Please reference the link below for the NSA's guide on securing Windows 2000. Highly recommended. http://nsa2.www.conxion.com/win2k/download.htm -----Original Message----- From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx] Sent: Tuesday, November 06, 2001 11:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal services http://www.ISAserver.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yep- just set up a filter that allows 3389 in, but only from a particular remote address or addresses. Also, to be on the safe side, ensure the admin account is renamed (for brute force attacks) and put a Legal Notice/Logon Banner on the box. hth AD At 11:11 AM 11/6/2001 -0600, you wrote: >http://www.ISAserver.org > > >You may be able, I am not entirely sure, limit the connections to the >port the Terminal Services uses to a specific IP range. I am no guru at >ISA, but this may be possible. > >Mike > >-----Original Message----- >From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] >Sent: Tuesday, November 06, 2001 11:09 AM >To: [ISAserver.org Discussion List] >Subject: [isalist] RE: Terminal services > > >http://www.ISAserver.org > > >Thanks >Steve > >-----Original Message----- >From: Mike Carlson [mailto:domitianx@xxxxxxxxxxxxx] >Sent: 06 November 2001 17:06 >To: [ISAserver.org Discussion List] >Subject: [isalist] RE: Terminal services > > >http://www.ISAserver.org > > >Yes it is operating as designed. Think of it as basically someone >walking up to the actual box. You cannot limit the display of the login >screen by the person standing in front of the computer. The machine does >not know who it is until they enter their information. > >Mike > >-----Original Message----- >From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx] >Sent: Tuesday, November 06, 2001 10:57 AM >To: [ISAserver.org Discussion List] >Subject: [isalist] Terminal services > > >http://www.ISAserver.org > > >Hi all > >I have just enabled terminal services for admin access. I works fine >apart from the small issue of letting anyone and their dog connect. >Obviously the cant login unless they know the password but is this the >way it is supposed to work. I have created a rule to only let me and >administrators to connect to know avail. > >Help >Steve >Steve Moffat >Senior Engineer >Optimum Computer Solutions > >Tel : +44(0)141 570 1283 >Fax :+44(0)141 584 9479 >Mobile : 07711 074 605 > >http://optimum.mine.nu >steve@xxxxxxxxxxxxxxx > >Disclaimer: >Optimum Computer Solutions is not responsible for any recommendation, >solicitation, offer or agreement or any information about any >transaction, customer account or account activity contained in this >communication. > >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion List as: >domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to >$subst('Email.Unsub') > >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion List as: >steve@xxxxxxxxxxxxxxx To unsubscribe send a blank email to >$subst('Email.Unsub')Disclaimer: >Optimum Computer Solutions is not responsible for any recommendation, >solicitation, offer or agreement or any information about any >transaction, customer account or account activity contained in this >communication. > >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion List as: >domitianx@xxxxxxxxxxxxx To unsubscribe send a blank email to >$subst('Email.Unsub') > >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion List as: >thor@xxxxxxxxxxxxxxx >To unsubscribe send a blank email to $subst('Email.Unsub') -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBO+gabohsmyD15h5gEQKcPgCgsaPyCW9HVMi4G8/Z54KEjPxPcewAoOgy xaO9pdSKen6MlbUrYbVbtlbK =2MYw -----END PGP SIGNATURE----- ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: esullivan@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')