Re: TS running on a DC

Hello Jeff,

Yes, I realize the risks, we are a very small company and the users that are
accessing the computer are all very high level users, all of them are capable
network admins. However none of us are very familiar with TS and figured we
could get a quick answer in the user community forum. In the past on W2K we
just used remonte admin mode as that allowed us to login either as
administrator or ourselves. The only problem then is that we had a two user
limit.

I do appreciate you preaching to the choir, but is there an easy way to
accomplish what I am doing or not? Otherwise I will keep digging.

Thanks,

Don Coors

"Jeff Pitsch" wrote:

> First off, really really bad idea that you put TS on a DC.
>
> Second, the remote desktop user group (assuming this is windows 2003) is a
> local group. DC's do not have local groups hence no group. you must
> manually give a group/users rights to the log on through terminal services
> user right.
>
> Third, did I mention what a bad idea it is to allow users access to a domain
> controller? Virus's, worms, spyware, etc on a DC.
>
> Jeff Pitsch
> http://www.sbcgatekeeper.com
> Your Terminal Services Security Website
>
> "coorsd" <coorsd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:8201D34D-7FFC-4821-84DE-831A6898A125@xxxxxxxxxxxxxxxx
> > Hi,
> >
> > We have a group of about six admin type staff and 5 servers. I have put
> > TS
> > onto our first DC and got the per device licenses installed. I then took
> > our
> > other servers and pointed them to our TS server. From there our admin
> > people
> > were able to log into our servers with the admin username and password
> > only.
> > Additionally only one person at a time could login to any individual
> > server.
> > I have read where there is supposed to be a remote desktop security
> > setting.
> > This is absent from our server. How do I set it so my admin users can
> > login
> > using both the admin username as well as their own local user account?
> > Additionally how can I set it so that more than one person can be logged
> > into
> > a server at a time.
> >
> > Thanks,
> >
> > Don
>
>
>
.

Relevant Pages

  • Re: getting me ducks in a row - concepts
    ... Don't create local login accounts for users, ... >> admin types know the local administrator credentials on all PCs. ... You don't load QB on the server - the registry keys or files/folders would ...
    (microsoft.public.windows.server.sbs)
  • Re: Failed login attempts, anything else I can do?
    ... are the usual attemps at trying to login with various usernames (local, ... the server. ... I am wondering if there is anything else I can do to secure the ... I have changed the admin name, ...
    (microsoft.public.windows.server.sbs)
  • Re: Failed login attempts, anything else I can do?
    ... are the usual attemps at trying to login with various usernames (local, ... the server. ... I am wondering if there is anything else I can do to secure the ... I have changed the admin name, ...
    (microsoft.public.windows.server.sbs)
  • RE: Linked server issue
    ... SQL Server logins to the Admin account of the Access database. ... Add a new linked server using SQL Server Enterprise Manager. ... Remote login: Admin ...
    (microsoft.public.sqlserver.tools)
  • Re: Terminal Services Setup/Flaw
    ... What do you think is allowing the connection with .rdp to another server? ... check the local RDU group on the local server one more time and see who is a member of that group. ... What would I modify in that group policy to inhibit this type of login? ... domain admin priviledges and went to work last week. ...
    (microsoft.public.windows.terminal_services)
Loading