Q

Denying Terminal Service connections in remote admin mode

Is there a way of denying access to a Terminal Service connection (TS 2003) in remote admin mode? Even with security set on the RDP protocol, you can connect to it from both Windows and Linux machines not part of any domain. The security policies seem to concentrate on not allowing users to log in but I don't want them to even connect. The solution would ideally not use IPSEC.
If you don't want anyone to connect to the server from a certain location (say, the outside world) you can block off port 3389, used by RDP. You can also remove servers from the browse list of Terminal Servers (although a Windows 2003 server in Remote Administration mode shouldn't be listed). To keep a server from announcing itself as a Terminal Server (while keeping it on the browse list), run the Registry Editor and go to HKLMSystemCurrentControlSetControlTerminal Server. Add the following registry value: TSAdvertise, Data type: REG_DWORD, Radix: Decimal, and Value: 0.
This was first published in January 2004

Dig deeper on Terminal Services and Remote Desktop Services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchEnterpriseDesktop

SearchServerVirtualization

SearchCloudComputing

SearchConsumerization

SearchVMware

Close