Solved

W2K3 Terminal Server

Posted on 2009-05-17
10
300 Views
Last Modified: 2013-11-21
Hello, I may be on the wrong track on this one but any help would be greatly appreciated. I basically want to deliver a standard desktop including a few MS apps, Office, IE, etc to 10 - 15 Client workstations. I'm looking to use thin client workstations and connect to a muscular terminal server. Am I able to do so or should I abandon the idea? I am also concerned about standard domain users using a Remote Desktop session to a server and any implications that may have. Funds are limited so it's this or nothing. Any advice and setup tips? Been through the Microsoft whitepapers and followed them as much as possible.

So, My question(s) is, Can it be done? Can I have 10 or 15 users using this as their primary method of access? Is it secure? Any step by step guides from server side setup through to client side considerations? Was terminal server designed for this type of use?

Many Thanks, Aelara.
0
Comment
Question by:Aelara
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 4

Expert Comment

by:jschweg
ID: 24408439
You are most certainly able to do so, what you are describing is exactly what Terminal Services is meant and designed to do.

Probably the most important factor in the success of your project is hardware. Obviously you need enough hardware (processing power and memory), to accomodate your user sessions. Do you have hardware specs on the box you will be using?

I also assume that this server will be dedicated to TS? A big mistake is to run TS on a server that already has other important functions in your domain.


0
 
LVL 4

Expert Comment

by:jschweg
ID: 24408461
Concerning your thoughts on security, TS is a very secure environment assuming it is managed well. Everything you would normally address on and end user machine, you would address on a Terminal Server in a similar manner.

Ensure that MS security patches are kept up to date

That you have an AV solution in place (most AV solutions usually have either special versions, or special install instructions for TS)

That none of the users are logging in with any sort of administrative permissions and all have restricted user accounts

That you run the terminal server in full security mode (rather than relaxed security mode), assuming you don't have any legacy applications that need it

That the HOST machines they are using to connect to the terminal server are secure and locked down in the same manner. No sense going through all of this trouble if your network is infected by an insecure host machine
0
 
LVL 4

Expert Comment

by:jschweg
ID: 24408469
Not sure if you saw this one already, but this is an excellent white paper:

http://www.microsoft.com/downloads/thankyou.aspx?familyId=402a0cd1-9e4d-4007-8eaf-c30623e71250&displayLang=en
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 

Author Comment

by:Aelara
ID: 24409800
Thanks for the info ishweq, I'll look at the whitepaper later today. Once Terminal server has been added as a role and security implemented, do I just install the Apps I would like users to have access to? Do I need to create a profile?

Thanks Aelara
0
 

Author Comment

by:Aelara
ID: 24410911
Hello again, It's all up and running and test use so far looks good. I am working through the lock down whitepaper to ensure max security. If working at full potential, what are the limitations of TS compared to citrix?

Thanks Aelara.
0
 
LVL 4

Expert Comment

by:jschweg
ID: 24414821
For what you are doing, terminal server should be perfect. I wouldn't see any need to incur extra costs for Citrix. Here is a blog entry that pretty much sums it up:

http://www.brianmadden.com/blogs/brianmadden/archive/2005/09/20/do-you-need-citrix-or-is-terminal-server-enough.aspx




0
 

Author Comment

by:Aelara
ID: 24420799
Thank you, One last question, Can i white list access to the terminal server by IP address? Although I can specify users, groups and computers within AD we are using HP thin client stations which do not register/appear as AD objects. Hence I need to specify that only a bank of IP addresses will be able to establish a remote session with the terminal server. All other connections will be refused. Can it be done?

Thanks, Aelara.
0
 
LVL 4

Expert Comment

by:jschweg
ID: 24421746
There isn't any way to do this in direct relation to Terminal Server, however you can filter the ip addresses on your firewall to only allow the hosts you want to allow (You would filter on port 3389).

If you don't have a firewall in place that you can make these changes, you can use the Windows Firewall in Control Panel to do your ip level filtering there.
0
 
LVL 4

Accepted Solution

by:
jschweg earned 500 total points
ID: 24421785
Probably a better option than using the windows firewall is to just create an IP Security policy for the network connection:

http://support.microsoft.com/kb/816521


0
 
LVL 2

Expert Comment

by:Serio27
ID: 24422023

In regards to installing apps...  I would recommend that you make sure no one else is logged in to the server when you install apps.

The command "change logon" will help keep everyone off the server while you are installing apps. It will also keep you from logging back on to the server if you are disconnected. So, use with caution.

Once done, you can use the add new programs option from add/remove programs or use the command "change user" from the command prompt.

Either way, I would get familiar with both of these commands to install apps on the server.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question