Where do you run terminal services?
By Roberta Bragg
You probably haven't thought about this tip, excerpted from Windows 2000 Security, by Roberta Bragg, published by New Riders.
Terminal services can be enabled on Windows 2000 servers that play any role, but you should not enable application sharing on Windows 2000 domain controllers. To allow access to applications running on Terminal Servers, users much have the right to log on locally, even though they are accessing the server across the network. The right to log on locally, though given for accessing Terminal Server-hosted applications, does give them the capability to sit at the Terminal Server and log on interactively. Don't give them the right to log on locally to your domain controller.
Windows 2000 Security
Author : Roberta Bragg
Publisher : New Riders
ISBN/CODE : 0735709912
Cover Type : Soft Cover
Pages : 500
Published : Oct. 2000
Windows 2000 Security is the only source you need to create and implement security strategies for Windows 2000 systems and networks. With detailed information on security issues, you?ll have the knowledge, tools, standards and guidance you need to secure your OS, LAN, Server, remote access and Web connections. After reading this book, you will come away with the "how," "why" and "when" of Windows 2000 security features, and know how to take advantage of them.