RE: Terminal Services question

2009-07-02 Thread Ben Schorr
url.com/5m3f5q -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, July 02, 2009 4:56 AM To: NT System Admin Issues Subject: Re: Terminal Services question On Wed, Jul 1, 2009 at 5:27 PM, Lee Douglas wrote: > I learned long ago that it may be satisfying to s

RE: Terminal Services question

2009-07-02 Thread Steven M. Caesare
ShamWOW! -sc -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, July 02, 2009 11:51 PM To: NT System Admin Issues Subject: Re: Terminal Services question On Thu, Jul 2, 2009 at 7:07 PM, Steven M. Caesare wrote: >> Shookie-pooh. > > But not

Re: Terminal Services question

2009-07-02 Thread Ben Scott
On Thu, Jul 2, 2009 at 7:07 PM, Steven M. Caesare wrote: >> Shookie-pooh. > > But not of other poo? Shampoo? ;) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ ~

RE: Terminal Services question

2009-07-02 Thread Steven M. Caesare
But not of other poo? Gross. -sc -Original Message- From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, July 02, 2009 6:14 PM To: NT System Admin Issues Subject: RE: Terminal Services question Shookie-pooh. From: Webster

RE: Terminal Services question

2009-07-02 Thread Michael B. Smith
Shookie-pooh. From: Webster [carlwebs...@gmail.com] Sent: Thursday, July 02, 2009 5:50 PM To: NT System Admin Issues Subject: RE: Terminal Services question > -Original Message- > From: Michael B. Smith [mailto:mich...@owa.smithcons.com] >

RE: Terminal Services question

2009-07-02 Thread Webster
> -Original Message- > From: Michael B. Smith [mailto:mich...@owa.smithcons.com] > Subject: RE: Terminal Services question > > ... i'm afraid. Afraid of what? Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbel

RE: Terminal Services question

2009-07-02 Thread Michael B. Smith
009 5:28 PM To: NT System Admin Issues Subject: Re: Terminal Services question On Thu, Jul 2, 2009 at 3:54 PM, Michael B. Smith wrote: > RDP in Vista (and above) and Server 2008 (and above) provide the capability of > TLS-encrypting the RDP sessions - built in. That's not what I was

Re: Terminal Services question

2009-07-02 Thread Ben Scott
On Thu, Jul 2, 2009 at 3:54 PM, Michael B. Smith wrote: > RDP in Vista (and above) and Server 2008 (and above) provide the capability of > TLS-encrypting the RDP sessions - built in. That's not what I was talking about. I was talking about strong authentication of the *client* -- in other words

RE: Terminal Services question

2009-07-02 Thread Michael B. Smith
And you've now re-invented Remote Web Workplace, available in SBS 2003 and EBS/SBS 2008... From: mikeMitchell [its.m...@analogy.ca] Sent: Wednesday, July 01, 2009 2:34 PM To: NT System Admin Issues Subject: RE: Terminal Services question I set up

RE: Terminal Services question

2009-07-02 Thread Michael B. Smith
01, 2009 4:52 PM To: NT System Admin Issues Subject: Re: Terminal Services question On Wed, Jul 1, 2009 at 2:18 PM, Erik Goldoff wrote: > Wow ! I disagree completely ... Opening up VPNs to home users' privately > owned equipment, with questionable security/infection status seems MUCH m

Re: Terminal Services question

2009-07-02 Thread Ben Scott
On Wed, Jul 1, 2009 at 5:27 PM, Lee Douglas wrote: > I learned long ago that it may be satisfying to say "I told you so", > but when they come to get you they don't care what the memo said. Ain't that the truth. IT: "Don't touch the stove. Don't touch the stove! DON'T TOUCH THE STOVE!" PHB:

RE: Terminal Services question

2009-07-01 Thread Erik Goldoff
inal Services question You're allowed to kick and scream along the way, though, right? Joe Heaton Employment Training Panel -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, July 01, 2009 1:55 PM To: NT System Admin Issues Subject: RE: Terminal Services

Re: Terminal Services question

2009-07-01 Thread Lee Douglas
nity to be happier elsewhere > > > > Erik Goldoff > IT  Consultant > Systems, Networks, & Security > > > -Original Message- > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: Wednesday, July 01, 2009 5:08 PM > To: NT System Admin Issues > Subje

RE: Terminal Services question

2009-07-01 Thread Ben Schorr
- The Lawyer's Guide to Microsoft Outlook 2007: http://tinyurl.com/5m3f5q -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, July 01, 2009 9:59 AM To: NT System Admin Issues Subject: RE: Terminal Services question I agree with you here ... I

RE: Terminal Services question

2009-07-01 Thread Charlie Kaiser
, 2009 2:08 PM > To: NT System Admin Issues > Subject: RE: Terminal Services question > > You're allowed to kick and scream along the way, though, right? > > Joe Heaton > Employment Training Panel ~ Finally, powerful endpoint security that ISN'T a resource hog!

RE: Terminal Services question

2009-07-01 Thread Joe Heaton
You're allowed to kick and scream along the way, though, right? Joe Heaton Employment Training Panel -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, July 01, 2009 1:55 PM To: NT System Admin Issues Subject: RE: Terminal Services question Yep,

RE: Terminal Services question

2009-07-01 Thread Charlie Kaiser
ingman, AZ *** > -Original Message- > From: Erik Goldoff [mailto:egold...@gmail.com] > Sent: Wednesday, July 01, 2009 12:55 PM > To: NT System Admin Issues > Subject: RE: Terminal Services question > > privately owned equipment is a presumption on my part based on &#

RE: Terminal Services question

2009-07-01 Thread Erik Goldoff
works, & Security -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 01, 2009 4:29 PM To: NT System Admin Issues Subject: RE: Terminal Services question For me it's the opposite. I only allow approved machines/users to get remote acce

Re: Terminal Services question

2009-07-01 Thread Ben Scott
On Wed, Jul 1, 2009 at 2:18 PM, Erik Goldoff wrote: > Wow ! I disagree completely ... Opening up VPNs to home users' privately > owned equipment, with questionable security/infection status seems MUCH more > risky than opening RDP ports on the firewall ... Use a firewall. You've heard of firewa

RE: Terminal Services question

2009-07-01 Thread Erik Goldoff
ems, Networks, & Security -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 01, 2009 2:44 PM To: NT System Admin Issues Subject: RE: Terminal Services question Of course, Passw0rd! Is a strong password by MS standards, too. Take a guess h

RE: Terminal Services question

2009-07-01 Thread Erik Goldoff
sultant Systems, Networks, & Security -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 01, 2009 2:41 PM To: NT System Admin Issues Subject: RE: Terminal Services question Who said anything about privately owned equipment? :-) Plus, all

RE: Terminal Services question

2009-07-01 Thread Steven M. Caesare
Ah man��� that was funny too. -sc From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, July 01, 2009 3:11 PM To: NT System Admin Issues Subject: RE: Terminal Services question I like alt chars. You just cant beat__ for a password. -sc > -Origi

RE: Terminal Services question

2009-07-01 Thread Steven M. Caesare
2 hour reset when they've been really bad... > > *** > Charlie Kaiser > charl...@golden-eagle.org > Kingman, AZ > *** > > > -Original Message- > > From: Carl Houseman [mailto:c.house...@gmail.com] > >

RE: Terminal Services question

2009-07-01 Thread Charlie Kaiser
*** > -Original Message- > From: Carl Houseman [mailto:c.house...@gmail.com] > Sent: Wednesday, July 01, 2009 11:49 AM > To: NT System Admin Issues > Subject: RE: Terminal Services question > > Your idea about "MS standards" for password

re: Terminal Services question

2009-07-01 Thread Christopher Bodnar
I think the combination of a TS farm with TS Web Access and the TS Gateway in 2008 is a great option. You can add TSCAPs and TSRAPs to further refine who can connect and what they can connect to. It's definitely not as full featured as Citrix, but it's amazing what it can do out of the box. YM

RE: Terminal Services question

2009-07-01 Thread Carl Houseman
sday, July 01, 2009 2:44 PM To: NT System Admin Issues Subject: RE: Terminal Services question Of course, Passw0rd! Is a strong password by MS standards, too. Take a guess how long THAT one will take to crack... :-) I don't think strong passwords are enough... Better,

RE: Terminal Services question

2009-07-01 Thread Charlie Kaiser
n, AZ *** > -Original Message- > From: Carl Houseman [mailto:c.house...@gmail.com] > Sent: Wednesday, July 01, 2009 11:38 AM > To: NT System Admin Issues > Subject: RE: Terminal Services question > Your idea allows the entire world to test the password > strength of u

RE: Terminal Services question

2009-07-01 Thread Charlie Kaiser
old...@gmail.com] > Sent: Wednesday, July 01, 2009 11:18 AM > To: NT System Admin Issues > Subject: RE: Terminal Services question > > > Wow ! I disagree completely ... Opening up VPNs to home > users' privately owned equipment, with questionable > security/infect

RE: Terminal Services question

2009-07-01 Thread Carl Houseman
27;s not so bad. Carl -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, July 01, 2009 2:18 PM To: NT System Admin Issues Subject: RE: Terminal Services question Wow ! I disagree completely ... Opening up VPNs to home users' privately owned equipment,

RE: Terminal Services question

2009-07-01 Thread mikeMitchell
. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 01, 2009 11:11 am To: NT System Admin Issues Subject: RE: Terminal Services question Set up a VPN and allow RDP to their desktops. Keep them off the server, unless you want to set up a

RE: Terminal Services question

2009-07-01 Thread Joe Heaton
Well, the powers that be have decided to pursue, at least for the time being, a Citrix solution, in order to give the users a full "desktop experience". So now I have to work up a quote for additional servers, additional laptops, additional Citrix licenses, and additional TS licenses. My manager

RE: Terminal Services question

2009-07-01 Thread Erik Goldoff
[mailto:charl...@golden-eagle.org] Sent: Wednesday, July 01, 2009 2:11 PM To: NT System Admin Issues Subject: RE: Terminal Services question Set up a VPN and allow RDP to their desktops. Keep them off the server, unless you want to set up a dedicated TS for client access. While you can allow R

RE: Terminal Services question

2009-07-01 Thread Charlie Kaiser
Set up a VPN and allow RDP to their desktops. Keep them off the server, unless you want to set up a dedicated TS for client access. While you can allow RDP through your firewall, you're opening up some pretty big holes for people to bang on if you do. You can lock down specific ports/IPs to your u

RE: Terminal Services question

2009-07-01 Thread Steven M. Caesare
Technically, yes, that's about all there is to it, provided your FW is allowing the connections (port 3389). The gateway in Win2K8 will let you SSL secure a single open port on your FW and broker backend connections if that's of interest to you. Licensing, as you noted, will be an issue. As wil

RE: Terminal Services question

2009-07-01 Thread Erik Goldoff
well, MSTSC *does* give them a Desktop on the terminal server, but only with the permissions of their domain user account, not automatically a server admin ... I don't know what kind of firewall you use so I don't know the capability, but you may also want to consider port forwarding from the pub

RE: Terminal Services question

2009-07-01 Thread lists
Comments embedded... From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Wednesday, July 01, 2009 12:09 PM To: NT System Admin Issues Subject: Terminal Services question I need a nuts and bolts answer, which I could probably get through research, but I'm getting kind of burnt out at the mom

RE: Terminal Services question

2009-07-01 Thread Carl Houseman
Everyone who uses a terminal server connection is "working on the server". That's the nature of the beast. Obviously, common everyday users should not be local admins on the TS. Companies that rely on terminal servers use dedicated servers for that job. You don't just enable TS on one of your