish File Access in a portal, remote users are presented with an Explorer-like view from which permitted file folders can be accessed. Existing network definitions are used as the basis for File Access, including domains, servers, shares, and individual user permissions. In order to publish File Access, both Forefront UAG and File Access servers must be members of the same domain in which users are located, or in a trusted domain.

To allow remote access to Windows file servers, Forefront UAG must be either a member of the domain to which the file servers belong, or a member of a domain which has a trust relationship with the file server domain. You can create a new domain with the Forefront UAG server as the domain controller, or join an existing domain.

Complete the following steps to allow access to Windows and Novell file servers:

Setting up the Forefront UAG server as a domain controller

To set up the Forefront UAG server as a domain controller

  1. Configure the domain controller. For instructions, see Managing domain controllers: Active Directory (http://go.microsoft.com/fwlink/?LinkId=155878).

    Select the following options:

    • Domain Controller for New Domain.

    • New Domain Tree.

    • New Forest.

Joining the Forefront UAG server to an existing domain

To join the Forefront UAG server to an existing domain

  1. Set a local security policy for a mixed-mode domain. For instructions, see To set a local security policy for a mixed-mode domain.

  2. On the Forefront UAG server, set the startup type for the following Windows services to automatic:

    • Computer Browser (optional, for performance enhancement).

    • Distributed Transaction Coordinator.

    • Workstation.

  3. Install Client for Microsoft Networks. For instructions, see To install Client for Microsoft Networks. You might be required to provide the operating system installation disk while completing this task.

  4. Join the domain. For instructions, see How to join your computer to a domain.

To set a local security policy for a mixed-mode domain

  1. On the Forefront UAG server, click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.

  2. On the Local Security Settings window, in the Tree pane, select Local Policies, and then select Security Options.

  3. On the Policy pane, set the Local Security Policy settings. To edit a policy, double-click it. Then, in the Local Security Policy Setting dialog box, select the required setting and click OK. If you modify Local Security Policy settings, you must restart the Forefront UAG server to apply the new settings. Configure the parameter settings as follows:

    • Domain member: Digitally encrypt or sign secure channel data (always): Disabled

    • Domain member: Require strong (Windows 2000 Server or later) session key: Disabled

    • Microsoft network client: Digitally sign communications (always): Disabled

    • Microsoft network server: Digitally sign communications (always): Disabled

    • Microsoft network server: Digitally sign communications (if client agrees): Disabled

    • Network Security: LAN Manager Authentication Level: Send LM and NTLM responses

To install Client for Microsoft Networks

  1. On the Forefront UAG server, click Start, point to Settings, and then click Network Connections.

  2. In the list of connections, select the Local Area Connection that is used to access the file server resources.

  3. On the Local Area Connection Status dialog box, click Properties.

  4. In the This connection uses the following items list, check whether Client for Microsoft Networks is listed, and do one of the following:

    • If Client for Microsoft Networks is listed, and the check box next to it is selected, you do not need to take any further steps. Click OK to close the dialog box.

    • If Client for Microsoft Networks is listed, and the check box next to it is cleared, select the check box, and then click OK. You do not need to take any further steps.

    • If Client for Microsoft Networks is not listed in the Local Area Connection Properties dialog box, continue with the following steps.

  5. In the Local Area Connection Properties dialog box, below the This connection uses the following items list, click Install.

  6. On the Select Network Component Type dialog box, verify that Client is selected in the list, and then click Add.

  7. On the Select Network Client dialog box, verify that Client for Microsoft Networks is selected in the list, and click OK. If prompted, insert the Windows Server 2003 installation CD.

    The Select Network Client dialog box closes. In the Local Area Connection Properties dialog box, Client for Microsoft Networks is listed.

  8. Make sure that the check box next to Client for Microsoft Networks is selected, and click OK to close the dialog box.

    The installation of the Client for Microsoft Networks is complete.

  9. Restart the Forefront UAG server, as prompted.

Providing access to Novell NetWare servers

In order to share Novell NetWare Server resources through the File Access application, you must install a Novell client on the Forefront UAG server, as described below. While remote users interact with Novell NetWare Servers through the File Access interface, temporary “virtual” users may be created on Forefront UAG, with the following name format: whnwu_<hexadecimal_value>. These users are deleted as soon as the real user closes the File Access interface.

To install a Novell client

  1. Install a Novell client on Forefront UAG, using a Typical installation mode.

  2. When prompted, restart the Forefront UAG server.

    Access to Novell NetWare Servers can be enabled on Forefront UAG.