Jump to content

One application, different users - security

Guest r042wal

By Guest r042wal
in Windows NT Server

 Share

Recommended Posts

Guest r042wal

Guest r042wal

Posted
Posted

Is it possible to host an application on a Terminal Server and have

different users from different companies connect to the application and yet

maintain security? I would like to have different profiles / desktops for

the different companies that log on. Also, I would not want users to have

access to the files and folders.

 

Can all this be done inside TS?

 

Thanks

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: One application, different users - security

 

Yes it can BUT (bit but here) you, as the administrator, will be earning

your keep. In other words, you'll have to work for this. TS and Windows

are quite capable of doing this but you will have to use Group Policy, NTFS

permissions, share permissions, that type of thing. You will have to

customize those for each company. the hard part will be locking down the

NTFS permissions on the file system.

 

In the end, it can definitely be done.

 

--

Jeff Pitsch

Microsoft MVP - Terminal Services

 

"r042wal" <rob@wiztalknospam.ca> wrote in message

news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl...

> Is it possible to host an application on a Terminal Server and have

> different users from different companies connect to the application and

> yet maintain security? I would like to have different profiles / desktops

> for the different companies that log on. Also, I would not want users to

> have access to the files and folders.

>

> Can all this be done inside TS?

>

> Thanks

Guest r042wal

Guest r042wal

Posted
Posted

Re: One application, different users - security

 

Thanks for the quick reply Jeff. As it turns out, the Terminal Server is

part of a workgroup so that puts a damper on Group Policies. The company

has several internal file servers, a DNS server, and a public Web hosting

server. In addition, there are about 15 workstations on the LAN. If we

were to set one of the servers up as a DC, there would be quite a bit of

labor involved to essentially install a new network.

 

The customer is new so I don't want to go in there at the very beginning of

our business relatioship and crucify him with big labout charges. He is

well aware that he can buy a Dell server off lease and set up a second

terminal server. In a workgroup, under the circumstances, would a second

server be the best route? We have a large pool of public IP addresses.

 

Thanks,

 

 

 

 

"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message

news:O9uD%23iV%23IHA.5056@TK2MSFTNGP06.phx.gbl...

> Yes it can BUT (bit but here) you, as the administrator, will be earning

> your keep. In other words, you'll have to work for this. TS and Windows

> are quite capable of doing this but you will have to use Group Policy,

> NTFS permissions, share permissions, that type of thing. You will have to

> customize those for each company. the hard part will be locking down the

> NTFS permissions on the file system.

>

> In the end, it can definitely be done.

>

> --

> Jeff Pitsch

> Microsoft MVP - Terminal Services

>

> "r042wal" <rob@wiztalknospam.ca> wrote in message

> news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl...

>> Is it possible to host an application on a Terminal Server and have

>> different users from different companies connect to the application and

>> yet maintain security? I would like to have different profiles /

>> desktops for the different companies that log on. Also, I would not want

>> users to have access to the files and folders.

>>

>> Can all this be done inside TS?

>>

>> Thanks

>

>

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: One application, different users - security

 

Unless you go 3rd party products, imo, your better off going a server per

customer. Make sure you at leat go Win2k8 and use the TSGateway so that you

can use 1 IP addresss and not expose the internal network.

 

I'm curious how do they control access to their internal servers? Do they

really create an account for a new user on every file server just to grant

access? moving to a domain is a very simple and straight forward process

and would, if dont correctly, have no real impact on the end users.

 

--

Jeff Pitsch

Microsoft MVP - Terminal Services

 

"r042wal" <rob@wiztalknospam.ca> wrote in message

news:%23ClRYLW%23IHA.5056@TK2MSFTNGP06.phx.gbl...

> Thanks for the quick reply Jeff. As it turns out, the Terminal Server is

> part of a workgroup so that puts a damper on Group Policies. The company

> has several internal file servers, a DNS server, and a public Web hosting

> server. In addition, there are about 15 workstations on the LAN. If we

> were to set one of the servers up as a DC, there would be quite a bit of

> labor involved to essentially install a new network.

>

> The customer is new so I don't want to go in there at the very beginning

> of our business relatioship and crucify him with big labout charges. He

> is well aware that he can buy a Dell server off lease and set up a second

> terminal server. In a workgroup, under the circumstances, would a second

> server be the best route? We have a large pool of public IP addresses.

>

> Thanks,

>

>

>

>

> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message

> news:O9uD%23iV%23IHA.5056@TK2MSFTNGP06.phx.gbl...

>> Yes it can BUT (bit but here) you, as the administrator, will be earning

>> your keep. In other words, you'll have to work for this. TS and Windows

>> are quite capable of doing this but you will have to use Group Policy,

>> NTFS permissions, share permissions, that type of thing. You will have

>> to customize those for each company. the hard part will be locking down

>> the NTFS permissions on the file system.

>>

>> In the end, it can definitely be done.

>>

>> --

>> Jeff Pitsch

>> Microsoft MVP - Terminal Services

>>

>> "r042wal" <rob@wiztalknospam.ca> wrote in message

>> news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl...

>>> Is it possible to host an application on a Terminal Server and have

>>> different users from different companies connect to the application and

>>> yet maintain security? I would like to have different profiles /

>>> desktops for the different companies that log on. Also, I would not

>>> want users to have access to the files and folders.

>>>

>>> Can all this be done inside TS?

>>>

>>> Thanks

>>

>>

>

Guest r042wal

Guest r042wal

Posted
Posted

Re: One application, different users - security

 

The company hosts a TS with a proprietary application for a remote customer.

The TS is not part of the same workgroup so they do not see the LAN and they

have no need to access the LAN.

 

The TS has its own public IP and 1-to-1 NAT.

 

Thanks,

 

"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message

news:OZ6F$hX%23IHA.4816@TK2MSFTNGP06.phx.gbl...

> Unless you go 3rd party products, imo, your better off going a server per

> customer. Make sure you at leat go Win2k8 and use the TSGateway so that

> you can use 1 IP addresss and not expose the internal network.

>

> I'm curious how do they control access to their internal servers? Do they

> really create an account for a new user on every file server just to grant

> access? moving to a domain is a very simple and straight forward process

> and would, if dont correctly, have no real impact on the end users.

>

> --

> Jeff Pitsch

> Microsoft MVP - Terminal Services

>

> "r042wal" <rob@wiztalknospam.ca> wrote in message

> news:%23ClRYLW%23IHA.5056@TK2MSFTNGP06.phx.gbl...

>> Thanks for the quick reply Jeff. As it turns out, the Terminal Server is

>> part of a workgroup so that puts a damper on Group Policies. The company

>> has several internal file servers, a DNS server, and a public Web hosting

>> server. In addition, there are about 15 workstations on the LAN. If we

>> were to set one of the servers up as a DC, there would be quite a bit of

>> labor involved to essentially install a new network.

>>

>> The customer is new so I don't want to go in there at the very beginning

>> of our business relatioship and crucify him with big labout charges. He

>> is well aware that he can buy a Dell server off lease and set up a second

>> terminal server. In a workgroup, under the circumstances, would a second

>> server be the best route? We have a large pool of public IP addresses.

>>

>> Thanks,

>>

>>

>>

>>

>> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message

>> news:O9uD%23iV%23IHA.5056@TK2MSFTNGP06.phx.gbl...

>>> Yes it can BUT (bit but here) you, as the administrator, will be earning

>>> your keep. In other words, you'll have to work for this. TS and

>>> Windows are quite capable of doing this but you will have to use Group

>>> Policy, NTFS permissions, share permissions, that type of thing. You

>>> will have to customize those for each company. the hard part will be

>>> locking down the NTFS permissions on the file system.

>>>

>>> In the end, it can definitely be done.

>>>

>>> --

>>> Jeff Pitsch

>>> Microsoft MVP - Terminal Services

>>>

>>> "r042wal" <rob@wiztalknospam.ca> wrote in message

>>> news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl...

>>>> Is it possible to host an application on a Terminal Server and have

>>>> different users from different companies connect to the application and

>>>> yet maintain security? I would like to have different profiles /

>>>> desktops for the different companies that log on. Also, I would not

>>>> want users to have access to the files and folders.

>>>>

>>>> Can all this be done inside TS?

>>>>

>>>> Thanks

>>>

>>>

>>

>

>

 Share
Go to topic listing
×
×
  • Create New...