Re: Terminal Services Security

• Previous message: Wayne Gore: "Re: How to locate the source of an account being locked out?"
• In reply to: Paul McGuire: "Terminal Services Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 Jan 2005 01:42:27 -0600

TS will be encrypted over the internet. If possible it would be more secure
to tunnel in through a L2TP VPN connection to the server because L2TP will
allow connections only from computers with a valid computer certificate.
Having said that I have used TS/RDP over the internet directly many times.
Security can also be greatly enhanced if you can configure your firewall to
accept connections to port 3389 TCP from only certain IP addresses though
that may not be possible if you are going to access from places that you
have no idea what the source IP address will be such as hotels. I suggest
you also rename the administrator account or disable if from being able to
use RDP and instead create another administrator account to use as those
that find port 3389 TCP open will try to logon as administrator if your
firewall allows a connection from their IP. --- Steve

"Paul McGuire" <paulmcguire@_no_spam_hotmail.com> wrote in message
news:eLCBq5MBFHA.2572@tk2msftngp13.phx.gbl...
> Next week i am in need to remotely access my network. The easiest for me
> it to open the firewall for port 3389 to the ipaddress of the server. If
> i set the security on the terminal server to High which should be 128 bit
> encryption is this going to be secure? I understand that the user name
> and password needs to be a hard password to guess. I have only allowed
> the administrator accound the right to terminal service in via AD. Is
> there anything else to consider?
>
> TIA
>
> Paul McGuire
>

• Previous message: Wayne Gore: "Re: How to locate the source of an account being locked out?"
• In reply to: Paul McGuire: "Terminal Services Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: VPN error 628 ... Note that you need a hotfix to enable a L2TP VPN connection over a NAT ... connection (as well as a server that supports L2TP NAT-Traversal). ... is so that it doesn't try and verify the checksums ... (microsoft.public.windowsxp.work_remotely) VPN L2TP connection between two XP clients ... Does anyone know how to set up a L2TP VPN connection between two Windows XP ... but gives to many problems over two NAT / FW ... Unfortunately there not much to configure on the server side (incoming ... (microsoft.public.windowsxp.network_web) L2TP VPN connection between 2 XP computers ... Does anyone know how to set up a L2TP VPN connection between two Windows XP ... but gives to many problems over two NAT / FW ... Unfortunately there not much to configure on the server side (incoming ... (microsoft.public.windowsxp.work_remotely) Re: Outgoing POP3 email missing/lost/not received ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ... (microsoft.public.windows.server.sbs) Re: Cannot connect client to server 2003 ... you need to reconfigure the IP schema of your SBS ... On the SBS 2003 Server open the Server Management console. ... On the Connection Type page, click Broadband, and then click Next. ... Alternate DNS server, type the IP addresses that are provided by your ISP ... (microsoft.public.windows.server.sbs)