Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 452
  • Last Modified:

Windows 2003 Terminal Server. Only allow a specific PC access to terminal server.

We are running windows 2003 terminal server application server hosting one application.. WE ARE USING PER COMPUTER LICENSING.

We now have consultants needing to use the terminal server. Do to licensing we can only let them have ONE license to use. What we are needing is to make sure that only one person in the consultants office will use our terminal server.  

 
Is there a way to only allow a certain computer to connect to the terminal server? Or an ID can only logon to terminal server from a specific PC?

I've tried only allowing certain computers access but the terminal server goes by USER ID. So it doesn't matter if I only allow certain computers.  The consultants have one ID on our domain they would use to access the terminal server.

We can't block it by IP because they are accessing us with VPN that uses DHCP.

Thanks

0
Stella Pauley
Asked:
Stella Pauley
1 Solution
 
cbeeeCommented:
Only allowing a certain computer to connect isn't possible and wouldn't work if you could as you can have multiple sessions from the same computer to the TS.  

There may be a fiddly hack around this but in terms of audting, security and best practices, you should give each consultant a serpate logon.

0
 
oBdACommented:
For this to work, you need to use "Per User" licensing, as the consultants will share one account.
Using "Per Device" CALs won't work, those are tied to one specific device and are NOT concurrent (and neither are Per User TS CALs concurrent!), so each consultant logging in through VPN would require his own Per Device CAL.
Then define a policy to only allow one session per user, to make sure the shared account isn't used concurrently: under Computer Configuration\Administrative Templates\Windows Components\Terminal Services, enable "Restrict terminal server users to one remote session" (or similar, not using an English version).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now