By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Is there a way of denying access to a Terminal Service connection (TS 2003) in remote admin mode? Even with security set on the RDP protocol, you can connect to it from both Windows and Linux machines not part of any domain. The security policies seem to concentrate on not allowing users to log in but I don't want them to even connect. The solution would ideally not use IPSEC.
If you don't want anyone to connect to the server from a certain location (say, the outside world) you can block off port 3389, used by RDP. You can also remove servers from the browse list of Terminal Servers (although a Windows 2003 server in Remote Administration mode shouldn't be listed). To keep a server from announcing itself as a Terminal Server (while keeping it on the browse list), run the Registry Editor and go to HKLMSystemCurrentControlSetControlTerminal Server. Add the following registry value: TSAdvertise, Data type: REG_DWORD, Radix: Decimal, and Value: 0.