Ask the Expert

Denying Terminal Service connections in remote admin mode

Is there a way of denying access to a Terminal Service connection (TS 2003) in remote admin mode? Even with security set on the RDP protocol, you can connect to it from both Windows and Linux machines not part of any domain. The security policies seem to concentrate on not allowing users to log in but I don't want them to even connect. The solution would ideally not use IPSEC.

    Requires Free Membership to View

If you don't want anyone to connect to the server from a certain location (say, the outside world) you can block off port 3389, used by RDP. You can also remove servers from the browse list of Terminal Servers (although a Windows 2003 server in Remote Administration mode shouldn't be listed). To keep a server from announcing itself as a Terminal Server (while keeping it on the browse list), run the Registry Editor and go to HKLMSystemCurrentControlSetControlTerminal Server. Add the following registry value: TSAdvertise, Data type: REG_DWORD, Radix: Decimal, and Value: 0.

This was first published in January 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: