terminal services configuration

Posted on 2004-11-22
Last Modified: 2010-04-19
I have terminal services runningon a 2000 server. In application mode. I notice that my test user login (not an admin) is able to shut down the server. How do I turn that off, I do not want users to be able to shut off the server!!

I wouod appreciate any comments on typical setups for terminal services. I am new to it, only used remote admin mode before.

Does running TS add a big hit to the server performance - if only 1-3 people use it a day? Is it usually put on a different server than one that is also used as a fileserver and primary domain controller?

Anyhow, I really want to set the permissions for using some of the windows functions - like 'shut down' - so I can limit who can do that on this server - while in a terminal services session.

Thanks for the help

Question by:troyhicks
    LVL 3

    Accepted Solution


    I will come back to preventing the user from shutting it down later.

    1st  Yes it is a best and common practice to have your TS on its own machine.

    2nd  Yes every session can take alot of your resources.  best way to see this is one task manager and view proformace tab when you have you normal load and then again with remote users logged on.  Should be a big change.

    3rd If your users are comming in from outside of your network, IE WAN or Internet connection, there are very real security concerns.  Any mistake in security on the server or firewall could be very dangerous to start.  Having the machine exposed be a Domain Controller is even a greater risk.  In my opinion...  It is  a complete mistake, that you would be hard pressed to explain if something did go wrong.

    Here is a link to info on the correct set up of a server for TS.;en-us;260370

    Good luck and move your TS to another server as soon as you can.



    Author Comment

    ok, thanks. I will (at first) only have one user (a former IT consultant) using the TS. I want to be sure that shutdown is turned off, looks like that may not be possible without turning it off locally on the server. I assume using GPEDIT.MSC
    is the only way to keep shut down off. And that there is not a way to turn it off for only remote users - I tried a few ways and it did not work for me yet.

    What is the security risks specifically? Besides having a point open for someone to attempt to connect? Is TS full of holes?

    Man, I would love to mofe the TS to another server - these guys lost their password to the firewall, so it is going to be hard to move the forwarding point. I dont mind reconfiguring a firewall, but this one is doing vpn and so I have to get it right the first time - it is a sonic wall.

    Have you found a way to keep the shutdown off?

    And is the security risks you have in mind mostly just due to an avenue of approach being made available? Don't you have to live with that if you use TS?

    Thanks for the comments

    Author Comment

    I used gpedit.msc and turned off the shutdown and added logoff to the start menu. Now when you term serv in as admin, you can shut down - but normal users cannot.

    Thanks for the info. Graded as C because of only partial answers.


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now