Re: SCW with Terminal Services Custom Port
- From: "Patrick Rouse" <PatrickRouse@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 18 May 2005 10:05:20 -0700
I am not familiar with the SCW you're referring to, however it sounds like
it's something included in 2003 SP1, yes?
You could deny their account or limit access to specific servers via
security in the Terminal Services Configuration. If they are not a member
of one of the security groups listed with at least guest permissions, they
will NOT be allowed to create a session.
Another option (although rarely used) would be to limit which computers they
can logon to via their user account.
--
Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com
"Parhez Sattar" wrote:
> Patrick,
> Thanks for the wisdom. What we were after is not necessarily increase
> security from hackers/imposters, but the internal users who get curious and
> try to use the Remote Desktop Connection application that now comes with XP.
> These are authorized users on the domain and also by default allowed to go
> onto certain terminal servers, but not all. We were just trying to keep the
> nosey one out by using the custom ports.
>
> I take it from your post that it is not possible to keep the port change
> after applying SCW? Can you validate my conclusion, please? Thanks.
>
> -Parhez
>
>
>
>
>
>
> "Patrick Rouse" <PatrickRouse@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:F60F0B04-14B6-44B6-88C1-D1A48AED05B3@xxxxxxxxxxxxxxxx
> > I've said this before, and I'll say it again. Changing your listening
> > port
> > from 3389 to something else does not make your servers more secure, as
> > anyone
> > with tools (or skills) good enough to crack your system, has the ability
> > to
> > find the listening port.
> >
> > The most exploited TCP Ports are 25 (SMTP) & 80 (HTTP), not RDP, which to
> > recollection has not had an exploited secuity flaw in several years.
> >
> > Require strong passwords and you'll be fine.
> >
> > --
> > Patrick Rouse
> > Microsoft MVP - Terminal Server
> > http://www.workthin.com
> >
> >
> > "Parhez Sattar" wrote:
> >
> >> In my attempts to apply SP1 and then configure the security of our
> >> Terminal
> >> Services server using the Security Configuration Wizard, it appears that
> >> the
> >> SCW is not compatible with customizing the RDP port on the server. We had
> >> changed that port number from 3389 to something else and after running
> >> the
> >> SCW, it seems like the server only accepts RDP connections using 3389.
> >> During the SCW, we did notice that the Network Security section mentioned
> >> that the RDP port was set to 3389 and I couldn't change that. I had just
> >> hoped that the registry key change would still take precedence.
> >> Unfortunately, that doesn't seem to be case.
> >>
> >>
> >> Does anybody know how to use SCW yet keep that custom RDP port on the
> >> Terminal Server?
> >>
> >>
> >>
>
>
>
.
- Follow-Ups:
- Re: SCW with Terminal Services Custom Port
- From: Parhez Sattar
- Re: SCW with Terminal Services Custom Port
- References:
- SCW with Terminal Services Custom Port
- From: Parhez Sattar
- RE: SCW with Terminal Services Custom Port
- From: Patrick Rouse
- Re: SCW with Terminal Services Custom Port
- From: Parhez Sattar
- SCW with Terminal Services Custom Port
- Prev by Date: admin connect to disconnected user session ?
- Next by Date: rdp activex client and xpsp2
- Previous by thread: Re: SCW with Terminal Services Custom Port
- Next by thread: Re: SCW with Terminal Services Custom Port
- Index(es):
Relevant Pages
|
