Changing from Terminal Server Remote Admin to Application

Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

We are using Windows Server 2000 with a Domain Controller. We currently have
users using Terminal Server Remote Admin to access files on the server. This
is not good! I want to change but I am not sure if we are going to run into
a problem if I change to Terminal Server in Application Server Mode.

What kind of problems might I encounter. It is alright if only two people
have access at any time since that is all that access before.

I would like to change this soon because of my security concerns.

Thanks
3 answers Last reply
More about changing terminal server remote admin application
  1. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    No, users running on your DC is not good, but installing Terminal
    Services in Application Server mode on your TS makes it worse.

    If your users only need to access some files, can't you put those
    files in a shared folder?
    _________________________________________________________
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    TS troubleshooting: http://ts.veranoest.net
    ___ please respond in newsgroup, NOT by private email ___

    "=?Utf-8?B?TmlscyBUaXRsZXk=?=" <Nils
    Titley@discussions.microsoft.com> wrote on 27 sep 2005 in
    microsoft.public.windowsnt.terminalserver.setup:

    > We are using Windows Server 2000 with a Domain Controller. We
    > currently have users using Terminal Server Remote Admin to
    > access files on the server. This is not good! I want to change
    > but I am not sure if we are going to run into a problem if I
    > change to Terminal Server in Application Server Mode.
    >
    > What kind of problems might I encounter. It is alright if only
    > two people have access at any time since that is all that access
    > before.
    >
    > I would like to change this soon because of my security
    > concerns.
    >
    > Thanks
  2. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    Yes the files can be put in a shared folder but how do they access the data?
    Please be explicit in your answer. I am new at doing this.

    Side bar: One person on the suggested changing the rights to allow users to
    access through Remove Access by

    Giving the Domain Users that remote in access to log in locally but when I
    set up an account to do this, I tried to login remotely I got the following
    message, "You do not have access to logon to this session". I think I can do
    it this way but what additional rights do I need to give this user?

    Any suggestions that will allow remote users to access the data but also
    allow us to tighten down security is appreicated.
    Thanks


    "Vera Noest [MVP]" wrote:

    > No, users running on your DC is not good, but installing Terminal
    > Services in Application Server mode on your TS makes it worse.
    >
    > If your users only need to access some files, can't you put those
    > files in a shared folder?
    > _________________________________________________________
    > Vera Noest
    > MCSE, CCEA, Microsoft MVP - Terminal Server
    > TS troubleshooting: http://ts.veranoest.net
    > ___ please respond in newsgroup, NOT by private email ___
    >
    > "=?Utf-8?B?TmlscyBUaXRsZXk=?=" <Nils
    > Titley@discussions.microsoft.com> wrote on 27 sep 2005 in
    > microsoft.public.windowsnt.terminalserver.setup:
    >
    > > We are using Windows Server 2000 with a Domain Controller. We
    > > currently have users using Terminal Server Remote Admin to
    > > access files on the server. This is not good! I want to change
    > > but I am not sure if we are going to run into a problem if I
    > > change to Terminal Server in Application Server Mode.
    > >
    > > What kind of problems might I encounter. It is alright if only
    > > two people have access at any time since that is all that access
    > > before.
    > >
    > > I would like to change this soon because of my security
    > > concerns.
    > >
    > > Thanks
    >
  3. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    I believe that we are misunderstanding each other.
    If your users only need to access some data files, like Word
    documents, then they can simply connect to the shared folder from
    their workstation.
    But I guess they need to run an application on the server, which in
    its turn accesses the data files, is that what you mean?

    If I were you, I would completely rethink my setup. This is not
    going to be a secure solution, because you will have to give your
    users the right to log on locally on your Domain Controller.

    You can try to secure it with NTFS permissions on the file system
    of the server, but even then, it's not a secure setup.
    _________________________________________________________
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    TS troubleshooting: http://ts.veranoest.net
    ___ please respond in newsgroup, NOT by private email ___

    "=?Utf-8?B?TmlscyBUaXRsZXk=?="
    <NilsTitley@discussions.microsoft.com> wrote on 29 sep 2005 in
    microsoft.public.windowsnt.terminalserver.setup:

    > Yes the files can be put in a shared folder but how do they
    > access the data? Please be explicit in your answer. I am new
    > at doing this.
    >
    > Side bar: One person on the suggested changing the rights to
    > allow users to access through Remove Access by
    >
    > Giving the Domain Users that remote in access to log in locally
    > but when I set up an account to do this, I tried to login
    > remotely I got the following message, "You do not have access to
    > logon to this session". I think I can do it this way but what
    > additional rights do I need to give this user?
    >
    > Any suggestions that will allow remote users to access the data
    > but also allow us to tighten down security is appreicated.
    > Thanks
    >
    >
    > "Vera Noest [MVP]" wrote:
    >
    >> No, users running on your DC is not good, but installing
    >> Terminal Services in Application Server mode on your TS makes
    >> it worse.
    >>
    >> If your users only need to access some files, can't you put
    >> those files in a shared folder?
    >> _________________________________________________________
    >> Vera Noest
    >> MCSE, CCEA, Microsoft MVP - Terminal Server
    >> TS troubleshooting: http://ts.veranoest.net
    >> ___ please respond in newsgroup, NOT by private email ___
    >>
    >> "=?Utf-8?B?TmlscyBUaXRsZXk=?=" <Nils
    >> Titley@discussions.microsoft.com> wrote on 27 sep 2005 in
    >> microsoft.public.windowsnt.terminalserver.setup:
    >>
    >> > We are using Windows Server 2000 with a Domain Controller.
    >> > We currently have users using Terminal Server Remote Admin to
    >> > access files on the server. This is not good! I want to
    >> > change but I am not sure if we are going to run into a
    >> > problem if I change to Terminal Server in Application Server
    >> > Mode.
    >> >
    >> > What kind of problems might I encounter. It is alright if
    >> > only two people have access at any time since that is all
    >> > that access before.
    >> >
    >> > I would like to change this soon because of my security
    >> > concerns.
    >> >
    >> > Thanks
Ask a new question

Read More

Windows Server Servers Microsoft Terminal Server Domain Controller Windows