Re: TS access and Virus issue

From: Miha Pihler (
Date: 10/19/04

Date: Tue, 19 Oct 2004 19:26:00 +0200


If you are really concerned about this, prohibit the mapping of local
drivers over terminal services. This will prevent them from mapping their
local drives to your server (but it may limit their work). This way all they
can do is transfer files on the network where the terminal server is.

Terminal session itself is encrypted (I think Windows 2000 use 56 bit
encryption while Windows 2003 use 128 bit -- also depends on the client that
they use...). Assign your customer strong - hard to guess password.
Personally I limit access to terminal servers only to customers IP addresses
not the whole internet (I don't want every "kid" on the internet trying out
the passwords on logon screen)... Another option would be to first connect
to VPN server and only then the vendor is allowed to connect to the TS (and
only TS over TCP 3389).

Note, if you have TS located on LAN with other clients there is nothing
limiting your vendor to connect to other computers on LAN from this TS


"Bjarni" <> wrote in message
> I have a vendor that wants to have access to an application on my server,
> was thinking about using TS, but I have concerns over viruses coming from
> vendors network. This is a financial database that the vendor would be
> connecting to and he would not have access to any other areas of the
> Is my concern about viruses valid, or do I have nothing to worry about? I
> also worried about overall security on the vendor site, if I give him
> to my server and he has security breach then my security is breached
> right?. Hope someone can help me by shedding light on these issues