Re: How to protect my terminal servers?

Venger,

Thanks for your help. I have reviewed the content manager in IE.
If I turn this all on from the console, will it apply it to all user sessions?

Or do I need to set it maybe in a GPO or individually?

I also did consider content filtering with my firewall, but it has a
limitation of the number of allowed and blocked entries. I would need to
upgrade.

What is the "best practice" with content advisor? Seems to me that it would
be best to block all content, and then have users ask for permission and I
could add the work related sties over a period of time.

It's a bit of work to get setup, but gives total control. I don't want the
hassle of downed or rebuilt servers because someone clicked the wrong things.

(I have about 30 users.)

Thanks much,

MP


"Venger" wrote:

Mrpush wrote:
Hello,

Using TS's to run MS office and company app.

I have set a TS policy to restrict what they can do in the sessions.

However, I currently have not given users internet access from the TS
sessions as I'm afraid that they will infect the servers with all kinds of
viruses, spyware, etc.

I will install antivirus on the servers, but this does not guarantee they
will not be infected and get all messed up like workstations do from time to
time even with protection.

How do you guys protect your terminal servers?

Can I limit internet access on the TS's to only certain SAFE work related
web sites and maybe have them use their regular desktop internet access for
all other borwsing?

I'm just after a "best practices" that will keep my TS's clean so they don't
go down or need to be re-built if say some user launches Virtumonde in a
session!

You can use Content Advisor in IE. Can be very effective, control what
sites users can and cannot access. Made a little more difficult because
of how sites nest add-in content, but still effective for the most part.

You can of course do this at the firewall level.

You might use a group policy to enforce a dummy proxy to prevent users
from accessing the internet.

Venger

.

Relevant Pages

  • Allowing internet access in Terminal sessions...
    ... MS 2003 server with Terminal servers, IE explorer 7. ... I want to allow my TS users to have internet access from the Terminal ... sessions so that links to web sites etc from within apps are active. ...
    (microsoft.public.windows.terminal_services)
  • Re: How to protect my terminal servers?
    ... However, I currently have not given users internet access from the TS sessions as I'm afraid that they will infect the servers with all kinds of viruses, spyware, etc. ... You might use a group policy to enforce a dummy proxy to prevent users from accessing the internet. ...
    (microsoft.public.windows.terminal_services)
  • How to protect my terminal servers?
    ... I have set a TS policy to restrict what they can do in the sessions. ... I currently have not given users internet access from the TS ... I will install antivirus on the servers, but this does not guarantee they ... time even with protection. ...
    (microsoft.public.windows.terminal_services)
  • Terminal Session best practices....
    ... I have set a TS policy to restrict what they can do in the sessions. ... I currently have not given users internet access from the TS ... I will install antivirus on the servers, but this does not guarantee they ... time even with protection. ...
    (microsoft.public.windows.terminal_services)
  • Re: nessus scan
    ... Null sessions do NOT allow unauthenticated access to data on ... > when XP Pro users try to change their domain passwords at logon. ... > downlevel clients to access those servers. ... > auditing for account logons events and account management on domain ...
    (microsoft.public.win2000.security)