troubleshooting Question

Windows Server 2008 R2 and terminal server and security

Avatar of 247computerdoctor
247computerdoctorFlag for United Kingdom of Great Britain and Northern Ireland asked on
Windows Server 2008
9 Comments5 Solutions715 ViewsLast Modified:
hi i hope you are all well.

ok, i am going to build a Win 2008 r2 server. its primary function is to host terminal services for 4 users. mostly they will be using it over a LAN, but they will need to use it over a wan as well. the server is housed in a shared office building and the server and the 4 fixed client pc's are on a  vlan.

it will be set up as follows:

1) No domain, but server will serve dns and dhcp.
2) other network devices are 2 printers and 4 local clients - mix of pcs and laptops and win xp pro 32 bit and win 7 home premium and pro 64 bit
3) All pc's and server on Vlan on switch inside multiple occupancy building
4) Clients will not directly access server or use mapped drives or anything, but will use an rdp login even when on the LAN due to long history of bizarre sage related network problems.
5) users wont really use their actual PC's, all functions being delived by TS (office, email (hosted exchange), IE, web access etc)

the server does not do anything other than TS. i want to lock it down as tight as possible. im relatively new to TS and 2008 R2, so i need advice as to how to shut everything i dont need down to keep the network security tight.

one thing i have considered is running openvpn on the server, and simply disable all other ports from the outside world. then any of the users  who need to connect from the outside world  can use the vpn and then run RDP over it. (they will want to use other pc's that they own in different locations to connect to it occasionally)

so a few questions:

1) is the openvpn idea good? can it be done in a simpler way?
2) out of the box for 2008 R2, what can i disable to lock it down?
3) im considering putting trend micro worry free business v3 security on it - is this a good idea and will it protect the users when they are using their rdp sessions (so when someone uses IE on their RDP session for instance)
4) ive only got one NIC in it - do i need another?

if theres a better way please let me know!
Andrew Oakeley

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 5 Answers and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 5 Answers and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros