Solved

Windows 2003 Terminal Server. Only allow a specific PC access to terminal server.

Posted on 2006-07-11
4
434 Views
Last Modified: 2008-03-10
We are running windows 2003 terminal server application server hosting one application.. WE ARE USING PER COMPUTER LICENSING.

We now have consultants needing to use the terminal server. Do to licensing we can only let them have ONE license to use. What we are needing is to make sure that only one person in the consultants office will use our terminal server.  

 
Is there a way to only allow a certain computer to connect to the terminal server? Or an ID can only logon to terminal server from a specific PC?

I've tried only allowing certain computers access but the terminal server goes by USER ID. So it doesn't matter if I only allow certain computers.  The consultants have one ID on our domain they would use to access the terminal server.

We can't block it by IP because they are accessing us with VPN that uses DHCP.

Thanks

0
Comment
Question by:Stella Pauley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 1

Expert Comment

by:cbeee
ID: 17082540
Only allowing a certain computer to connect isn't possible and wouldn't work if you could as you can have multiple sessions from the same computer to the TS.  

There may be a fiddly hack around this but in terms of audting, security and best practices, you should give each consultant a serpate logon.

0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 17083265
For this to work, you need to use "Per User" licensing, as the consultants will share one account.
Using "Per Device" CALs won't work, those are tied to one specific device and are NOT concurrent (and neither are Per User TS CALs concurrent!), so each consultant logging in through VPN would require his own Per Device CAL.
Then define a policy to only allow one session per user, to make sure the shared account isn't used concurrently: under Computer Configuration\Administrative Templates\Windows Components\Terminal Services, enable "Restrict terminal server users to one remote session" (or similar, not using an English version).
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question