Re: SBS2003 - Terminal Server - RWW too many steps

Cary Shultz wrote:
KJ,

in-line....


<snip>

1 requires you to modify the listening port and add a redirect plus
breaks RWW (note that internal users will also need to use the
alternate port)

So, as I expected, this would be a poor solution and would paint us
in a corner for things later down the road. I would not be
interested in that solution.


2 requires the same port redirect, does not require a listening port
mod and doesn't break RWW.

This sounds like the better solution as it does not break RWW. Which, to
the user base, is irrelevant. But, I do not want to remove
that as an option for things down the road. It is the guys in Sales
that have the problem with RWW. The "office guys" have no problem
with it....

Better, but imo, short of "good".


Both have the same problem with RDP exposed. If you do so, make sure
passwords are strong, changed often and you should be using the
newest RDP clients with policies to require them.

You are kidding, right! This client has not changed password in five
years and will not entertain that thought. Additionally, the
passwords are about as weak as you can expect....and there is little
to no chance of that changing, either.

They are the client and it is their data. If you can scare the bejebas out
of them should it be (when it will be) compromised by hackers or
competitiors (ok, I like to use that to scare the sales and marketing types.
it rarely happens in sbs land) you might get the owners to implement a
decent security policy. Otherwise, hit them with all the scarey things and
ask them to sign acknowledgements of bad and unsafe security practices.


I know for a fact that they all have the latest version of the RDP
client because I just had all 16 of the laptops in my hands on Friday.

As to a 'computer use policy' - we have been trying to get them to
implement one for the year that we have been managing them but that
is falling on deaf ears. But, with them that is not a surprise.
Unfortunately. I think, though, that we might be getting closer to
that. Ultimately, all we can do is consult and let them tell us what
they want to do. And then implement safegaurds to mitigate the
potential iss side-effects of their decisions!

Risk is a scary thing if it's in your face all the time. Make it so. But it
should be their risk not yours.
Maybe start giving them a monthly report of failed RDP logins. Ought to get
them thinking.



<snip>



--
/kj


.

Relevant Pages

  • Re: SBS2003 - Terminal Server - RWW too many steps
    ... breaks RWW (note that internal users will also need to use the ... This sounds like the better solution as it does not break RWW. ... passwords are about as weak as you can expect....and there is little ... They are the client and it is their data. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 - Terminal Server - RWW too many steps
    ... I would like to avoid this for them as spending money on IT is not ... We know when there are problems before the client does. ... This sounds like the better solution as it does not break RWW. ... passwords are about as weak as you can expect....and there is little ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 - Terminal Server - RWW too many steps
    ... requires you to modify the listening port and add a redirect plus ... This sounds like the better solution as it does not break RWW. ... passwords are about as weak as you can expect....and there is little ... They are the client and it is their data. ...
    (microsoft.public.windows.server.sbs)
Loading