Re: Allowing internet access in Terminal sessions...



You can still control those things through the zone configuration but the reason they are having to add those sites is because of the IEESC. It's up to you on the amount of pain you want to give your users but there are easier ways of controlling those things you want which is through proper zone configuration.

Jeff Pitsch
Microsoft MVP - Terminal Services

Mrpush wrote:
Jeff,

I'm not sure that I want to remove it, but rather "manage" sites somehow?

If I remove it, will it allow scripts etc to be run by users on the server?

I don't want to create a security/Infection problem.

Thanks,

Mark

"Jeff Pitsch" wrote:

1) In add/remove programs/Windows Components, make sure you have unchecked IEES (Internet Explorer Enhanced Security).

2) Not without going to a 3rd party product like Citrix XenApp

Jeff Pitsch
Microsoft MVP - Terminal Services

Mrpush wrote:
Hello,

MS 2003 server with Terminal servers, IE explorer 7.

I want to allow my TS users to have internet access from the Terminal sessions so that links to web sites etc from within apps are active. I have some concerns however.

1.) Explorer 7 security is set to MEDIUM-HIGH on servers, and anytime a user will try to access a web site, they will get the "Content being blocked" pop-up and have to CLOSE or ADD the sites they are trying to view.

I would turn down the security level, but I'm concerned then about user infecting the TS's with spyware etc by clicking the wrong things.

And I don't want users to have to always see the CONTENT BLOCKED pop-up or have them add BAD sites to the trusted sites.

Are there some guidelines on how to safely setup a browser and manage TS users internet access and sites in TS sessions?

2.) Seems that FLASH web sites don't work well in TS sessions. Anyway around this?

Thanks much,

Mark


.



Relevant Pages

  • Windows 2000 Security Roll-up and Terminal Services
    ... I recently installed the Windows 2000 Security Roll-up on several servers ... and had some troubles with Terminal Services afterwards. ... On another server, terminal services ...
    (NT-Bugtraq)
  • RE: MS Terminal Services open to the world
    ... Terminal Services Security ... Running Terminal Services may expose your domain to significant security ... Terminal Server deployment. ... the Terminal Services Client supports version checking. ...
    (Pen-Test)
  • Re: Windows Server without AD?
    ... It does have Terminal Services ... Single server for the organization. ... What are the security implications of not having AD installed? ... Resetting the admin password on a domain controller isn't significantly ...
    (Security-Basics)
  • (prevent + detect Arp spoofing) + Securing Terminal Services
    ... and i am participating in a CTF contest ... I am going to be running a windows 2003 server, ... terminal services, and have learned that using ssl with terminal services ... prospectus based upon the core principle concepts of security. ...
    (Focus-Microsoft)
  • security-basics Digest of: get.123_145
    ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
    (Security-Basics)