Terminal Servers @ Datacenter


Looking for best practices in managing windows servers in a datacenter.

We have 100 windows servers with Terminal services. There is no Active
Directory domain.Everything is workgroup. There is a set of 10 admins
who share responsibility of administering these servers. Each admin
has access to a group of 10 or 15 Servers.

For the purpose of tracking access, we would like to setup one central
gateway server in the DMZ where all admins will login first. Based on
their user-id, they can initiate connection to their authorised
internal server.

It should not be possible for one server to initiate connection to
another server. All servers should accept connection only from this
central gateway server.

We are open to buying a third party product if required. It would be
great if we can also track what the admins are doing .