Win2K TS

I want to set up a windows 2000 terminal server at home in order to remotely access several apps.

Since I have never setup a terminal server I am going to need some help.  I don't think the local setup will be to bad, but unsure of how to allow a remote user access.

Can someone point me the right direction.  Thanks
vivo123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Assuming you have a Server, all you have to do is make sure the Terminal Services Component is installed by going to Add/remove programs and then the Windows Components button.  Make sure Terminal Services is checked and ok out.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
You will be prompted as to what mode you want to install it in.  If you plan on allowing others, you'll have to use Application Sharing/Server mode.  However, this will require installing Terminal Services Licensing server and obtaining Licenses.  Since you have server at home, I'm guessing your a member of MSDN - a few licenses are included for this with MSDN so you should be ok.

If you just want it for yourself, you can set it up in Administrative mode - this will allows only admins to log in via terminal services.  All other terminal services capabilities are there - it's just a restriction on the class of user.  
0
alimuCommented:
Actually Administrative mode means that it's an install of terminal services to be used for administrative purposes.  It only has 2 CALs so you only get a maximum of 2 client connections through to the server at any one time.

A vanilla install will restrict to administrators, to allow other users you may need to grant them a couple of rights in local security policy, namely the "logon locally" right.  If you're not in a domain, you just configure this in local security policy:
Administrative Tools--> Local Security Policy
Security Settings-->Local Policies-->User Rights Assignment-->Double Click "Log on Locally" and add your users/groups.

If you're using win2k pre service pack 2 you'll also need to add the users to "Remote Desktop Users" group.  This group already has the right "Allow logon through terminal services".  This right is ignored after service pack 2.

Are your remote users going to be on your home network?  If not you will need port 3389 open on your firewall and you will need to forward requests to port 3389 through to your server via some sort of routing.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

vivo123Author Commented:
Thanks for the information.  Currently it is setup in Administrative Mode and I want to be able to connect from outside of the network.  What does the external client need to use to connect to the network?  I use Remote desktop from within the network.  Not sure about the external client. (Can I create a client termainl service disk to install on the client)

Is the client connection the same if the server was in application mode?

Thanks again for your input.
0
alimuCommented:
remote desktop's fine.
connections the same.
If they're win2k clients the terminal services client is usually on the machines in a subdirectory of system32.
just do a search for mstsc.exe and you should be able to find it.

would advise giving it a go and then we'll work through problems if they crop up.
You'll have to know what your IP address is out on your ISP's network too.  
This is usually a dhcp address that gets changed every so often if you're using ADSL or Cable Internet, or a dhcp address that's assigned on connection with a modem.
This address is what the external clients will be connecting to (so if it's a static address it's obviously much easier to get to).
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
alimu said:
> Actually Administrative mode means that it's an install of terminal services to be used for administrative purposes.

That's true, but my point is, using that mode does not in any technical way prevent you from doing the same things you can if it were in application mode.

You can use ANY RDP client to connect to the system from outside the network.  Among the clients you can use:
*Windows 2000's client (can be created from within Server and put on two floppies)
*Rdesktop - a linux and unix version that can run from just about any *nix I've seen (www.rdesktop.org)
*Windows CE clients if you purchase them
*Palm OS (you have to purchase - 2 week trial available).
*The XP Remote Desktop client (RDP) available from http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx
*Remote Desktop Web Connection - which you have to install on an IIS web server and can only be used with Internet Explorer (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/remote_desktop_web_connection.asp)
0
alimuCommented:
leew, My comment was a clarification of your statement  "this will allows only admins to log in via terminal services.  All other terminal services capabilities are there - it's just a restriction on the class of user."
This is actually on the case where local security policy is left unconfigured.  The difference between the versions is in the number of CALs available by default and what the intended purpose of terminal services is.
0
vivo123Author Commented:
Worked great..  Thanks for the help and understanding
0
vivo123Author Commented:
Oh yeah.. What about security..  
0
alimuCommented:
First of all make sure all your service packs, hotfixes and antivirus definition files are up to date (and kept that way).
Next, have a look at this for ideas on securing terminal services: http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.