illtbagu
asked on
terminal services WAN security
I have a few questions about terminal services. I have been using pcanywhere when I need to remote into our servers through the internet. I would like to use terminals services but I was wondering about security. Everywhere I have read its being claimed that terminal services is very secure to use through the internet. What kind of encryption does terminal services use?
I have a sonicwall with VPN capabilities. I was going to use vpn to gain LAN through the internet and then use terminal services for remote desktop (just for ease of use for multiple terminal server computers) would this be more secure than just using port forwarding and opening up the firewall for terminal services on port 3389.
Also what about licensing? From what I can understand on Microsoft's website it says that if I have 50 server 2000 cals then this allows me to run 50 client terminal services?
Thanks,
AD
I have a sonicwall with VPN capabilities. I was going to use vpn to gain LAN through the internet and then use terminal services for remote desktop (just for ease of use for multiple terminal server computers) would this be more secure than just using port forwarding and opening up the firewall for terminal services on port 3389.
Also what about licensing? From what I can understand on Microsoft's website it says that if I have 50 server 2000 cals then this allows me to run 50 client terminal services?
Thanks,
AD
illtbagu,
Ports you need open
3389/TCP (Q300847)
Also check Q289241
From http://oldlook.experts-exchange.com/questions/20321426/Terminal-Services-through-a-Firewall.html?query=terminal+services+firewall&searchType=topic
PL
Ports you need open
3389/TCP (Q300847)
Also check Q289241
From http://oldlook.experts-exchange.com/questions/20321426/Terminal-Services-through-a-Firewall.html?query=terminal+services+firewall&searchType=topic
PL
ASKER
I got the port part if you noticed in my opening post :)
I was just wondering about any security issues there are with terminal services? including using terminal services over the WAN (internet). Only myself and 1 other will be using this service, and we will only be using it for remote desktop. Also on the windows NT machine I have Im not seeing this as a option to add or remove from the windows NT setup under add remove program files like in server 2000. how can I get my hands on terminal services for NT. Is this something that gets installed during the initial install of NT.
Also 1 other thing. I tried to install terminal server under add remove windows 2000 components on 1 of the server 2000 machines running service pack 3 and its asking for the service pack 3 disk. I do not have the disk. when i browsed for the files its asking for they are not all on the machine. how can i get this installed.
Thanks,
AD
I was just wondering about any security issues there are with terminal services? including using terminal services over the WAN (internet). Only myself and 1 other will be using this service, and we will only be using it for remote desktop. Also on the windows NT machine I have Im not seeing this as a option to add or remove from the windows NT setup under add remove program files like in server 2000. how can I get my hands on terminal services for NT. Is this something that gets installed during the initial install of NT.
Also 1 other thing. I tried to install terminal server under add remove windows 2000 components on 1 of the server 2000 machines running service pack 3 and its asking for the service pack 3 disk. I do not have the disk. when i browsed for the files its asking for they are not all on the machine. how can i get this installed.
Thanks,
AD
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> Everywhere I have read its being claimed that terminal services is very secure to use through the internet
Nothing is secure on internet, that is as exposed as you can get.
Try this for list of ports for supporting users other than yourself:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/exchange/exchange2000/reskit/resguide/appendb.asp
Nothing is secure on internet, that is as exposed as you can get.
Try this for list of ports for supporting users other than yourself:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/exchange/exchange2000/reskit/resguide/appendb.asp
> Microsoft's website it says that if I have 50 server 2000 cals then this allows me to run 50 client terminal services?
OK, and remember that is above and beyond any desktop licensing, not to mention the applications themselves, which would be what? eMail?
OK, and remember that is above and beyond any desktop licensing, not to mention the applications themselves, which would be what? eMail?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
John or anyone for that matter help,
I created and assigned the new policy using Microsoft's suggestion like john had suggested, but it seems that only 1 policy can be assigned at a time. When I assigned the new policy I created it turned off any existing policy that might have been assigned. As of right now there is 4 policies
client (respond only)
secure server (requires security)
server (request security)
and the 1 I created secure terminal service connection
How can I tell what policies were previously assigned if any. Why can I only assign 1 policy.
Thanks,
AD
I created and assigned the new policy using Microsoft's suggestion like john had suggested, but it seems that only 1 policy can be assigned at a time. When I assigned the new policy I created it turned off any existing policy that might have been assigned. As of right now there is 4 policies
client (respond only)
secure server (requires security)
server (request security)
and the 1 I created secure terminal service connection
How can I tell what policies were previously assigned if any. Why can I only assign 1 policy.
Thanks,
AD
try Remote Desktop Connection :
client
http://www.microsoft.com/downloads/details.aspx?FamilyID=a8255ffc-4b4a-40e7-a706-cde7e9b57e79&DisplayLang=en
web browser:
http://www.microsoft.com/downloads/details.aspx?FamilyID=e2ff8fb5-97ff-47bc-bacc-92283b52b310&DisplayLang=en
http://www.microsoft.com/downloads/results.aspx?productID=&freetext=%22remote+desktop%22&DisplayLang=en
client
http://www.microsoft.com/downloads/details.aspx?FamilyID=a8255ffc-4b4a-40e7-a706-cde7e9b57e79&DisplayLang=en
web browser:
http://www.microsoft.com/downloads/details.aspx?FamilyID=e2ff8fb5-97ff-47bc-bacc-92283b52b310&DisplayLang=en
http://www.microsoft.com/downloads/results.aspx?productID=&freetext=%22remote+desktop%22&DisplayLang=en
I use Sonicwall VPN and TS also. If you are tunneled, then you are secure. I use remote desktop when I'm off-site. If I don't have access to the VPN key, I use the live addy that NAT's to my TS box. You can also use TSWeb, which is really cool, too.
If you run your 2000 or newer box in Administration mode, you can TS in with one session for remote administration which I am almost certain only requires a 2000 Server CAL, not a TS CAL.
If you run your 2000 or newer box in Administration mode, you can TS in with one session for remote administration which I am almost certain only requires a 2000 Server CAL, not a TS CAL.
What ports are needed through a firewall to get licenses from a license server?
Tx,
Bob
Tx,
Bob
Dahc521
Can U give me some clear details on setting up the VPN on sonicwall, what client do U use? what is "live addy"? sorry if these questions are obvious but i'm very new to VPN's. I'm trying to set up a sonicwall VPN to 2003 server for Terminal services running a single app for three remote users. I am purchasing terminal licences.
Thanks for your time
PhillB
Can U give me some clear details on setting up the VPN on sonicwall, what client do U use? what is "live addy"? sorry if these questions are obvious but i'm very new to VPN's. I'm trying to set up a sonicwall VPN to 2003 server for Terminal services running a single app for three remote users. I am purchasing terminal licences.
Thanks for your time
PhillB
As far as licencing, you are allowed two concurrent connections to EACH server for remote administration.
PeteL