Securing Access to my Terminal Servers?

By bklan123 ·
My company is a small business that offers certain clinical applications via remote desktop. We have 7 terminal servers, and clients access them through both VPN IP address connections, and through external DNS hostnames. We do this so our servers available from hotel rooms, at home, etc. and the business model works for us and our clients.
One of the problems we face is the TS licensing. We want to keep it per device, because we work with nursing and hospice companies who have many employees and fewer computers, this helps keep their cost down. However, using windows server 2003, the Licensing manager is not very friendly, all we see are computer names. not a big deal, but we've come to find we cant trust our clients to tell us about every new computer they use it, so we keep running out of TS license and we are having trouble finding out where they re going. Then, we'll have people who need to login with computers we know about the can't get in cause we ran out of licenses. Is there any way I can control which computers log in my servers without changing the business model? Like maybe a computer cant login if it doesn't have a certain key or certificate?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by shasca In reply to Securing Access to my Ter ...

Can you allow access by user accounts as apposed to PC access? What is the time out on idle licenses set at in the TS license manager? Is it holding on to connections too long? here are some how-to's for more ideas.

Collapse -


by bklan123 In reply to Q&A's

My TS servers are locked down fine. There is no place I've found within TS license manager to configure idle time, and its no where in those articles. It's set and you can't change that.

Heres the problem:

Clients connects to the server for the first time.

It pulls a device CAL from TS licensing server

I have 300 Licenses for 300 computers

A bunch of clients get new computers or home computers and add to the total amount of devices without telling me,pulling licenses.

A client who is using a valid computer cant connect because There are no licenses left.

I'm sorry if I'm explaining it incorrectly.
I just want to know if there is a way i can keep just any computer from logging into my TS servers, while keeping openly available. So someone cant connect with any computer until I allow that specific computer.

I had one where the customer used a computer Best Buy to login and check his email! there goes a TS Device CAL for 60+ days!

Related Discussions

Related Forums