Solved

Configuring Terminal Server for Remote User Access

Posted on 2008-06-11
3
233 Views
Last Modified: 2011-10-19
Hi:

I am configuring a 2003 Terminal Server for Clients to connect throught the Internet, I need this to be as secure as possible. I have looked at using 2X Application Server with the Web Portal hopefully over SSL if I can get it to work, any suggestions would be appreciated as to how to configure this securely.

My main questions is user Accounts, This is a single server that 5 different organizations will be connecting to with seperate data that each organization needs to keep private from the others. Should I create it as a Domain Controller or just as a stand alone server and use the built in user accounts?

With the DC enviroment I can use Group Policy to restrict access to the server but I don't know that I can do that with the loal user Accounts. Remove the C: drive, Launch only certain applications that type of thing, any suggestions or direction would be appreciated.

Thanks
0
Comment
Question by:hpeet
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21760579
I would highly recommend against making your terminal server a DC.

Preferably the terminal server would be a standalone member-server in its own OU to allow for application of a Terminal server specific Group policy.

Microsoft has some decent documents on this subject, I would suggest you review the document I attached. It goes over most of the basic group policy settings and configuration you may want to apply to lock down a terminal server.
Win2003-Teminal-Server-Lockdown.doc
0
 

Author Comment

by:hpeet
ID: 21760674
Thanks for the Post.

The Problem is this server is truly a Stand alone server there is no existing Domain for it to be a member of, so my options would be to make this server a DC or to use the Local User Accounts.
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21760743
In that case, you can leave it a stand alone server.

It would be more secure as a stand alone server using local accounts as it will run far less services which reduces it attack surface. You could still lock it down in that configuration. However if you need to apply different group policies to different sets of users, the  only solution would be to create a domain at setup user OU's and policies.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now