Subsitute for Terminal Services/ VPC/ Server acces

[Bad boy Warrior]

Am i right in saying if i am on a DC i can only have 2 people login at the same time and they have to be adminsitrators BUT if i wanted a casual mate to login to the server with policies setup (to restrict him to do and what not to do) this can be only done by a terminal services client? I know many of you guys are against casual users accessing the server but i need to know this so i can set it up correctly - also coud this mate login using VPC connection but from his PC with the same restrictions (only for my server not his PC) and have normal access to his PC at the same time? if so coudl you post a link or advise how this is done?

Is there a cheaper Terminal Services client that anyone knows?

Thanks as always

[tguy]

Are you looking for your mate to be able to run applications on or administer the server? If so, Terminal Services is the way to go.

If you are just looking for him/her to be able to connect to the server and logon for say remote control you can use UltraVNC, it is free. Google for it you will find it.

[Bad boy Warrior]

Sos, im confused here - i want my mate to remote control my server in the sense that he can run programs that i specify with the restrictions that i set - TS is too expensive for what im doing so i need something along them lines - hope that makes sense

[JPry565]

Try the web access by installing terminal services web client. Http://yoursite/tsweb

[Bad boy Warrior]

Is there a link you know i can read up on? This way i dont need to bang everyones head in continously

[tarquel]

Try the web access by installing terminal services web client. Http://yoursite/tsweb

I assume you need IIS installed also with that yes? Thought I'd add that two cents there.

Also, its worth mentioning the alternative as tguy said - VNC - search google for UltraVNC (although any of them should do the trick).

http://www.msfn.org/board/index.php?showto...ndpost&p=312447

This post that I made may give you a bit more info on it.

You could then set up a restricted user - allowing/dis-allowing whatever you want then and the VNC connection will allow him/you to remotely connect to the server.

Regards,

N.

[un4given1]

I would strongly recommend AGAINST VNC on a server. That's bad news... The terminal services web interface does not give him more than the 2 licenses that are included, so that's probably not going to work for his purposes. I would really recommend you set up VPN. You can setup your server to accept VPN clients by selecting Server Management and select the TO DO LIST and "Configure Remote Access." Then just simply setup an account for him to use and have him connect from his PC. If you are a little more specific as to what apps you want him to be able to run and such then maybe I can help you out a little more.

[Bad boy Warrior]

Thanks guys for your info. I just want him to be able to

1. copy files etc from my server to his pc

2. run Office, SQL server

3. If possible refrain him from going on the internet.

4. CANNOT browse any other areas of my server

Thanks as always

[tarquel]

@un4given1:

well slap my rear and call me sally lol I don't know why I suggested it lol

You're quite right of course. I forget that my stuff is "very well shielded" at work - and that running vnc isn't going to comprimised by anyone - as noone will ever reach it lol.

Waiting for the county to set up a vpn myself - its taking ages but i guess the best things come to those who wait.

Just make sure tho, that the user in question has a good, protected setup (AV/Firewall/Active Spyware Protection) at home as you dont want viruses and other nasty's/hackers creaping along the VPN connection to your server.

Not having used a vpn connection myself yet, cant say what you can do with it yet, and I cant really go into specifics of how I will be controlling things from home - tho u can probably guess.

I like the idea of tsweb through a vpn. un4given1 - is that a good way of doing things? (for me that is - good old vnc through the vpn is what they suggest lol).

@Bad boy warrior:

I imagine point 3 & 4 could be achieved via GP and/or access right permissions for the user you are going to set up for him.

Regards,

N.

[un4given1]

I like the idea of tsweb through a vpm. un4given1 - is that a good way of doing things? (for me that is - good old vnc through the vpn is what they suggest lol).

<{POST_SNAPBACK}>

Well, it's probably one of the most secure ways you could offer those kind of services. TSWEB does not require you to connect VIA VPN first... although you can pretty much set it up any way you want. Small Business Server offers a Workplace logon for users which is accessible from the net (if you turn it on) It lets you connect to the domain, login to computers, check e-mail through exchange web, and do just about anything.

[Bad boy Warrior]

Men, heres the plot:

Ive created a VPN connection as mentioned above (i also followed advise on this link http://www.pctechnicians.ca/help/singlenic.html). I have forwarded TCP port 1723 and GRE * (i assume * means all GRE protocol ports) and and UDP port 500 with ESP protocol port * to my server - it connects and hangs at the verifying username and password and returns back error 721 - ive searched google and not coming to any resolution. Windows FW is disabled and i have run SCW before (not after creating this connection) but i dont think that is an issue - what do you guys think?

Thanks

edit: actually i think port/ protocol 500 does nothing so ive removed that and event log has thsi error listed a lot of times

Event Type: Warning

Event Source: RemoteAccess

Event Category: None

Event ID: 20171

Date: 06/05/2005

Time: 09:55:55

User: N/A

Computer: *********************

Description:

Failed to apply IP Security on port VPN4-9 because of error: The binding handle is invalid.

. No calls will be accepted to this port.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: a6 06 00 00 ¦...

[Bad boy Warrior]

never mind.....

i did the following:

To add the ProhibitIpSec registry value to your Windows Server 2003, follow these steps:

1. Click Start, click Run, type regedt32, and then click OK.

2. Locate, and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

3. On the Edit menu, click Add Value.

4. In the Value Name box, type ProhibitIpSec.

5. In the Data Type list, click REG_DWORD, and then click OK.

6. In the Data box, type 1, and then click OK.

7. Quit Registry Editor, and then restart your computer.

This stopped that error (20171) but i get a succesful connection reported on the server and tells me this could be a FW issue or ports being blocked - anyone know a tool to check for open/ closed ports?

Thx

[tarquel]

Bad Boy Warrior:

Have a look on www.sysinternals.com for TCPView.

There's alot more useful stuff there too, if that aint what you were after

Small Business Server offers a Workplace logon for users which is accessible from the net (if you turn it on) It lets you connect to the domain, login to computers, check e-mail through exchange web, and do just about anything.

Excellent. So you could quite easily and securely remotely administer most of the server/domain functions from your own home?

Us Network Admin's could work from home more then

Cheers,

N.