[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Configuring Terminal Server for Remote User Access

Posted on 2008-06-11
3
Medium Priority
?
301 Views
Last Modified: 2011-10-19
Hi:

I am configuring a 2003 Terminal Server for Clients to connect throught the Internet, I need this to be as secure as possible. I have looked at using 2X Application Server with the Web Portal hopefully over SSL if I can get it to work, any suggestions would be appreciated as to how to configure this securely.

My main questions is user Accounts, This is a single server that 5 different organizations will be connecting to with seperate data that each organization needs to keep private from the others. Should I create it as a Domain Controller or just as a stand alone server and use the built in user accounts?

With the DC enviroment I can use Group Policy to restrict access to the server but I don't know that I can do that with the loal user Accounts. Remove the C: drive, Launch only certain applications that type of thing, any suggestions or direction would be appreciated.

Thanks
0
Comment
Question by:hpeet
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 1500 total points
ID: 21760579
I would highly recommend against making your terminal server a DC.

Preferably the terminal server would be a standalone member-server in its own OU to allow for application of a Terminal server specific Group policy.

Microsoft has some decent documents on this subject, I would suggest you review the document I attached. It goes over most of the basic group policy settings and configuration you may want to apply to lock down a terminal server.
Win2003-Teminal-Server-Lockdown.doc
0
 

Author Comment

by:hpeet
ID: 21760674
Thanks for the Post.

The Problem is this server is truly a Stand alone server there is no existing Domain for it to be a member of, so my options would be to make this server a DC or to use the Local User Accounts.
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21760743
In that case, you can leave it a stand alone server.

It would be more secure as a stand alone server using local accounts as it will run far less services which reduces it attack surface. You could still lock it down in that configuration. However if you need to apply different group policies to different sets of users, the  only solution would be to create a domain at setup user OU's and policies.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question