troyhicks
asked on
terminal services configuration
I have terminal services runningon a 2000 server. In application mode. I notice that my test user login (not an admin) is able to shut down the server. How do I turn that off, I do not want users to be able to shut off the server!!
I wouod appreciate any comments on typical setups for terminal services. I am new to it, only used remote admin mode before.
Does running TS add a big hit to the server performance - if only 1-3 people use it a day? Is it usually put on a different server than one that is also used as a fileserver and primary domain controller?
Anyhow, I really want to set the permissions for using some of the windows functions - like 'shut down' - so I can limit who can do that on this server - while in a terminal services session.
Thanks for the help
Troy
I wouod appreciate any comments on typical setups for terminal services. I am new to it, only used remote admin mode before.
Does running TS add a big hit to the server performance - if only 1-3 people use it a day? Is it usually put on a different server than one that is also used as a fileserver and primary domain controller?
Anyhow, I really want to set the permissions for using some of the windows functions - like 'shut down' - so I can limit who can do that on this server - while in a terminal services session.
Thanks for the help
Troy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I used gpedit.msc and turned off the shutdown and added logoff to the start menu. Now when you term serv in as admin, you can shut down - but normal users cannot.
Thanks for the info. Graded as C because of only partial answers.
Thanks for the info. Graded as C because of only partial answers.
ASKER
is the only way to keep shut down off. And that there is not a way to turn it off for only remote users - I tried a few ways and it did not work for me yet.
What is the security risks specifically? Besides having a point open for someone to attempt to connect? Is TS full of holes?
Man, I would love to mofe the TS to another server - these guys lost their password to the firewall, so it is going to be hard to move the forwarding point. I dont mind reconfiguring a firewall, but this one is doing vpn and so I have to get it right the first time - it is a sonic wall.
Have you found a way to keep the shutdown off?
And is the security risks you have in mind mostly just due to an avenue of approach being made available? Don't you have to live with that if you use TS?
Thanks for the comments