RE: Terminal services

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 6 Nov 2001 09:47:29 -0800

You can create a secure TS environment.  TS under VPN is overkill, since TS
encrypts the data anyway.
Use Terminal Services Configuration in Admin Tools and set it to use high
encryption and limit logons to specific users.

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG


----- Original Message -----
From: "Edward Sullivan" <esullivan@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, November 06, 2001 09:33
Subject: [isalist] RE: Terminal services


http://www.ISAserver.org


Using Terminal Services to connect to a box on the Internet without first
creating a PPTP VPN tunnel to the box is highly unrecommended, BTW. Hope
this box is on your internal LAN, and not open to the world. Considering the
nature of ISA, I would venture to guess it is on the Internet. You probably
want to bind terminal services to your internal adapter ONLY, if you have
not already done so.

-----Original Message-----
From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx]
Sent: Tuesday, November 06, 2001 11:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Terminal services


http://www.ISAserver.org



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Heh... I actually performed a development edit for SANS for those documents
before the NSA released them :)


Thanks!

At 11:23 AM 11/6/2001 -0600, you wrote:
>http://www.ISAserver.org
>
>
>Please reference the link below for the NSA's guide on securing Windows
>2000. Highly recommended.
>
>http://nsa2.www.conxion.com/win2k/download.htm
>
>-----Original Message-----
>From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx]
>Sent: Tuesday, November 06, 2001 11:14 AM
>To: [ISAserver.org Discussion List]
>Subject: [isalist] RE: Terminal services
>
>
>http://www.ISAserver.org
>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Yep- just set up a filter that allows 3389 in, but only from a particular
>remote address or addresses.
>
>Also, to be on the safe side, ensure the admin account is renamed (for
>brute force attacks) and put a Legal Notice/Logon Banner on the box.
>
>hth
>
>AD
>
>
>At 11:11 AM 11/6/2001 -0600, you wrote:
> >http://www.ISAserver.org
> >
> >
> >You may be able, I am not entirely sure, limit the connections to the
> >port the Terminal Services uses to a specific IP range. I am no guru at
> >ISA, but this may be possible.
> >
> >Mike
> >
> >-----Original Message-----
> >From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
> >Sent: Tuesday, November 06, 2001 11:09 AM
> >To: [ISAserver.org Discussion List]
> >Subject: [isalist] RE: Terminal services
> >
> >
> >http://www.ISAserver.org
> >
> >
> >Thanks
> >Steve
> >
> >-----Original Message-----
> >From: Mike Carlson [mailto:domitianx@xxxxxxxxxxxxx]
> >Sent: 06 November 2001 17:06
> >To: [ISAserver.org Discussion List]
> >Subject: [isalist] RE: Terminal services
> >
> >
> >http://www.ISAserver.org
> >
> >
> >Yes it is operating as designed. Think of it as basically someone
> >walking up to the actual box. You cannot limit the display of the login
> >screen by the person standing in front of the computer. The machine does
> >not know who it is until they enter their information.
> >
> >Mike
> >
> >-----Original Message-----
> >From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
> >Sent: Tuesday, November 06, 2001 10:57 AM
> >To: [ISAserver.org Discussion List]
> >Subject: [isalist] Terminal services
> >
> >
> >http://www.ISAserver.org
> >
> >
> >Hi all
> >
> >I have just enabled terminal services for admin access. I works fine
> >apart from the small issue of letting anyone and their dog connect.
> >Obviously the cant login unless they know the password but is this the
> >way it is supposed to work. I have created a rule to only let me and
> >administrators to connect to know avail.
> >
> >Help
> >Steve
> >Steve Moffat
> >Senior Engineer
> >Optimum Computer Solutions
> >
> >Tel : +44(0)141 570 1283
> >Fax :+44(0)141 584 9479
> >Mobile : 07711 074 605
> >
> >http://optimum.mine.nu
> >steve@xxxxxxxxxxxxxxx
> >
> >Disclaimer:
> >Optimum Computer Solutions is not responsible for any recommendation,
> >solicitation, offer or agreement or any information about any
> >transaction, customer account or account activity contained in this
> >communication.
> >
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to
> >$subst('Email.Unsub')
> >
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
> >$subst('Email.Unsub')Disclaimer:
> >Optimum Computer Solutions is not responsible for any recommendation,
> >solicitation, offer or agreement or any information about any
> >transaction, customer account or account activity contained in this
> >communication.
> >
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to
> >$subst('Email.Unsub')
> >
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >thor@xxxxxxxxxxxxxxx
> >To unsubscribe send a blank email to $subst('Email.Unsub')
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 7.1
>
>iQA/AwUBO+gabohsmyD15h5gEQKcPgCgsaPyCW9HVMi4G8/Z54KEjPxPcewAoOgy
>xaO9pdSKen6MlbUrYbVbtlbK
>=2MYw
>-----END PGP SIGNATURE-----
>
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>esullivan@xxxxxxx
>To unsubscribe send a blank email to $subst('Email.Unsub')
>
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>thor@xxxxxxxxxxxxxxx
>To unsubscribe send a blank email to $subst('Email.Unsub')

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBO+gdOohsmyD15h5gEQJ+cQCgg/C5k33aBY0RSXTBcDBH213uddAAn0kK
USxjnZX5slCsSSAjmifQMcvP
=FxKN
-----END PGP SIGNATURE-----

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
esullivan@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services
• » RE: Terminal services

1. Home
2. isalist
3. Archive
4. 11-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---