Windows

So long as you have good passwords on all of your system accounts to that server, and you have the server patched and so forth, you should be okay. I'd offer one suggestion though: if you can setup a rule our Access Control List on your router or firewall to only allow you access from your home network, or satellite office, you'll be even better off. The server won't respond unless the request is from the static IP you reference in the ACL.

Hope this helps.

Mike

You can install TS in your local lan and point all port 3389 (TS) requested to your internal TS server.
So yes it will be secure.
Of course the normal hardening of any windows systems still applies (don't forget internal treasts also exists)

Leopold

I have to play devil's advocate and say that you shouldn't allow TS connections over the Internet.
If you have TS running and TCP port 3389 open on the Internet, then it does leave open a large attack vector into your network. All someone would need to do is run a program like TSCRACK (a Terminal Services password cracker program) against a known user account, and they would be in. Now, yes, unless you know of a valid user account (like Administrator or Guest) then you just have to run it and hope for the best! You can't enumerate user accounts over the TS connection (unlike the anonymous user enumeration that is possible over TCP port 139/445) but you could still try and guess the Administrator password.
I just wouldn't do this if I were you.

This question was closed by the author