![]()
You can configure the properties of the terminal server’s RDP-TCP connection to provide better protection. You can then assign terminal services permissions to users and groups to control how they are able to access the terminal server. #Windows terminal server install#If you want regular users to access the terminal server to run applications (a “thin client” solution), then you must install terminal services in application server mode. Such users will be able to make configuration changes to the terminal server, so it’s absolutely imperative that you start your security plan by ensuring that administrative rights are not given to users who should not have them. In administrative mode, only users with administrative accounts can access the terminal server and only two such connections are allowed simultaneously. #Windows terminal server windows#In this article, we will focus on Windows 2000 terminal services, with some references to Server 2003 and Windows XP/2003’s Remote Desktop service.Ī Windows 2000 terminal server can be installed in one of two modes: administrative or application server. There are some major differences between Windows 2000 and Windows Server 2003 when it comes to terminal services. What if you do want to make a system available for remote access through terminal services/Remote Desktop? What can you do to secure that system as much as possible? In the next sections, we will show you some ways. Under Remote Desktop, make sure the Allow users to connect remotely to this computer checkbox is unchecked.Click Start | Control Panel and select the System applet. #Windows terminal server pro#To disable or enable the Remote Desktop service on a Windows XP Pro or Windows Server 2003 computer, perform the following steps: #Windows terminal server software#The client software does not present a security risk. The latter is included on XP Home and Windows 2000 Pro and can be installed on Windows 9x and NT computers and some third party operating systems, as well. NOTE: It’s important to distinguish between the Remote Desktop Service and the Remote Desktop Connection client software. It’s still a good idea to check, especially if you were not the one who installed the operating system, to make sure these services are not enabled on machines that don’t need them. The Remote Desktop feature is installed on Windows XP Pro and Windows Server 2003, but is disabled by default (Windows XP Home and Windows 2000 Pro do not include the Remote Desktop service). On Windows 2000 Server and Server 2003, TS is not installed by default. ![]() #Windows terminal server professional#This includes Remote Desktop on Windows XP Professional computers. How, then, can you take advantage of the convenience of Windows Terminal Services and still protect your systems? First, make sure that terminal services is not installed (or enabled) on systems if you don’t want those systems to be accessed remotely. Securing Terminal Services Communications An RDP-TCP connection is configured for the terminal server’s network adapter, to allow users to connect. Every additional port that is opened exposes the network to the possibility of exploit. Using terminal services across the Internet will require that you open port 3389, used by the Remote Desktop Protocol (RDP), on your firewall. For example, SecuriTeam describes a vulnerability that can cause Group Policy to not be applied to terminal users if the number of user licenses installed is less than the number of current connections. Security vulnerabilities specifically related to Windows 2000 Terminal Services have also been reported. Your terminal server is vulnerable to the same exploits that can be used against any Windows server, so it is important first to ensure that all current security updates and patches have been applied. Because Terminal Services is used in administrative mode in Windows 2000 (and Remote Desktop is used in Windows Server 2003) to allow administrators to perform such tasks as creating user accounts and setting permissions, changing system configurations, and other highly sensitive tasks, it is logical to question the security of a terminal services session. Any feature or technology that provides a new way for authorized users to access a system remotely will also present a potential way for unauthorized users to gain access. ![]() Check out, a new resource for Windows Terminal Services and Citrix focusing on all aspects of server based computing and thin client computing.īut what about security? What are the security issues involved in using terminal services/remote desktop? Is it safe to use this type of remote connection to work on confidential or sensitive data? In this article, we will take a look at Windows Terminal Services/Remote Desktop security and the steps you can take to make your terminal server and terminal sessions more secure.Īccess and security are always at odds in the networking world. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |