RE: Terminal Services Connectivity

Sure. TS absolutely can be run securely thru a firewall. All you need to do
is open TCP Port 3389 on the firewall's WAN Port to the Private IP Address of
the TS.

You can find planning, installation and administrative info here:

http://www.workthin.com/tshta.htm

A couple of thisng to do that are'nt mentioned in any MSFT planning papers:

1. Make sure to uninstall the Enhanced INternet Security Configuration
"BEFORE" allowing users to logon.

2. Set the default IE Home Page to something other than the default
Enhanced Internet Security Config Page.

3. Set the Temporary INternet Files size to something small, i.e. 4-5 MB.

3. Customize a non-admin account's desktop settings with the above
settings, then save it over the Default User Profile, so any new user
profiles will inherit these settings.

4. Lock down the file system "BEFORE" installing any end-user software,
i.e. Authenticated Users whould only have Read & Execute Permissions to the
root of the hard drive and the Program Files Directories. Administrators and
System should have full control of these directories. I usually remove
everyone and power users from these ACLs.

5. DO NOT INSTALL TS ON A DOMAIN CONTROLLER, unless this is the only server
in the office, and there is zero budget for anything else, i.e. an office of
less than 10 employees.

If you do these steps before installing any software (other than TS) and
before any user profiles are created, you'll avoid the most common problems
people have


--
Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com


"Alboni" wrote:

> Could anyone point me in the direction to a good article on setting up
> Terminal Services in Windows 2003 Server. Can I do it without using a VPN in
> a secure manner through a firewall?
> Thank you.
> Al
.

Relevant Pages

  • Re: XP-Home --Workgroup
    ... Check firewall settings. ... network - useful if attaching a machine with questionable integrity. ... changed but it's very likely installing the OneCare firewall changed things ...
    (microsoft.public.windowsxp.accessibility)
  • Re: ZA Conceptual Question
    ... > There is plenty you can do with the firewall settings. ... > Program controls will not by themselves control traffic to a server ... > port 80 for example you would have to use the firewall controls to ...
    (comp.security.firewalls)
  • Re: ZA Conceptual Question
    ... I set the internet zone firewall to high, ... ZA leaves it to program controls in either case. ... > There is plenty you can do with the firewall settings. ... > port 80 for example you would have to use the firewall controls to ...
    (comp.security.firewalls)
  • Re: Turning off Windows Firewall
    ... Firewall settings in Group Policy Editor are in: ... Administrator action. ... The Resultant Set of Policies feature in the Group Policy Management Console ...
    (microsoft.public.windowsxp.security_admin)
  • Re: The Problems of TeX
    ... the TeXShop documentation explains that changing the default ... settings is something that people /ought/ to be doing. ... ISTR that's not the case with MacTeX 2007, ... I have is a recipe for installing MacTeX which appears to give me what I ...
    (comp.text.tex)