Re: SCW with Terminal Services Custom Port
- From: "Parhez Sattar" <pxs01@xxxxxxx>
- Date: Wed, 18 May 2005 14:08:35 -0700
SCW - Security Configuration Wizard, part of SP1. Thanks for your help.
-Parhez
"Patrick Rouse" <PatrickRouse@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE1A6293-07EE-43D7-A123-A6A8D50E7E3C@xxxxxxxxxxxxxxxx
>I am not familiar with the SCW you're referring to, however it sounds like
> it's something included in 2003 SP1, yes?
>
> You could deny their account or limit access to specific servers via
> security in the Terminal Services Configuration. If they are not a
> member
> of one of the security groups listed with at least guest permissions, they
> will NOT be allowed to create a session.
>
> Another option (although rarely used) would be to limit which computers
> they
> can logon to via their user account.
>
> --
> Patrick Rouse
> Microsoft MVP - Terminal Server
> http://www.workthin.com
>
>
> "Parhez Sattar" wrote:
>
>> Patrick,
>> Thanks for the wisdom. What we were after is not necessarily increase
>> security from hackers/imposters, but the internal users who get curious
>> and
>> try to use the Remote Desktop Connection application that now comes with
>> XP.
>> These are authorized users on the domain and also by default allowed to
>> go
>> onto certain terminal servers, but not all. We were just trying to keep
>> the
>> nosey one out by using the custom ports.
>>
>> I take it from your post that it is not possible to keep the port change
>> after applying SCW? Can you validate my conclusion, please? Thanks.
>>
>> -Parhez
>>
>>
>>
>>
>>
>>
>> "Patrick Rouse" <PatrickRouse@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:F60F0B04-14B6-44B6-88C1-D1A48AED05B3@xxxxxxxxxxxxxxxx
>> > I've said this before, and I'll say it again. Changing your listening
>> > port
>> > from 3389 to something else does not make your servers more secure, as
>> > anyone
>> > with tools (or skills) good enough to crack your system, has the
>> > ability
>> > to
>> > find the listening port.
>> >
>> > The most exploited TCP Ports are 25 (SMTP) & 80 (HTTP), not RDP, which
>> > to
>> > recollection has not had an exploited secuity flaw in several years.
>> >
>> > Require strong passwords and you'll be fine.
>> >
>> > --
>> > Patrick Rouse
>> > Microsoft MVP - Terminal Server
>> > http://www.workthin.com
>> >
>> >
>> > "Parhez Sattar" wrote:
>> >
>> >> In my attempts to apply SP1 and then configure the security of our
>> >> Terminal
>> >> Services server using the Security Configuration Wizard, it appears
>> >> that
>> >> the
>> >> SCW is not compatible with customizing the RDP port on the server. We
>> >> had
>> >> changed that port number from 3389 to something else and after running
>> >> the
>> >> SCW, it seems like the server only accepts RDP connections using 3389.
>> >> During the SCW, we did notice that the Network Security section
>> >> mentioned
>> >> that the RDP port was set to 3389 and I couldn't change that. I had
>> >> just
>> >> hoped that the registry key change would still take precedence.
>> >> Unfortunately, that doesn't seem to be case.
>> >>
>> >>
>> >> Does anybody know how to use SCW yet keep that custom RDP port on the
>> >> Terminal Server?
>> >>
>> >>
>> >>
>>
>>
>>
.
- References:
- SCW with Terminal Services Custom Port
- From: Parhez Sattar
- RE: SCW with Terminal Services Custom Port
- From: Patrick Rouse
- Re: SCW with Terminal Services Custom Port
- From: Parhez Sattar
- Re: SCW with Terminal Services Custom Port
- From: Patrick Rouse
- SCW with Terminal Services Custom Port
- Prev by Date: Re: Log on Interactively
- Next by Date: Re: "error in licensing protocol" message
- Previous by thread: Re: SCW with Terminal Services Custom Port
- Next by thread: No Domain Option on Login Window
- Index(es):
Relevant Pages
|
