Solved

Configuring Terminal Server for Remote User Access

Posted on 2008-06-11
3
244 Views
Last Modified: 2011-10-19
Hi:

I am configuring a 2003 Terminal Server for Clients to connect throught the Internet, I need this to be as secure as possible. I have looked at using 2X Application Server with the Web Portal hopefully over SSL if I can get it to work, any suggestions would be appreciated as to how to configure this securely.

My main questions is user Accounts, This is a single server that 5 different organizations will be connecting to with seperate data that each organization needs to keep private from the others. Should I create it as a Domain Controller or just as a stand alone server and use the built in user accounts?

With the DC enviroment I can use Group Policy to restrict access to the server but I don't know that I can do that with the loal user Accounts. Remove the C: drive, Launch only certain applications that type of thing, any suggestions or direction would be appreciated.

Thanks
0
Comment
Question by:hpeet
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21760579
I would highly recommend against making your terminal server a DC.

Preferably the terminal server would be a standalone member-server in its own OU to allow for application of a Terminal server specific Group policy.

Microsoft has some decent documents on this subject, I would suggest you review the document I attached. It goes over most of the basic group policy settings and configuration you may want to apply to lock down a terminal server.
Win2003-Teminal-Server-Lockdown.doc
0
 

Author Comment

by:hpeet
ID: 21760674
Thanks for the Post.

The Problem is this server is truly a Stand alone server there is no existing Domain for it to be a member of, so my options would be to make this server a DC or to use the Local User Accounts.
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21760743
In that case, you can leave it a stand alone server.

It would be more secure as a stand alone server using local accounts as it will run far less services which reduces it attack surface. You could still lock it down in that configuration. However if you need to apply different group policies to different sets of users, the  only solution would be to create a domain at setup user OU's and policies.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now