Re: Terminal Server User Setup
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Wed, 02 Nov 2005 10:52:17 GMT
Hi Duke,
Thanks for you update! Also thanks for Chad A's put.
Based on my research, you can not control partial users to terminal to TS
if you have published terminal services to internet. The only way is that
as Chad A said, don't publish terminal services to internet and let those
users access the TS server via RWW by adding those users to Remote Web
Workspace Users group. Try to test to see if that can meet your goal.
If you have any question on the issue please let me know. I am happy to be
assistance of you!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Chad A Gross [SBS-MVP]" <chad.gross@xxxxxxxxxxxxxxxxxxxxxxx>
>References: <9322D8C5-2340-4EF7-88DD-AC0E4498C5B3@xxxxxxxxxxxxx>
<PQF2Cwq3FHA.3220@xxxxxxxxxxxxxxxxxxxxx>
<2D3D2AC6-DC78-4AD3-A85F-EC2336E711C4@xxxxxxxxxxxxx>
>Subject: Re: Terminal Server User Setup
>Date: Tue, 1 Nov 2005 12:54:11 -0600
>Lines: 188
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
>X-RFC2646: Format=Flowed; Original
>Message-ID: <#w3JnWx3FHA.2532@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: wsip-68-96-25-219.om.om.cox.net 68.96.25.219
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:166627
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>You can't have users making a direct connection to the TS externally.
>Instead, you'll have to have users access the TS via Remote Web Workplace
-
>then you can restrict which users can access RWW by membership in the
Remote
>Web Workplace Users security group in AD.
>
>--
>
>Chad A. Gross [SBS-MVP]
>SBS ROCKS!
>www.msmvps.com/cgross
>
>"Duke" <Duke@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>news:2D3D2AC6-DC78-4AD3-A85F-EC2336E711C4@xxxxxxxxxxxxxxxx
>> Thanks Jenny for your Reply,
>>
>> I already setup the Terminal Server and all users can connect to TS
>> through
>> LAN as well as Internet. I want all users to connect to TS through LAN
but
>> some of them through the Internet. How do I make these restrictions.
>>
>>
>>
>> ""Jenny wu [MSFT]"" wrote:
>>
>>> Hi Duke,
>>>
>>> Thanks for posting here!
>>>
>>> For your description, I understand that you want to grant some users
>>> access
>>> the terminal server permissions in LAN but not from internet. If I am
off
>>> base, please don't hesitate to let me know.
>>>
>>> If you don't want to all users access the terminal server from
internet,
>>> I
>>> suggest that you don't publish terminal service to internet. By default
>>> Terminal Server and Terminal Services uses TCP port 3389 for client
>>> connections. Please check if port 3389 is opened on the software or
>>> hardware firewall/ router. Additionally please check if you have
>>> published
>>> VPN to internet. If that, users can logon to domain through VPN and then
>>> act as a local client computer RDP to the terminal server. To publish
VPN
>>> to internet, the port 1723 must be opened on the software or hardware
>>> firewall/ router and the router must support GRE Protocol 47.
>>>
>>> In SBS environment, it is very convenient to publish these services to
>>> internet though CEICW wizard. You can refer to KB 825763 to get detail
>>> information:
>>>
>>> 825763 How to configure Internet access in Windows Small Business Server
>>> 2003
>>> http://support.microsoft.com/?id=825763
>>>
>>> If you have not published terminal service and VPN to internet and users
>>> don't belong to Remote Web Workspace group members, the terminal server
>>> can
>>> only be accessed from LAN. And the users must have the following
>>> permissions.
>>>
>>> To let the user logon to the terminal server through terminal service,
at
>>> least a user must have the following permissions
>>>
>>> I. Allow logon through Terminal Services.
>>>
>>> To grant a user this permission, open the default ''Domain Controller
>>> Security Policy'' from Group Policy Management and then navigate to the
>>> following location:
>>>
>>> Computer Configuration\Windows Settings\Security Settings\Local
>>> Policies\User Rights Assignment\Allow logon through Terminal Services
>>>
>>> Add your specified user in it and define this policy
>>>
>>> II. Allow logon to Terminal Server
>>>
>>> To grant a user these permissions, start either the Active Directory
>>> Users
>>> and Computers snap-in or the Local Users And Groups snap-in, open the
>>> user''s properties, click the Terminal Services Profile tab, and then
>>> click
>>> to select the Allow logon to Terminal Server check box.
>>>
>>> III. Guest Access: Logon to the RDP-TCP connection
>>>
>>> To grant guests Logon rights to the RDP-TCP connection, start the
>>> ''Terminal Services Configuration'' snap-in, open the RDP-TCP properties
>>> page. In the permission tab, add your specified users, and grant
>>> appropriate missions, so that the user has at least Logon rights.
>>>
>>> IV. Please confirm that users are not in the ''Deny logon through
>>> Terminal
>>> Services'' group policy.
>>>
>>> The ''Deny logon through Terminal Services'' is in the same location as
>>> ''allow logon through Terminal Services'' Please confirm the users need
>>> to
>>> access server remotely are not defined in the policy.
>>>
>>> For the detailed information, you could refer to the following KB
>>> article.
>>>
>>> 278433 Accessing Terminal Services Using New User Rights Options
>>> http://support.microsoft.com/?id=278433
>>>
>>> 841188 "The local policy of this system does not permit you to logon
>>> http://support.microsoft.com/?id=841188
>>>
>>> Hope above information helps! If you have any further concern on the
>>> issue
>>> please feel free to let me know. I am happy to be assistance of you and
>>> look forward to your reply!
>>>
>>> Have a nice day!
>>>
>>> Sincerely,
>>>
>>> Jenny Wu
>>> Microsoft CSS Online Newsgroup Support
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>> regarding other Microsoft products, you'd better post in the
>>> corresponding
>>> newsgroups so that they can be resolved in an efficient and timely
>>> manner.
>>> You can locate the newsgroup here:
>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>
>>> When opening a new thread via the web interface, we recommend you check
>>> the
>>> "Notify me of replies" box to receive e-mail notifications when there
are
>>> any updates in your thread. When responding to posts via your
newsreader,
>>> please "Reply to Group" so that others may learn and benefit from your
>>> issue.
>>>
>>> Microsoft engineers can only focus on one issue per thread. Although we
>>> provide other information for your reference, we recommend you post
>>> different incidents in different threads to keep the thread clean. In
>>> doing
>>> so, it will ensure your issues are resolved in a timely manner.
>>>
>>> For urgent issues, you may want to contact Microsoft CSS directly.
Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> Any input or comments in this thread are highly appreciated.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> --------------------
>>> >Thread-Topic: Terminal Server User Setup
>>> >thread-index: AcXeCGzNt0Um0bvRQOCkPlEUXxwCcg==
>>> >X-WBNR-Posting-Host: 210.49.155.115
>>> >From: "=?Utf-8?B?RHVrZQ==?=" <Duke@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>> >Subject: Terminal Server User Setup
>>> >Date: Mon, 31 Oct 2005 02:47:01 -0800
>>> >Lines: 8
>>> >Message-ID: <9322D8C5-2340-4EF7-88DD-AC0E4498C5B3@xxxxxxxxxxxxx>
>>> >MIME-Version: 1.0
>>> >Content-Type: text/plain;
>>> > charset="Utf-8"
>>> >Content-Transfer-Encoding: 7bit
>>> >X-Newsreader: Microsoft CDO for Windows 2000
>>> >Content-Class: urn:content-classes:message
>>> >Importance: normal
>>> >Priority: normal
>>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>> >Newsgroups: microsoft.public.windows.server.sbs
>>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:166170
>>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
>>> >
>>> >I have Sever 2003 STD that I setup as Terminal Server it is connected
to
>>> >a
>>> >SBS 2003. Can I setup user who can access the terminal server in the
>>> office
>>> >through network but not from outsite (From home through Internet).
>>> >I made sure that the user is not a member of the Remote Web Workplace
>>> >Users security group in AD. But it did not work any idea anyone.
>>> >
>>> >
>>> >
>>> >
>>>
>>>
>
>
>
.
- Follow-Ups:
- Re: Terminal Server User Setup
- From: Duke
- Re: Terminal Server User Setup
- References:
- RE: Terminal Server User Setup
- From: "Jenny wu [MSFT]"
- RE: Terminal Server User Setup
- Prev by Date: Re: Modem Sharing SBS 2003
- Next by Date: SBS2003 server
- Previous by thread: RE: Terminal Server User Setup
- Next by thread: Re: Terminal Server User Setup
- Index(es):
Relevant Pages
|
