Remote Desktop Connection

by angus10 Apr 11, 2004 4:25PM PDT

Hi.. I'm trying to administer a Win2K server using Remote Desktop Connection from my PC running WinXP. However, I encounter a connection error that tells me that the mosy likely cause of this is that remote connections have not been enabled on the remote computer. So how do I check that Remote connection is enabled in my server?

Thks in advance..

Discussion is locked

Enable Terminal Services on your Windows 2000 Server.

Go to Add/Remove Windows Components in Control Panel, select Terminal Services, then, during the install, select the Remote Management (or similar) option only, not the Application Server (or similar). Otherwise, you'll get into Terminal Server licensing issues. You'll need your Windows 2000 Server CD if you haven't copied \i386 to the system's HDD already.

Once you've installed it, add Terminal Server Configuration to an existing MMC (or create a new one). Open up TSC, click on Connections, and you should see something like "RDP-Tcp". Open that up, click on the Permissions tab, and add accounts if necessary.

Use your Remote Desktop Connection app on your XP machine to connect to the server.

Sure, enabling any new connectivity functionality can introduce new security concerns. It allows a remote user to bypass physical barriers (like a server locked in a room) and get local machine access, which of course any of these RDC apps (TS, VNC, etc.) and a whole slew of other functionalities (telnet/SSH, etc.) will also.

The nice part about enabling Terminal Services on the server is that you can stipulate exactly who can connect to the server via this method by modifying the permitted accounts listed on the Permissions tab. That, of course, if why I included it in my first message. By default, only members of the local Administrators group and System have access, so if he has Everyone as a member of Administrators, he's going to have issues.

Of course, making the connection to the Terminal Server machine only gets you to the logon screen. If the user still has Administrator enabled with a blank password, then, yes, that's going to enable easy access to the system. Of course, had he used VNC or TightVNC (or whatever) to make the connection between server and workstation, the same would be true there too. I know VNC has an option to require a password to complete the connection, but a user can opt to leave that as a null value if they choose too.

As an example, say you had a user in a domain trying to do a RDC to a server running Terminal Services. First, his account would have to be in a group that's permitted to connect remotely to the server. If it was, he then would only get to the logon screen, so he'd be SOL if he didn't have an account that could log on interactively to the machine. For instance, unless he was a Domain Admin, he wouldn't be able to log into a domain controller at all.

Using VNC, on the other hand, to my mind poses more of a security issue because, once you make the connection, you are actually remoted in to the existing session on the machine. For instance, if you're Mark and you want to remote to Sally's computer while she's using that PC, Mark, once he makes the connection, will actually be viewing Sally's desktop whiles she's using it. Terminal Services does not do that.

Remote Desktop Connection

CNET Forums

Other Forums

Forum Info