Choose the appropriate permission levels for Windows Server 2003 Terminal Services

When installing Terminal Services on Windows Server 2003, you have two security options: Relaxed Security or Full Security. While the right choice may appear to be obvious, this isn't always the case. In this Windows Server 2003 tip, Scott Lowe discusses the differences between these two options, and he explains why you might need to choose the Relaxed Security option.

When you install Terminal Services on a Windows Server 2003 server
in your data center, you have the option to either select the Relaxed Security
setting or choose the Full Security option for your clients. While the answer
may appear to be a simple one, it’s important to consider your organization’s
specific applications before clicking that Full Security option.

First of all, make sure you understand the Terminal Services
language. In this case, relaxed doesn’t
necessarily mean lax—it’s actually shorthand for Windows NT Server 4.0,
Terminal Server Edition Permissions Compatibility Mode (Relaxed Security). Your
other option, Full Security, actually stands for Windows 2000/Windows Server
2003 Permissions Mode.

If you select the Relaxed Security option, users connecting
to the terminal server can modify certain system files (such as those located
in the SYSTEM32 directory) as well as registry keys. Windows 2000 and Windows
Server 2003 restrict user access to these areas to boost security and
stability.

You might wonder why you would ever want to allow users to access
such important system areas. However, some earlier programs won’t operate
unless the user has access to certain registry keys and the SYSTEM32 folder,
and Terminal Services’ Relaxed Security setting allows the support of these
applications.

The good news is that these programs are all generally
pretty old. The even better news is that the Relaxed Security setting precludes
you from having to grant users Administrator privileges on the system. But even
though it’s better than giving users admin rights, it still creates a major
security hole.

So, whenever possible, choose the Full Security option to
lock down your terminal server. If you’re not sure if a particular application
will work, try running it under the Full Security setting first. If that doesn’t
work, you’ll likely need to use the Relaxed Security option. However, to better
protect your network, segregate such applications by putting them on their own
terminal server.

Miss a tip?

Check out the Windows Server 2003 Archive,
and catch up on the most recent tips from this newsletter.

Stay on top of the
latest WS2K3 tips and tricks with our free Windows Server 2003 newsletter,
delivered each Wednesday. Automatically
sign up today!

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE Finding a back-end developer with programming and technical expertise as well as superior collaboration and communication skills will require a comprehensive recruitment strategy. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: TYPICAL ...

PURPOSE Application engineers need to have technical expertise in programming, design, business and the software and hardware required to run the application. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE ...

Choose the appropriate permission levels for Windows Server 2003 Terminal Services