Problem solve Get help with specific problems with your technologies, process and projects.

Denying Terminal Service connections in remote admin mode

Is there a way of denying access to a Terminal Service connection (TS 2003) in remote admin mode? Even with security set on the RDP protocol, you can connect to it from both Windows and Linux machines not part of any domain. The security policies seem to concentrate on not allowing users to log in but I don't want them to even connect. The solution would ideally not use IPSEC.
If you don't want anyone to connect to the server from a certain location (say, the outside world) you can block off port 3389, used by RDP. You can also remove servers from the browse list of Terminal Servers (although a Windows 2003 server in Remote Administration mode shouldn't be listed). To keep a server from announcing itself as a Terminal Server (while keeping it on the browse list), run the Registry Editor and go to HKLMSystemCurrentControlSetControlTerminal Server. Add the following registry value: TSAdvertise, Data type: REG_DWORD, Radix: Decimal, and Value: 0.

Dig Deeper on Terminal Services and Remote Desktop Services

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.