|
Posted by Steven L Umbach on May 4, 2006, 3:32 pm
Please log in for more thread options
You might also want to post in one of the Terminal Services newsgroups for
feedback. What you might want to do is to configure RDP to end a
disconnected session and have your users connect via a VPN to the TS from
the internet. Then if you are using a Windows server for VPN you can
configure Remote Access Policies so that only authorized users can connect
to the TS using input/output filters to block others. Another advantage with
using a VPN is if L2TP can be used you will remove the risk of users not
using authorized computers from attempting to connect to the VPN because
L2TP requires that the VPN client and server authenticate with certificates
before a user is allowed to even attempt to authenticate. --- Steve
> I'm currently configuring a terminal server running Windows Server 2003 R2
> with two RDP connections (using 2 network cards). The first connection
> will be used for internal connections and the second connection will be
> used to allow some users to connect directly via the Internet.
> I configured the permissions on the second connection to only allow a
> limited number of users. When testing this at first it seems to work fine
> (users not allowed get an error message that they do not have terminal
> server user access permission).
> If however a user currently has an active or disconnected session (set up
> via the first connection), the second connection connects just fine to the
> existing session although the user does not have permission to use that
> connection!
> To me this seems to be a security bug: connection security is not checked
> any more if the session already exists!
>
> regards,
> Stefan Cuypers
>
>
| 
XML Sitemap