Oh I forgot to add this previously posted message from another person; it's were I picked up the MS doesn't recommend. ---snip--- Thank you very much Andrew for alerting the hot point to me. Changing the RDP port is one of highest risk stuff, and it does not recommend changing as well from Microsoft unless necessary. http://support.microsoft.com/kb/187623/EN-US/ Could let me know the RDP port can be usefully changed by most people? I followed the link to configure my server http://support.microsoft.com/default.aspx?scid=kb;en-us;294720 Jim, could you please detail on "set the encryption to "ungodly high" and leave it there." Due to I'm not a native English speaker. (Sorry) Regards, Krisna ---snip--- Regards, Andrew -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, December 07, 2004 9:38 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing a Windows 2003 Terminal Server http://www.ISAserver.org Stuff an nonesense. There is no such "recommendation". Changing TS ports to allow single-IP publishing of multiple TS servers is perfectly functional and not a security mechanism (security be obscurity) at all. It's a completely brain-dead operation to scan your IP space and see what application signatures I can sniff out with readily-available script-kiddie tools. You want your TS to be secure? Set it to the highest encryption possible. If you're publishing a non-standard TS port, you have to create a protocol that uses that protocol/port definition. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, December 06, 2004 10:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publishing a Windows 2003 Terminal Server http://www.ISAserver.org Hi Dan, First of all Microsoft does not recommend you modify the TS port internally on your machine. The only other way to change the port is to do it on ISA itself. I am not sure under ISA 2000 how you do it, but under ISA 2004 when you select the TS Server protocol it gives you a ports option which you go into and change the incoming port on the WAN to something else. ISA 2004 will communicate with your TS machine on 3389 once the connection is made from the outside on the different port. Regards, Andrew -----Original Message----- From: Dan Crain [mailto:DanC@xxxxxxxxxxxx] Sent: Monday, December 06, 2004 1:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] Publishing a Windows 2003 Terminal Server http://www.ISAserver.org I need to do this on a ISA 2000 box. Are there any good instructions out there for doing this. I changed the port number on the 2003 server and published it on the ISA server and it didn't work. I have a 2000 server on setup on the standard port (3389) that works fine but I'm a little stuck on why it won't work with the 2003 server. Any suggestions would be greatly appreciated. Thanks, Dan Crain NOTE: The information contained in this message may be priviledged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please notify Dan Crain at DanC@xxxxxxxxxxxx immediately by replying to the message and deleting it from your computer. Thank you. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx