Computer Performance, Windows 2003 Vista Best Practice

Best Practice Ezine #72 Terminal Services - Industrial Espionage

Best Practice Ezine. Computer Performance. Advertise

Monitor Server

Is your server running slowly?  Check with SolarWinds ipMonitor.

Get your free evaluation copy of ipMonitor here

IPAM Ip Address Tracker

IPAM will assist you in managing IP addresses.

To let you into a secret, this utilities is fun to use, even if you don't have a pressing need to calculate your IP address space.

Get a free evaluation copy of Orion IPAM

Terminal Services for Windows 2003

Last week I introduced concepts for Terminal Services and its thin clients.  Last week I introduced concepts for Terminal Services and its thin clients. This week my challenge is to surprise administrators that are more experienced, by showing them at least one new feature for Terminal Services.  I also have a tale of industrial espionage from Barking Eddie.

A World Within a World

In ezine 71, I spoke of Terminal Service clients each having a compartment on the server.  In this issue, I would like to introduce the idea of Terminal Service occupying a separate world within its Windows Server 2003.  I assume that you have already installed Terminal Services via the Add or Remove Programs interface. Let me elaborate on what to look out for next.

  1. Terminal Services has its own snap-in Administrative tools.  In fact, there are three snap-ins, one each for Configuration, Manager, and Licensing.  The Configuration snap-in has the richest selection of settings.  It's well worth investigating the eight tabs under the RDP-Tcp connection.  In addition don't neglect the Server Settings, my favourite setting is: Restrict each user to one session.
  2. As ever, Microsoft provides two ways of doing configuring.  In the case of configuration most of the RDP-Tcp menus have equivalent Group Policy settings.  There is one set policies for the User and another set for the Machine. 
    Tip: configure the Computer side of Terminal Services Group Policies in preference to the User settings. 
    One policy you definitely need is to prevent ordinary users from seeing a Shut Down button.  You don't want some Psycho user downing the server when they think they are shutting down their client machine.
  3. When you configure accounts in Active Directory Users and Computers look out for a separate Terminal Server tab.  Did you realize that there was a separate users Profile box for Terminal Services?
  4. Did you know that Terminal Services supported a web based Remote Desktop Client, rather like Outlook Web Access (OWA)?  If not then you are in for a pleasant surprise when you type http:// yourTS/tsweb/ in your browser.  (Where yourTS is the name of your Terminal Server.)  All that is required is for you to agree to an install of an ActiveX control on the client machine.

 

If you are looking for handy network utilities, try some of the free downloads at Tools4Ever

 

Barking Eddie - Industrial Espionage Exploiting Terminal Server

Here is abridged version of an industrial espionage story as told by my old friend Barking Eddie (Barking because Eddie comes from Barking Essex).  Techie1 left pharmaceutical company A and joined rival company B.  Eddie said that Techie1 then used his old account to make a Terminal Server connection and so steal company A's product secrets remotely.  TechieNew with Eddie's help, used his Terminal Server skills to investigate this outrageous security breach.

What Eddie found was that several Terminal Server connections had been cut off abruptly, rather than logged off gracefully.  What you see sometimes in Terminal Server Manger is disconnected sessions, where people just close the Remote Desktop session rather than click the Log off button.  Eddie calls them 'trapped users', anyway the Client Name for these 'trapped' or disconnected sessions alerted TechieNew that someone was dialling-in from a rogue machine.  Incidentally, you can control disconnected users via group policies, but in this case, it was just as well they had not configured Group Policies in company A.

Barking Eddie is inclined to exaggerate, nevertheless I suspect that there is a grain of truth in account of what they did next.  Eddie told me once they realized they were being hacked, company A deliberately left documents with false information on their server.  The way Eddie told me, company A wrote reports indicating they had invented a new ingredient for their pharmaceutical product.  In fact, the 'secret' ingredient was nothing more than an emetic mixed with a laxative.

According to Eddie, company B then 'stole' this emetic / laxative ingredient via the Terminal Service connection and incorporated it into their product.  Soon company B's customers complained and the subsequent outcry is rumoured to have put company B out of business.  This part is almost certainly an exaggeration, but it does make a good urban myth.

ˆ

Licensing

I keep trying to avoid talking about Licensing, but people keep asking questions. 

I once tried to get around the License problem by reinstalling the Terminal Server service after about 80 days, I was hoping to get reset the timer and get another 90 / 120 days of temporary licensing.  Wrong, this sneaky move did not work, it seems the temporary licenses are held on the client so reinstalling did not make any difference.  Moreover, I noticed that temporary licenses cause a lot of network traffic.  Every 5 minutes the clients keep sending a packet saying 'got any real licenses yet'.

Licensing of XP clients.  Windows 2000 does not require a CAL for XP whereas Windows Server 2003 does require a CAL even for an XP client.  This is a real shock for those with XP laptops who wish to use Terminal Server sessions when they connect to their various corporate networks.

To give you a clue of how complex Licensing, is Microsoft keep offering me a free place on a two-day course just to explain the ins and outs of Licensing.  Not my cup of tea, but if you want to know more, watch out for such a course.

Free Jokes - Will and Guy's Humour

Each week Will and I add more jokes.  Naturally the Christmas section is popular just now.  If you want a zany idea for an office quiz with a difference - check out Barking Eddie's quiz.  Also free downloads at Xmas Card Downloads.

Barking Eddie's Idea for a Christmas Quiz

Computer Training Software - Recommended Training VideosGuy Thomas recommends Computer Training Software

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

 *

Google

Web  This website

Review of Orion NPMGuy Recommends: Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. A network-centric view make it easy to see what's working, and what needs your attention.

This utility guides you through troubleshooting by indicating whether the root cause is faulty equipment or resource overload.

Download a free trial of the Network Performance Monitor

 

Home Copyright © 1999-2010 Computer Performance LTD All rights reserved

Please report a broken link, or an error.