Solved

Configuring Terminal Server for Remote User Access

Posted on 2008-06-11
3
259 Views
Last Modified: 2011-10-19
Hi:

I am configuring a 2003 Terminal Server for Clients to connect throught the Internet, I need this to be as secure as possible. I have looked at using 2X Application Server with the Web Portal hopefully over SSL if I can get it to work, any suggestions would be appreciated as to how to configure this securely.

My main questions is user Accounts, This is a single server that 5 different organizations will be connecting to with seperate data that each organization needs to keep private from the others. Should I create it as a Domain Controller or just as a stand alone server and use the built in user accounts?

With the DC enviroment I can use Group Policy to restrict access to the server but I don't know that I can do that with the loal user Accounts. Remove the C: drive, Launch only certain applications that type of thing, any suggestions or direction would be appreciated.

Thanks
0
Comment
Question by:hpeet
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 500 total points
ID: 21760579
I would highly recommend against making your terminal server a DC.

Preferably the terminal server would be a standalone member-server in its own OU to allow for application of a Terminal server specific Group policy.

Microsoft has some decent documents on this subject, I would suggest you review the document I attached. It goes over most of the basic group policy settings and configuration you may want to apply to lock down a terminal server.
Win2003-Teminal-Server-Lockdown.doc
0
 

Author Comment

by:hpeet
ID: 21760674
Thanks for the Post.

The Problem is this server is truly a Stand alone server there is no existing Domain for it to be a member of, so my options would be to make this server a DC or to use the Local User Accounts.
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21760743
In that case, you can leave it a stand alone server.

It would be more secure as a stand alone server using local accounts as it will run far less services which reduces it attack surface. You could still lock it down in that configuration. However if you need to apply different group policies to different sets of users, the  only solution would be to create a domain at setup user OU's and policies.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question