Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

terminal services configuration

Posted on 2004-11-22
3
Medium Priority
?
202 Views
Last Modified: 2010-04-19
I have terminal services runningon a 2000 server. In application mode. I notice that my test user login (not an admin) is able to shut down the server. How do I turn that off, I do not want users to be able to shut off the server!!

I wouod appreciate any comments on typical setups for terminal services. I am new to it, only used remote admin mode before.

Does running TS add a big hit to the server performance - if only 1-3 people use it a day? Is it usually put on a different server than one that is also used as a fileserver and primary domain controller?

Anyhow, I really want to set the permissions for using some of the windows functions - like 'shut down' - so I can limit who can do that on this server - while in a terminal services session.

Thanks for the help


Troy
0
Comment
Question by:troyhicks
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
kelo501 earned 1000 total points
ID: 12651211
Troy,

I will come back to preventing the user from shutting it down later.

1st  Yes it is a best and common practice to have your TS on its own machine.

2nd  Yes every session can take alot of your resources.  best way to see this is one task manager and view proformace tab when you have you normal load and then again with remote users logged on.  Should be a big change.

3rd If your users are comming in from outside of your network, IE WAN or Internet connection, there are very real security concerns.  Any mistake in security on the server or firewall could be very dangerous to start.  Having the machine exposed be a Domain Controller is even a greater risk.  In my opinion...  It is  a complete mistake, that you would be hard pressed to explain if something did go wrong.

Here is a link to info on the correct set up of a server for TS.
http://support.microsoft.com/default.aspx?scid=kb;en-us;260370

Good luck and move your TS to another server as soon as you can.

Kelo

0
 

Author Comment

by:troyhicks
ID: 12651738
ok, thanks. I will (at first) only have one user (a former IT consultant) using the TS. I want to be sure that shutdown is turned off, looks like that may not be possible without turning it off locally on the server. I assume using GPEDIT.MSC
is the only way to keep shut down off. And that there is not a way to turn it off for only remote users - I tried a few ways and it did not work for me yet.

What is the security risks specifically? Besides having a point open for someone to attempt to connect? Is TS full of holes?

Man, I would love to mofe the TS to another server - these guys lost their password to the firewall, so it is going to be hard to move the forwarding point. I dont mind reconfiguring a firewall, but this one is doing vpn and so I have to get it right the first time - it is a sonic wall.

Have you found a way to keep the shutdown off?

And is the security risks you have in mind mostly just due to an avenue of approach being made available? Don't you have to live with that if you use TS?

Thanks for the comments
0
 

Author Comment

by:troyhicks
ID: 12707528
I used gpedit.msc and turned off the shutdown and added logoff to the start menu. Now when you term serv in as admin, you can shut down - but normal users cannot.

Thanks for the info. Graded as C because of only partial answers.

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question