RE: Publishing a Windows 2003 Terminal Server

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 7 Dec 2004 20:04:57 -0800

Note the phrase "unless necessary".
That's the whole point; changing the port for S&G isn't worth your time.
If you have a functional reason (publishing nultiple servers on a single
external IP, ferinstance), then it's a case of "ya duz watchagotta..."


  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 

-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, December 07, 2004 11:13 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing a Windows 2003 Terminal Server

http://www.ISAserver.org

Oh I forgot to add this previously posted message from another person;
it's were I picked up the MS doesn't recommend.

---snip---

Thank you very much Andrew for alerting the hot point to me. 
Changing the RDP port is one of highest risk stuff, and it does not
recommend changing as well from Microsoft unless necessary.
http://support.microsoft.com/kb/187623/EN-US/ 

Could let me know the RDP port can be usefully changed by most people?

I followed the link to configure my server
http://support.microsoft.com/default.aspx?scid=kb;en-us;294720 

Jim, could you please detail on "set the encryption to "ungodly high"
and leave it there." Due to I'm not a native English speaker.
(Sorry)

Regards,
Krisna

---snip---

Regards,
Andrew

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Tuesday, December 07, 2004 9:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing a Windows 2003 Terminal Server

http://www.ISAserver.org

Stuff an nonesense.
There is no such "recommendation".

Changing TS ports to allow single-IP publishing of multiple TS servers
is perfectly functional and not a security mechanism (security be
obscurity) at all.
It's a completely brain-dead operation to scan your IP space and see
what application signatures I can sniff out with readily-available
script-kiddie tools.

You want your TS to be secure?  Set it to the highest encryption
possible.
If you're publishing a non-standard TS port, you have to create a
protocol that uses that protocol/port definition.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 
-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, December 06, 2004 10:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing a Windows 2003 Terminal Server

http://www.ISAserver.org

Hi Dan, 

First of all Microsoft does not recommend you modify the TS port
internally on your machine. The only other way to change the port is to
do it on ISA itself. I am not sure under ISA 2000 how you do it, but
under ISA 2004 when you select the TS Server protocol it gives you a
ports option which you go into and change the incoming port on the WAN
to something else. ISA 2004 will communicate with your TS machine on
3389 once the connection is made from the outside on the different port.


Regards,
Andrew


-----Original Message-----
From: Dan Crain [mailto:DanC@xxxxxxxxxxxx] 
Sent: Monday, December 06, 2004 1:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Publishing a Windows 2003 Terminal Server

http://www.ISAserver.org

I need to do this on a ISA 2000 box. Are there any good instructions out
there for doing this. I changed the port number on the 2003 server and
published it on the ISA server and it didn't work. I have a 2000 server
on setup on the standard port (3389) that works fine but I'm a little
stuck on why it won't work with the 2003 server.

Any suggestions would be greatly appreciated.
Thanks,
Dan Crain


NOTE: The information contained in this message may be priviledged and
confidential and protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient, you
are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited. If you have received this
message in error, please notify Dan Crain at DanC@xxxxxxxxxxxx
immediately by replying to the message and deleting it from your
computer. Thank you.



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server
• » RE: Publishing a Windows 2003 Terminal Server

1. Home
2. isalist
3. Archive
4. 12-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---