Re: SBS 2003 and TS-App Mode
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 10/14/04
- Next message: rpaverd: "RE: Add users to PCs"
- Previous message: Reiper: "Automatic Updates"
- In reply to: Tim: "Re: SBS 2003 and TS-App Mode"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: SBS 2003 and TS-App Mode"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: SBS 2003 and TS-App Mode"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 14 Oct 2004 12:49:07 -0700
Yes indeed it was a flame because I'm tired of people thinking this is a
marketing decision. It was a security decision, Tim. It's not secure.
Having TS in app mode on your DC is like using your server as a
workstation. I think most folks would say that's not too wise and yet
we did TS in app mode on our SBS 2000 boxes. The security sitation has
changed Tim, we cannot do the things we used to do.
Security Res kit page 394 if I remember right lists how to protect a TS
server... we cannot do those steps.
www.techsoup.org
You can get software for WAY much less than a normal business.
I volunteer at a "not for profit" where the CEO makes ten times what I
make. SOME not for profits make do with have...some have CEO's that
suck the income out of them.
You cannot make TS in app mode safe enough on a domain controller in
today's insecure world.
Tim wrote:
> Well Susan, I'd call yourt meassage a flame and I don't know why I'm replying
> but you need a little education. Non Profits make do with what is at hand,
> that includes Windows 98 and Group Policies. There is only so much money in
> our IT budget that we have to be very frugal on all aspects. There is risk
> just getting out of bed in the morning. There is never enough money to spend
> on IT and sometimes you have to make decisions. My user base is secure. My
> implentation of Group Policies is very restrictive. My employer knows the
> decisions, risks and benefits of these practices and I'm not fired, I'm
> commened for finding a balance and working within our boundries. The choice
> for a deciated TS is not possible, there is no money. I resent MS disabling
> this feature because they don't think we should do it. That's intrusive and
> most likely made by marketing for obvious reasons.
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
>
>
>>We asked Microsoft to make their OS more secure and now you want
>>insecurity back.
>>
>>Boy if you were my IT pro I'd fire you on the spot for a security
>>analysis like this.
>>
>>WE CANNOT PROTECT OUR DOMAIN CONTROLLER WHEN IT'S BEING USED AS A
>>WORKSTATION and that's EXACTLY what TS in app mode does.
>>
>>You heard of Remote Desktop dude? How about putting on a Virtual Server
>>and sticking another copy of Win2k3 for TS on that.
>>
>>You could have another Win2k3 as the TS server and support your remote
>>users but instead you are going to make your Domain controller insecure.
>>
>>Yeah and that's Microsoft's fault.
>>
>>We asked them to be more secure. THEY stepped up to the plate.
>>
>>Now you are asking for insecurity back.
>>
>>Way to go dude. Just remind me to not have my business use your
>>insecure business since you obviously don't care about security.
>>
>>Probably run Windows 98's as well don't you?
>>
>>Tim wrote:
>>
>>>I just found out MS disabled this. There are many things that are
>>>questionable practices that we adminstartors do and not do. It is our right
>>>to have that flexibility. The decison to disable Application Mode in TS 2003
>>>is heavy handed and completely unhelpful. They cannot tell me the two users
>>>I need to have access my TS are so dangerous that MS needs to protect me from
>>>myself. This is unfortunate and completely the wrong.
>>>
>>>I've returned this OS to the OEM. We had to make the big decsion to forgo
>>>the bundled SBS features and instead, support our remote users. The remote
>>>users are more important. Once again, decsions we make to make our business
>>>stronger and competative. Does Microsoft want to control my internal
>>>operations too? NO THANK YOU!
>>
>>--
>>http://www.sbslinks.com/really.htm
>>http://www.msmvps.com/bradley
>>http://www.threatcode.com
>>[let's get vendors to step up to the plate too]
>>https://www.ecora.com/ecora/jump/pm99.asp
>>
>>
-- http://www.sbslinks.com/really.htm http://www.msmvps.com/bradley http://www.threatcode.com [let's get vendors to step up to the plate too] https://www.ecora.com/ecora/jump/pm99.asp
- Next message: rpaverd: "RE: Add users to PCs"
- Previous message: Reiper: "Automatic Updates"
- In reply to: Tim: "Re: SBS 2003 and TS-App Mode"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: SBS 2003 and TS-App Mode"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: SBS 2003 and TS-App Mode"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
