General discussion

Locked

Windows Terminal Services

By twest ·
We are getting ready to do a domain upgrade from NT 4 domain to Windows 2000. I have seen windows terminal services running on a server in a test lab, and would like to investigate running it on all my new Windows 2000 servers for administrative purposes. My question is: What, if any, security concerns are involved with running terminal services on all my servers? Also, what, if any, performance issues may this pose? Is this something I should be considering, or is it a mistake?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Windows Terminal Services

by Joseph Moore In reply to Windows Terminal Services

I am a fan of TS in Win2K. I think it was a very good decision to put it in there. I do a majority of my admin tasks on Win2K Servers using TS sessions.

Now, here are some things to think about.

1) It does not replace actually getting up and standing in front of the server. If there are applications that launch when the server boots up and is first logged into (like Lotus Domino, the mail server my company uses) then TS is no help. In those cases, when I need to see what is happening on the console screen, I go to the server. But unless that is the case, TS works. I have installed applications in TS sessions (installed Crystal Reports 8 once on a server, and that is a major install!).
2) TCP port 3389 will be open on your server, as this is the listening port for TS. If you have servers that are unscreened on the Internet (without firewall protection for some INSANE reason!) then DON'T PUT TS ON!!! There are tools out there that can crack a Windows password using TS, doing a dictionary attack. I haven't read about many attacks on port 3389, but everyone knows what that port is for when the see it open on the Internet. Just think of it this way: with TS running, you have an open Console-like connection available, as if your server room door was wide open and available to anyone walking by on the street. Make sure your security settings (firewall, router access lists, etc.) are set.
3) Performance is light, in my observations. Maybe 5 MB RAM used just to have TS installed and running without connections. If there are connections on it, then you need to factor that in with your servers hardware capabilities.

Collapse -

Windows Terminal Services

by Joseph Moore In reply to Windows Terminal Services

4) I only use TS in Remote Administration mode, where only Admins can use and, and there can only be 2 simutaneous TS sessions on a single server at once. Also, there is no special licencing needed to run TS this way (unlike in the unlimited LIcenced Mode, where users can use TS and connect).

hope this helps

Collapse -

Windows Terminal Services

by twest In reply to Windows Terminal Services

Poster rated this answer

Collapse -

Windows Terminal Services

by twest In reply to Windows Terminal Services

This question was closed by the author

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums