D
DiFFeReNT
I have a computer running Windows Server 2003 that I want to setup to
be used exclusively as a Terminal Server.
Basically I need to allow:
a) Macs on the local network to remote desktop into the server (PC-
only apps) and
b) PCs/Macs outside the local network (WAN) to remote desktop into the
server (access same two apps)
It has to allow multiple users to be connected simultaneously. In
addition, all terminal services users need to be "locked down", so
only the two applications can be accessed, and the rest of the system
can't be tampered with.
After a failed Group Policy experiment, I now know that I need to use
Active directory to setup security measures, which brings me to my
first question:
1) Can Active Directory provide the kind of security I'm looking for?
(two apps, nothing else)
Also, I've read that having a Terminal Server and Active Directory on
the same computer is a huge security risk.
2) How severe is this risk?
Again, the server is for terminal services only. Windows workstations
do not need to logon to this domain. Which brings me to my third
question:
3) Since the server has to be on a Domain for Active Directory to be
used, does that mean that all computers (PCs/Macs) on the local
network have to be on that domain to get access to terminal services?
Since this server might not always be reliable, I can't have all local
computer relying on it to boot up with their usual desktops, resources
and access to vital local data on other computers on the network.
Do I need to be looking at a different kind of solution for local Macs
and remote PCs/Macs to access the two applications, or is Terminal
Services + Active Directory + Domains the only way to achieve what I'm
trying to do?
Thanks a lot for your help (I've been trying to figure this out for 6
months, so really, thank you),
DiFFeReNT
be used exclusively as a Terminal Server.
Basically I need to allow:
a) Macs on the local network to remote desktop into the server (PC-
only apps) and
b) PCs/Macs outside the local network (WAN) to remote desktop into the
server (access same two apps)
It has to allow multiple users to be connected simultaneously. In
addition, all terminal services users need to be "locked down", so
only the two applications can be accessed, and the rest of the system
can't be tampered with.
After a failed Group Policy experiment, I now know that I need to use
Active directory to setup security measures, which brings me to my
first question:
1) Can Active Directory provide the kind of security I'm looking for?
(two apps, nothing else)
Also, I've read that having a Terminal Server and Active Directory on
the same computer is a huge security risk.
2) How severe is this risk?
Again, the server is for terminal services only. Windows workstations
do not need to logon to this domain. Which brings me to my third
question:
3) Since the server has to be on a Domain for Active Directory to be
used, does that mean that all computers (PCs/Macs) on the local
network have to be on that domain to get access to terminal services?
Since this server might not always be reliable, I can't have all local
computer relying on it to boot up with their usual desktops, resources
and access to vital local data on other computers on the network.
Do I need to be looking at a different kind of solution for local Macs
and remote PCs/Macs to access the two applications, or is Terminal
Services + Active Directory + Domains the only way to achieve what I'm
trying to do?
Thanks a lot for your help (I've been trying to figure this out for 6
months, so really, thank you),
DiFFeReNT