Solved

Windows 2003 Terminal Server. Only allow a specific PC access to terminal server.

Posted on 2006-07-11
4
433 Views
Last Modified: 2008-03-10
We are running windows 2003 terminal server application server hosting one application.. WE ARE USING PER COMPUTER LICENSING.

We now have consultants needing to use the terminal server. Do to licensing we can only let them have ONE license to use. What we are needing is to make sure that only one person in the consultants office will use our terminal server.  

 
Is there a way to only allow a certain computer to connect to the terminal server? Or an ID can only logon to terminal server from a specific PC?

I've tried only allowing certain computers access but the terminal server goes by USER ID. So it doesn't matter if I only allow certain computers.  The consultants have one ID on our domain they would use to access the terminal server.

We can't block it by IP because they are accessing us with VPN that uses DHCP.

Thanks

0
Comment
Question by:Stella Pauley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 1

Expert Comment

by:cbeee
ID: 17082540
Only allowing a certain computer to connect isn't possible and wouldn't work if you could as you can have multiple sessions from the same computer to the TS.  

There may be a fiddly hack around this but in terms of audting, security and best practices, you should give each consultant a serpate logon.

0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 17083265
For this to work, you need to use "Per User" licensing, as the consultants will share one account.
Using "Per Device" CALs won't work, those are tied to one specific device and are NOT concurrent (and neither are Per User TS CALs concurrent!), so each consultant logging in through VPN would require his own Per Device CAL.
Then define a policy to only allow one session per user, to make sure the shared account isn't used concurrently: under Computer Configuration\Administrative Templates\Windows Components\Terminal Services, enable "Restrict terminal server users to one remote session" (or similar, not using an English version).
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question