The few times we've had to do it we whitelisted the IPs on the firewall that we wanted to allow connections from. If the connecting IP was on a whitelist we'd NAT to the internal IP on port 3389 and the user would be in. We had three users that needed access this way, so we whitelisted their home office IPs (they were technically dynamic, but never really changed). Worked in a pinch, although didn't make me feel good either. SSL VPN was the end solution that allowed them easy access relatively inexpensively. Jeff
"Bob Fronk" <[EMAIL PROTECTED]> 04/01/2008 04:34 PM Please respond to "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> To "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> cc Subject Public TS - opinions? I have a client that wants to keep a terminal server available publicly to be accessed from multiple sites where a VPN is not possible due to money and equipment constraints. The outside users just use the Remote Desktop and connect directly to the public IP. I feel this is a security risk. What is the groups opinion and what do you think is a good work around or ways to at least reduce the security problems? Bob Fronk This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Davis H. Elliot Company . Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~