Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows 2003 Terminal Server. Only allow a specific PC access to terminal server.

Posted on 2006-07-11
4
Medium Priority
?
441 Views
Last Modified: 2008-03-10
We are running windows 2003 terminal server application server hosting one application.. WE ARE USING PER COMPUTER LICENSING.

We now have consultants needing to use the terminal server. Do to licensing we can only let them have ONE license to use. What we are needing is to make sure that only one person in the consultants office will use our terminal server.  

 
Is there a way to only allow a certain computer to connect to the terminal server? Or an ID can only logon to terminal server from a specific PC?

I've tried only allowing certain computers access but the terminal server goes by USER ID. So it doesn't matter if I only allow certain computers.  The consultants have one ID on our domain they would use to access the terminal server.

We can't block it by IP because they are accessing us with VPN that uses DHCP.

Thanks

0
Comment
Question by:Stella Pauley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 1

Expert Comment

by:cbeee
ID: 17082540
Only allowing a certain computer to connect isn't possible and wouldn't work if you could as you can have multiple sessions from the same computer to the TS.  

There may be a fiddly hack around this but in terms of audting, security and best practices, you should give each consultant a serpate logon.

0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 17083265
For this to work, you need to use "Per User" licensing, as the consultants will share one account.
Using "Per Device" CALs won't work, those are tied to one specific device and are NOT concurrent (and neither are Per User TS CALs concurrent!), so each consultant logging in through VPN would require his own Per Device CAL.
Then define a policy to only allow one session per user, to make sure the shared account isn't used concurrently: under Computer Configuration\Administrative Templates\Windows Components\Terminal Services, enable "Restrict terminal server users to one remote session" (or similar, not using an English version).
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question