?
Solved

Configuring Terminal Server for Remote User Access

Posted on 2008-06-11
3
Medium Priority
?
304 Views
Last Modified: 2011-10-19
Hi:

I am configuring a 2003 Terminal Server for Clients to connect throught the Internet, I need this to be as secure as possible. I have looked at using 2X Application Server with the Web Portal hopefully over SSL if I can get it to work, any suggestions would be appreciated as to how to configure this securely.

My main questions is user Accounts, This is a single server that 5 different organizations will be connecting to with seperate data that each organization needs to keep private from the others. Should I create it as a Domain Controller or just as a stand alone server and use the built in user accounts?

With the DC enviroment I can use Group Policy to restrict access to the server but I don't know that I can do that with the loal user Accounts. Remove the C: drive, Launch only certain applications that type of thing, any suggestions or direction would be appreciated.

Thanks
0
Comment
Question by:hpeet
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 1500 total points
ID: 21760579
I would highly recommend against making your terminal server a DC.

Preferably the terminal server would be a standalone member-server in its own OU to allow for application of a Terminal server specific Group policy.

Microsoft has some decent documents on this subject, I would suggest you review the document I attached. It goes over most of the basic group policy settings and configuration you may want to apply to lock down a terminal server.
Win2003-Teminal-Server-Lockdown.doc
0
 

Author Comment

by:hpeet
ID: 21760674
Thanks for the Post.

The Problem is this server is truly a Stand alone server there is no existing Domain for it to be a member of, so my options would be to make this server a DC or to use the Local User Accounts.
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21760743
In that case, you can leave it a stand alone server.

It would be more secure as a stand alone server using local accounts as it will run far less services which reduces it attack surface. You could still lock it down in that configuration. However if you need to apply different group policies to different sets of users, the  only solution would be to create a domain at setup user OU's and policies.
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Suggested Courses
Course of the Month5 days, 5 hours left to enroll

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question