From bbce2a9916b61683df9d2dacacb8005f809c8bb7 Mon Sep 17 00:00:00 2001
From: vfedosevich <devnull@localhost>
Date: Mon, 25 May 2015 06:28:51 -0700
Subject: [PATCH 1/2] Excluding local admins group from users GPO

---
 .../Windows2012.cs                            | 42 +++++++++++++++++--
 1 file changed, 39 insertions(+), 3 deletions(-)

diff --git a/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs b/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
index 3d4e959d..058ccb32 100644
--- a/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
+++ b/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
@@ -379,7 +379,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
                 string collectionComputersPath = GetComputerGroupPath(organizationId, collection.Name);
                 CreatePolicy(runSpace, organizationId, string.Format("{0}-administrators", collection.Name),
                     new DirectoryEntry(GetGroupPath(organizationId, collection.Name, GetLocalAdminsGroupName(collection.Name))), new DirectoryEntry(collectionComputersPath), collection.Name);
-                CreatePolicy(runSpace, organizationId, string.Format("{0}-users", collection.Name), new DirectoryEntry(GetUsersGroupPath(organizationId, collection.Name))
+                CreateUsersPolicy(runSpace, organizationId, string.Format("{0}-users", collection.Name), new DirectoryEntry(GetUsersGroupPath(organizationId, collection.Name))
                     , new DirectoryEntry(collectionComputersPath), collection.Name);
                 CreateHelpDeskPolicy(runSpace, new DirectoryEntry(GetHelpDeskGroupPath(RDSHelpDeskGroup)), new DirectoryEntry(collectionComputersPath), organizationId, collection.Name);
             }                   
@@ -1137,7 +1137,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
 
                 CreatePolicy(runspace, organizationId, string.Format("{0}-administrators", collectionName),
                     new DirectoryEntry(GetGroupPath(organizationId, collectionName, GetLocalAdminsGroupName(collectionName))), new DirectoryEntry(collectionComputersPath), collectionName);
-                CreatePolicy(runspace, organizationId, string.Format("{0}-users", collectionName),
+                CreateUsersPolicy(runspace, organizationId, string.Format("{0}-users", collectionName),
                     new DirectoryEntry(GetUsersGroupPath(organizationId, collectionName)), new DirectoryEntry(collectionComputersPath), collectionName);
                 CreateHelpDeskPolicy(runspace, new DirectoryEntry(GetHelpDeskGroupPath(RDSHelpDeskGroup)), new DirectoryEntry(collectionComputersPath), organizationId, collectionName);                
                 RemoveRegistryValue(runspace, ScreenSaverGpoKey, administratorsGpo);
@@ -1329,6 +1329,13 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
             }
         }
 
+        private string CreateUsersPolicy(Runspace runspace, string organizationId, string gpoName, DirectoryEntry entry, DirectoryEntry collectionComputersEntry, string collectionName)
+        {
+            string gpoId = CreatePolicy(runspace, organizationId, gpoName, entry, collectionComputersEntry, collectionName);
+            ExcludeAdminsFromUsersPolicy(runspace, gpoId, collectionName);
+            return gpoId;
+        }
+
         private string CreatePolicy(Runspace runspace, string organizationId, string gpoName, DirectoryEntry entry, DirectoryEntry collectionComputersEntry, string collectionName)
         {
             string gpoId = GetPolicyId(runspace, gpoName);
@@ -1360,6 +1367,22 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
             Collection<PSObject> result = ExecuteRemoteShellCommand(runspace, PrimaryDomainController, cmd);
         }
 
+        private void ExcludeAdminsFromUsersPolicy(Runspace runspace, string gpoId, string collectionName)
+        {
+            var scripts = new List<string>
+            {
+                string.Format("$adgpo = [ADSI]\"{0}\"", GetGpoPath(gpoId)),
+                string.Format("$rule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule([System.Security.Principal.NTAccount]\"{0}\\{1}\",\"ExtendedRight\",\"Deny\",[GUID]\"edacfd8f-ffb3-11d1-b41d-00a0c968f939\")",
+                    RootDomain.Split('.').First(), GetLocalAdminsGroupName(collectionName)),
+                string.Format("$acl = $adgpo.ObjectSecurity"),
+                string.Format("$acl.AddAccessRule($rule)"),
+                string.Format("$adgpo.CommitChanges()")
+            };
+
+            object[] errors = null;
+            ExecuteRemoteShellCommand(runspace, PrimaryDomainController, scripts, out errors);
+        }
+
         private void SetPolicyPermissions(Runspace runspace, string gpoName, DirectoryEntry entry, DirectoryEntry collectionComputersEntry)
         {
             var scripts = new List<string>
@@ -1752,7 +1775,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
                 string collectionComputersPath = GetComputerGroupPath(organizationId, collection.Name);
                 CreatePolicy(runSpace, organizationId, string.Format("{0}-administrators", collection.Name),
                     new DirectoryEntry(GetGroupPath(organizationId, collection.Name, GetLocalAdminsGroupName(collection.Name))), new DirectoryEntry(collectionComputersPath), collection.Name);
-                CreatePolicy(runSpace, organizationId, string.Format("{0}-users", collection.Name), new DirectoryEntry(GetUsersGroupPath(organizationId, collection.Name))
+                CreateUsersPolicy(runSpace, organizationId, string.Format("{0}-users", collection.Name), new DirectoryEntry(GetUsersGroupPath(organizationId, collection.Name))
                     , new DirectoryEntry(collectionComputersPath), collection.Name);
                 CreateHelpDeskPolicy(runSpace, new DirectoryEntry(GetHelpDeskGroupPath(RDSHelpDeskGroup)), new DirectoryEntry(collectionComputersPath), organizationId, collection.Name);
 
@@ -2434,6 +2457,19 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
             return sb.ToString();
         }
 
+        private string GetGpoPath(string gpoId)
+        {
+            StringBuilder sb = new StringBuilder();
+
+            AppendProtocol(sb);
+            AppendCNPath(sb, gpoId);
+            AppendCNPath(sb, "Policies");
+            AppendCNPath(sb, "System");
+            AppendDomainPath(sb, RootDomain);
+
+            return sb.ToString();
+        }
+
         internal string GetTenantComputerGroupPath(string organizationId)
         {
             StringBuilder sb = new StringBuilder();

From 10bd8fe6542034d76bfead917cc745f4cb52ca6d Mon Sep 17 00:00:00 2001
From: vfedosevich <devnull@localhost>
Date: Tue, 26 May 2015 05:10:04 -0700
Subject: [PATCH 2/2] Check before RDS users delete

---
 .../RemoteDesktopServicesController.cs        |  9 ++-
 .../Windows2012.cs                            |  6 +-
 .../RDS/RDSEditCollectionUsers.ascx           | 74 +++++++++--------
 .../RDS/RDSEditCollectionUsers.ascx.cs        | 32 +++-----
 .../RDSCollectionUsers.ascx.resx              |  9 +++
 .../RDS/UserControls/RDSCollectionUsers.ascx  | 37 ++++++++-
 .../UserControls/RDSCollectionUsers.ascx.cs   | 71 +++++++++++++++-
 .../RDSCollectionUsers.ascx.designer.cs       | 81 +++++++++++++++++++
 8 files changed, 255 insertions(+), 64 deletions(-)

diff --git a/WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/RemoteDesktopServices/RemoteDesktopServicesController.cs b/WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/RemoteDesktopServices/RemoteDesktopServicesController.cs
index 7c75150a..975d49c1 100644
--- a/WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/RemoteDesktopServices/RemoteDesktopServicesController.cs
+++ b/WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/RemoteDesktopServices/RemoteDesktopServicesController.cs
@@ -1596,7 +1596,14 @@ namespace WebsitePanel.EnterpriseServer
 
             var rds = RemoteDesktopServicesHelpers.GetRemoteDesktopServices(RemoteDesktopServicesHelpers.GetRemoteDesktopServiceID(org.PackageId));
             var collection = ObjectUtils.FillObjectFromDataReader<RdsCollection>(DataProvider.GetRDSCollectionById(collectionId));
-            var users = rds.GetApplicationUsers(collection.Name, remoteApp.Alias);
+            string alias = "";
+
+            if (remoteApp != null)
+            {
+                alias = remoteApp.Alias;
+            }
+
+            var users = rds.GetApplicationUsers(collection.Name, alias);
             result.AddRange(users);
 
             return result;
diff --git a/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs b/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
index 058ccb32..62f3db25 100644
--- a/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
+++ b/WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
@@ -709,7 +709,11 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
                 Command cmd = new Command("Get-RDRemoteApp");
                 cmd.Parameters.Add("CollectionName", collectionName);
                 cmd.Parameters.Add("ConnectionBroker", ConnectionBroker);
-                cmd.Parameters.Add("Alias", applicationName);
+
+                if (!string.IsNullOrEmpty(applicationName))
+                {
+                    cmd.Parameters.Add("Alias", applicationName);
+                }
 
                 var application = ExecuteShellCommand(runspace, cmd, false).FirstOrDefault();
 
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx
index 57a37195..02015403 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx
@@ -10,42 +10,40 @@
 
 <wsp:EnableAsyncTasksSupport id="asyncTasks" runat="server"/>
 
-<div id="ExchangeContainer">
-	<div class="Module">
-		<div class="Left">
-		</div>
-		<div class="Content">
-			<div class="Center">
-				<div class="Title">
-					<asp:Image ID="imgEditRDSCollection" SkinID="EnterpriseStorageSpace48" runat="server" />
-					<asp:Localize ID="locTitle" runat="server" meta:resourcekey="locTitle" Text="Edit RDS Collection"></asp:Localize>
-                    -
-					<asp:Literal ID="litCollectionName" runat="server" Text="" />
-				</div>
-				<div class="FormContentRDS">
-				    <wsp:SimpleMessageBox id="messageBox" runat="server" />
-                    <wsp:CollectionTabs id="tabs" runat="server" SelectedTab="rds_collection_edit_users" />
-                    					
-                    <wsp:CollapsiblePanel id="secRdsUsers" runat="server"
-                        TargetControlID="panelRdsUsers" meta:resourcekey="secRdsUsers" Text="">
-                    </wsp:CollapsiblePanel>		
-                    
-                    <asp:Panel runat="server" ID="panelRdsUsers">                                                
-                        <div style="padding: 10px;">
-                            <wsp:CollectionUsers id="users" runat="server" />
-                        </div>                            
-                    </asp:Panel>
-                    <div>
-				        <asp:Localize ID="locQuota" runat="server" meta:resourcekey="locQuota" Text="Users Created:"></asp:Localize>
-				        &nbsp;&nbsp;&nbsp;
-				        <wsp:QuotaViewer ID="usersQuota" runat="server" QuotaTypeId="2" DisplayGauge="true" />
+        <div id="ExchangeContainer">
+            <div class="Module">
+                <div class="Left">
+                </div>
+                <div class="Content">
+                    <div class="Center">
+                        <div class="Title">
+                            <asp:Image ID="imgEditRDSCollection" SkinID="EnterpriseStorageSpace48" runat="server" />
+                            <asp:Localize ID="locTitle" runat="server" meta:resourcekey="locTitle" Text="Edit RDS Collection"></asp:Localize>
+                            -
+                            <asp:Literal ID="litCollectionName" runat="server" Text="" />
+                        </div>
+                        <div class="FormContentRDS">
+                            <wsp:SimpleMessageBox id="messageBox" runat="server" />
+                            <wsp:CollectionTabs id="tabs" runat="server" SelectedTab="rds_collection_edit_users" />                    					
+                            <wsp:CollapsiblePanel id="secRdsUsers" runat="server"
+                                TargetControlID="panelRdsUsers" meta:resourcekey="secRdsUsers" Text="">
+                            </wsp:CollapsiblePanel>		
+                            <asp:Panel runat="server" ID="panelRdsUsers">                                                
+                                <div style="padding: 10px;">
+                                    <wsp:CollectionUsers id="users" runat="server" />
+                                </div>                            
+                            </asp:Panel>
+                            <div>
+                                <asp:Localize ID="locQuota" runat="server" meta:resourcekey="locQuota" Text="Users Created:"></asp:Localize>
+                                &nbsp;&nbsp;&nbsp;
+                                <wsp:QuotaViewer ID="usersQuota" runat="server" QuotaTypeId="2" DisplayGauge="true" />
+                            </div>
+                            <div class="FormFooterClean">
+                                <wsp:ItemButtonPanel id="buttonPanel" runat="server" ValidationGroup="SaveRDSCollection" 
+                                    OnSaveClick="btnSave_Click" OnSaveExitClick="btnSaveExit_Click" />
+                            </div>
+                        </div>
                     </div>
-                    <div class="FormFooterClean">
-                        <wsp:ItemButtonPanel id="buttonPanel" runat="server" ValidationGroup="SaveRDSCollection" 
-                            OnSaveClick="btnSave_Click" OnSaveExitClick="btnSaveExit_Click" />
-			        </div>
-				</div>
-			</div>
-		</div>
-	</div>
-</div>
\ No newline at end of file
+                </div>
+            </div>
+        </div>
\ No newline at end of file
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx.cs
index 906a2160..efcc68cb 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/RDSEditCollectionUsers.ascx.cs
@@ -26,7 +26,9 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+using AjaxControlToolkit;
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Web.UI.WebControls;
 using WebsitePanel.EnterpriseServer;
@@ -41,31 +43,16 @@ namespace WebsitePanel.Portal.RDS
         
         protected void Page_Load(object sender, EventArgs e)
         {
-            users.Module = Module;        
+            users.Module = Module;
+            users.OnRefreshClicked -= OnRefreshClicked;
+            users.OnRefreshClicked += OnRefreshClicked;
 
             if (!IsPostBack)
             {                
                 BindQuota();
-                var collectionUsers = ES.Services.RDS.GetRdsCollectionUsers(PanelRequest.CollectionID);
-                var collection = ES.Services.RDS.GetRdsCollection(PanelRequest.CollectionID);
-                var localAdmins = ES.Services.RDS.GetRdsCollectionLocalAdmins(PanelRequest.CollectionID);
-
-                foreach (var user in collectionUsers)
-                {
-                    if (localAdmins.Select(l => l.AccountName).Contains(user.AccountName))
-                    {
-                        user.IsVIP = true;
-                    }
-                    else
-                    {
-                        user.IsVIP = false;
-                    }
-                }
-                
-                litCollectionName.Text = collection.DisplayName;
-                users.SetUsers(collectionUsers);
+                users.BindUsers();
             }
-        }
+        }        
 
         private void BindQuota()
         {
@@ -87,6 +74,11 @@ namespace WebsitePanel.Portal.RDS
             }
         }
 
+        private void OnRefreshClicked(object sender, EventArgs e)
+        {           
+            ((ModalPopupExtender)asyncTasks.FindControl("ModalPopupProperties")).Hide();
+        }
+
         private bool SaveRdsUsers()
         {
             try
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/App_LocalResources/RDSCollectionUsers.ascx.resx b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/App_LocalResources/RDSCollectionUsers.ascx.resx
index 47a2f1e3..1686c266 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/App_LocalResources/RDSCollectionUsers.ascx.resx
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/App_LocalResources/RDSCollectionUsers.ascx.resx
@@ -126,6 +126,9 @@
   <data name="btnCancel.Text" xml:space="preserve">
     <value>Cancel</value>
   </data>
+  <data name="btnCancelDeleteWarning.Text" xml:space="preserve">
+    <value>Cancel</value>
+  </data>
   <data name="btnDelete.Text" xml:space="preserve">
     <value>Delete</value>
   </data>
@@ -153,4 +156,10 @@
   <data name="headerAddAccounts.Text" xml:space="preserve">
     <value>Enabled Users</value>
   </data>
+  <data name="headerDeleteWarning.Text" xml:space="preserve">
+    <value>Warning</value>
+  </data>
+  <data name="locDeleteWarning.Text" xml:space="preserve">
+    <value>Unable to remove the following user(s) since they are local admins&lt;br/&gt;or they were granted access to remote applications</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx
index 1572c47a..138d7f28 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx
@@ -5,7 +5,7 @@
     <ContentTemplate>
 	<div class="FormButtonsBarClean">
 		<asp:Button ID="btnAdd" runat="server" Text="Add..." CssClass="Button1"  OnClick="btnAdd_Click" meta:resourcekey="btnAdd"  />
-		<asp:Button ID="btnDelete" runat="server" Text="Delete" CssClass="Button1" OnClick="btnDelete_Click" meta:resourcekey="btnDelete"/>
+		<asp:Button ID="btnDelete" runat="server" Text="Delete" CssClass="Button1" OnClick="btnDelete_Click" OnClientClick="ShowProgressDialog('Checking users ...');return true;" meta:resourcekey="btnDelete"/>
 	</div>
 	<asp:GridView ID="gvUsers" runat="server" meta:resourcekey="gvUsers" AutoGenerateColumns="False"
 		Width="600px" CssSelectorClass="NormalGridView" OnRowCommand="gvUsers_RowCommand"
@@ -113,6 +113,41 @@
 	</div>
 </asp:Panel>
 
+        <asp:Panel ID="DeleteWarningPanel" runat="server" CssClass="Popup" style="display:none">
+            <table class="Popup-Header" cellpadding="0" cellspacing="0">
+                <tr>
+                    <td class="Popup-HeaderLeft"/>
+                    <td class="Popup-HeaderTitle">
+                        <asp:Localize ID="lcDeleteWarningHeader" runat="server" meta:resourcekey="headerDeleteWarning"></asp:Localize>
+                    </td>
+                    <td class="Popup-HeaderRight"/>
+                </tr>
+            </table>
+            <div class="Popup-Content">
+                <div class="Popup-Body">
+                    <br />
+                    <asp:UpdatePanel ID="deleteWarningUpdatePanel" runat="server" UpdateMode="Conditional" ChildrenAsTriggers="true">
+                        <ContentTemplate>
+                            <div class="Popup-Scroll" style="height:auto;">                                                        
+                                <asp:Panel runat="server" ID="panelDeleteWarning">
+                                    <asp:Localize runat="server" ID="locDeleteWarning" Text="Unable to remove the following user(s) since they are local admins or<br/>they were granted access to remote applications" />
+                                    <br/>
+                                    <asp:Literal runat="server" ID="ltUsers" Text="" />
+                                </asp:Panel>
+                            </div>
+                        </ContentTemplate>
+                    </asp:UpdatePanel>
+                    <br />
+                </div>
+                <div class="FormFooter">                
+                    <asp:Button ID="btnCancelDeleteWarning" runat="server" CssClass="Button1" meta:resourcekey="btnCancelDeleteWarning" Text="Cancel" CausesValidation="false" />
+                </div>
+            </div>
+        </asp:Panel>
+        <asp:Button ID="btnDeleteWarningFake" runat="server" style="display:none;" />
+        <ajaxToolkit:ModalPopupExtender ID="DeleteWarningModal" runat="server" TargetControlID="btnDeleteWarningFake" PopupControlID="DeleteWarningPanel" 
+            BackgroundCssClass="modalBackground" DropShadow="false" CancelControlID="btnCancelDeleteWarning"/>
+
 <asp:Button ID="btnAddAccountsFake" runat="server" style="display:none;" />
 <ajaxToolkit:ModalPopupExtender ID="AddAccountsModal" runat="server"
 	TargetControlID="btnAddAccountsFake" PopupControlID="AddAccountsPanel"
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.cs
index 2a077931..c735f9c6 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.cs
@@ -41,6 +41,7 @@ namespace WebsitePanel.Portal.RDS.UserControls
     public partial class RDSCollectionUsers : WebsitePanelControlBase
 	{
         public const string DirectionString = "DirectionString";
+        public event EventHandler OnRefreshClicked;
 
         public bool ButtonAddEnabled
         {
@@ -100,9 +101,16 @@ namespace WebsitePanel.Portal.RDS.UserControls
 
 		protected void btnDelete_Click(object sender, EventArgs e)
 		{
-            List<OrganizationUser> selectedAccounts = GetGridViewUsers(SelectedState.Unselected);
+            if (CheckDeletedUsers())
+            {
+                List<OrganizationUser> selectedAccounts = GetGridViewUsers(SelectedState.Unselected);
+                BindAccounts(selectedAccounts.ToArray(), false);
+            }
 
-			BindAccounts(selectedAccounts.ToArray(), false);
+            if (OnRefreshClicked != null)
+            {
+                OnRefreshClicked(sender, new EventArgs());
+            }  
 		}
 
 		protected void btnAddSelected_Click(object sender, EventArgs e)
@@ -134,9 +142,66 @@ namespace WebsitePanel.Portal.RDS.UserControls
             return GetThemedImage("Exchange/" + imgName);
         }
 
+        public bool CheckDeletedUsers()
+        {
+            var rdsUsers = GetGridViewUsers(SelectedState.Selected);
+            var localAdmins = ES.Services.RDS.GetRdsCollectionLocalAdmins(PanelRequest.CollectionID);
+            var organizationUsers = ES.Services.Organizations.GetOrganizationUsersPaged(PanelRequest.ItemID, null, null, null, 0, Int32.MaxValue).PageUsers;
+            var applicationUsers = ES.Services.RDS.GetApplicationUsers(PanelRequest.ItemID, PanelRequest.CollectionID, null);
+            var remoteAppUsers = organizationUsers.Where(x => applicationUsers.Select(a => a.Split('\\').Last().ToLower()).Contains(x.SamAccountName.Split('\\').Last().ToLower()));
+
+            var deletedUsers = new List<OrganizationUser>();
+
+            deletedUsers.AddRange(rdsUsers.Where(r => localAdmins.Select(l => l.AccountName.ToLower()).Contains(r.AccountName.ToLower())));
+            remoteAppUsers = remoteAppUsers.Where(r => !localAdmins.Select(l => l.AccountName.ToLower()).Contains(r.AccountName.ToLower()));
+            deletedUsers.AddRange(rdsUsers.Where(r => remoteAppUsers.Select(l => l.AccountName.ToLower()).Contains(r.AccountName.ToLower())));
+            deletedUsers = deletedUsers.Distinct().ToList();
+
+            if (deletedUsers.Any())
+            {                
+                ltUsers.Text = string.Join("<br/>", deletedUsers.Select(d => d.DisplayName));                
+                DeleteWarningModal.Show();
+
+                return false;
+            }
+
+            return true;
+        }
+
+        public void BindUsers()
+        {
+            var collectionUsers = ES.Services.RDS.GetRdsCollectionUsers(PanelRequest.CollectionID);
+            var collection = ES.Services.RDS.GetRdsCollection(PanelRequest.CollectionID);
+            var localAdmins = ES.Services.RDS.GetRdsCollectionLocalAdmins(PanelRequest.CollectionID);
+
+            foreach (var user in collectionUsers)
+            {
+                if (localAdmins.Select(l => l.AccountName).Contains(user.AccountName))
+                {
+                    user.IsVIP = true;
+                }
+                else
+                {
+                    user.IsVIP = false;
+                }
+            }
+            
+            SetUsers(collectionUsers);
+        }
+
 		protected void BindPopupAccounts()
 		{
-            OrganizationUser[] accounts = ES.Services.Organizations.GetOrganizationUsersPaged(PanelRequest.ItemID, null, null, null, 0, Int32.MaxValue).PageUsers;
+            OrganizationUser[] accounts;
+
+            if (PanelRequest.Ctl == "rds_collection_edit_users")
+            {
+                accounts = ES.Services.Organizations.GetOrganizationUsersPaged(PanelRequest.ItemID, null, null, null, 0, Int32.MaxValue).PageUsers;
+            }
+            else
+            {
+                accounts = ES.Services.RDS.GetRdsCollectionUsers(PanelRequest.CollectionID);
+            }
+
             var localAdmins = ES.Services.RDS.GetRdsCollectionLocalAdmins(PanelRequest.CollectionID);
 
             foreach (var user in accounts)
diff --git a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.designer.cs b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.designer.cs
index 0ee1baea..5162a5e3 100644
--- a/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.designer.cs
+++ b/WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/RDS/UserControls/RDSCollectionUsers.ascx.designer.cs
@@ -138,6 +138,87 @@ namespace WebsitePanel.Portal.RDS.UserControls {
         /// </remarks>
         protected global::System.Web.UI.WebControls.Button btnCancelAdd;
         
+        /// <summary>
+        /// DeleteWarningPanel control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Panel DeleteWarningPanel;
+        
+        /// <summary>
+        /// lcDeleteWarningHeader control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Localize lcDeleteWarningHeader;
+        
+        /// <summary>
+        /// deleteWarningUpdatePanel control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.UpdatePanel deleteWarningUpdatePanel;
+        
+        /// <summary>
+        /// panelDeleteWarning control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Panel panelDeleteWarning;
+        
+        /// <summary>
+        /// locDeleteWarning control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Localize locDeleteWarning;
+        
+        /// <summary>
+        /// ltUsers control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Literal ltUsers;
+        
+        /// <summary>
+        /// btnCancelDeleteWarning control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Button btnCancelDeleteWarning;
+        
+        /// <summary>
+        /// btnDeleteWarningFake control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Button btnDeleteWarningFake;
+        
+        /// <summary>
+        /// DeleteWarningModal control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::AjaxControlToolkit.ModalPopupExtender DeleteWarningModal;
+        
         /// <summary>
         /// btnAddAccountsFake control.
         /// </summary>