Jack, Fully agree with you on the licenses, you want the user licenses not the device licenses Thom. I have to disagree with you on the way Terminal Services would be configured however. Using the IA account for all the users would not be a secure method of restricting access to these systems. Conceivably anyone could connect to your systems using the IA account and you would never know it. *Especially* since the default password to IA accounts is a well known secret in the community. Assuming this is to allow remote access from corporate or the internet, I'd recommend configuring a unique user account for each person who needs to access the system remotely, and require them to log in using that account. The user license allows any 5 concurrent users access to the system, so unless you are leaving these sessions open it shouldn't interfere with your needs. Additionally, you should disable the IA account from being used as a Terminal services capable account, which is easily done in Windows configuration. Am I missing anything everyone? I can't for the life of me remember if Foxboro requires the IA account, or if it will run under a similar privileges account. Sincerely, Michael Toecker Control Systems Security Designer Compliance & Infrastructure Protection Burns & McDonnell Engineering -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Jack.Easley@xxxxxxxxxxxx Sent: Tuesday, October 14, 2008 1:21 PM To: foxboro@xxxxxxxxxxxxx Subject: Re: [foxboro] Remote access I can tell you from experience that Terminal Server "device" (the default) licenses will not work for you as you describe, as only the first 5 PCs to login will be allowed to use the licenses, even if one or more of the first 5 PCs have logged off. I can also tell you that if you make the mistake of installing the Terminal server licenses as device licenses, you can remove them and reinstall them as user licenses without making an additional purchase. You just select "user" instead of "device" on the re-install and use the same code file provided by Microsoft initially. The number of sessions and users are probably limited to the number of licenses you purchase. Since you will probably use ia as the username for all sessions, you are good on number of users. There is a setting in Terminal Server Configuration or Terminal Server Management on the Windows 2003 Server which must be checked to allow multiple sessions for the same user. I cannot remember if it checked as a default after install. Actually, Terminal Server User license allocation is based on the honor system according to Microsoft, whereas the device license allocation is controlled. Go figure! Jack Easley Sr. I&C Technician Luminant Power, Martin Lake Plant Phone 903.836.6241 jack.easley@xxxxxxxxxxxx -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Chaiket, Thom Sent: Tuesday, October 14, 2008 11:44 AM To: foxboro@xxxxxxxxxxxxx Subject: [foxboro] Remote access Had a question for all. We recently upgraded to the MESH network and opted for remote connection to our historian (Windows Server 2003). Due to local government laws, we have to obtain required licenses (5-pack Terminal Services Client Access Licenses) separately. There are two different versions and we are not sure which one to purchase. There are User-based licenses or Device-based licenses. We want up to any 5 people to simultaneously access the TS, but these 5 come from a much larger set of users and computers all over our network. It sounds like the Device-based license will allow up to 5 people to use the TS without regard to what computers they come in from or what their user logins are. Is this correct? Thanks! _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave Confidentiality Notice: This email message, including any attachments, contains or may contain confidential information intended only for the addressee. If you are not an intended recipient of this message, be advised that any reading, dissemination, forwarding, printing, copying or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by reply message and delete this email message and any attachments from your system. _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave