Solved

Windows 2003 Terminal Server. Only allow a specific PC access to terminal server.

Posted on 2006-07-11
4
429 Views
Last Modified: 2008-03-10
We are running windows 2003 terminal server application server hosting one application.. WE ARE USING PER COMPUTER LICENSING.

We now have consultants needing to use the terminal server. Do to licensing we can only let them have ONE license to use. What we are needing is to make sure that only one person in the consultants office will use our terminal server.  

 
Is there a way to only allow a certain computer to connect to the terminal server? Or an ID can only logon to terminal server from a specific PC?

I've tried only allowing certain computers access but the terminal server goes by USER ID. So it doesn't matter if I only allow certain computers.  The consultants have one ID on our domain they would use to access the terminal server.

We can't block it by IP because they are accessing us with VPN that uses DHCP.

Thanks

0
Comment
Question by:Stella Pauley
4 Comments
 
LVL 1

Expert Comment

by:cbeee
ID: 17082540
Only allowing a certain computer to connect isn't possible and wouldn't work if you could as you can have multiple sessions from the same computer to the TS.  

There may be a fiddly hack around this but in terms of audting, security and best practices, you should give each consultant a serpate logon.

0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 17083265
For this to work, you need to use "Per User" licensing, as the consultants will share one account.
Using "Per Device" CALs won't work, those are tied to one specific device and are NOT concurrent (and neither are Per User TS CALs concurrent!), so each consultant logging in through VPN would require his own Per Device CAL.
Then define a policy to only allow one session per user, to make sure the shared account isn't used concurrently: under Computer Configuration\Administrative Templates\Windows Components\Terminal Services, enable "Restrict terminal server users to one remote session" (or similar, not using an English version).
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2003 new patches 11 72
Not a Schema Admin?  Schema Role on Non-AD Controller? 7 48
Auslogics BoostSpeed 9 software 5 70
Auto-Enrollment Group Policy 2 48
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question