Terminal Server 2008 Security

Posted on 2009-04-20
Last Modified: 2012-05-06
Terminal Server is a big security risk, although also is a good technology; if you deploy 2008 it looks like it can be made into a web part in WSS 3.0.  The only issue is what are the best methods to secure it without a vpn if there are any?  I've read different deployment scenerios but looking for something that is both economical and wont impair performance.
Question by:Jack_son_
    LVL 19

    Accepted Solution

    Is there a VoIP component to this question?

    As for publishing your Terminal Servers you can use the TS Gateway role.    

    Author Comment

    Sorry, didnt mean to label as VOIP.  Actually would be nice to include it now that you mention it.  

    Is the Gateway role a good security measure?
    LVL 19

    Expert Comment

    It is as good as an SSL-VPN connection.

    Author Comment

    So it is as secure as SSL-VPN?  
    LVL 58

    Assisted Solution


    All communications to Terminal Services via a TS Gateway server take place over the Internet to the TS gateway over an encrypted SSL tunnel. This is as secure as any other form of SSL encryption you will come across, and works in the same way as encrypted websites which handle sensitive information work.

    The connection from the TS Gateway out to the remote Terminal Server endpoint runs on standard Terminal Services, so may not have such strong encryption.

    TS Gateway is a very secure system to implement, and it also makes it more convenient to remotely access any computer/server with Remote Desktop/Terminal Services enabled, without the need to open a good deal of ports through the firewall. You can connect to the TS Gateway and then hop on from there to the destination PC you want to use.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will show how to inventory, catalog, and restore media from legacy versions of Backup Exec into both 2012 and 2014 versions of the software. Select Storage from the tabs along the ribbon bar as the top: Ensure the proper storage devi…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now