Guest r042wal Posted August 8, 2008 Posted August 8, 2008 Is it possible to host an application on a Terminal Server and have different users from different companies connect to the application and yet maintain security? I would like to have different profiles / desktops for the different companies that log on. Also, I would not want users to have access to the files and folders. Can all this be done inside TS? Thanks
Guest Jeff Pitsch Posted August 8, 2008 Posted August 8, 2008 Re: One application, different users - security Yes it can BUT (bit but here) you, as the administrator, will be earning your keep. In other words, you'll have to work for this. TS and Windows are quite capable of doing this but you will have to use Group Policy, NTFS permissions, share permissions, that type of thing. You will have to customize those for each company. the hard part will be locking down the NTFS permissions on the file system. In the end, it can definitely be done. -- Jeff Pitsch Microsoft MVP - Terminal Services "r042wal" <rob@wiztalknospam.ca> wrote in message news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl... > Is it possible to host an application on a Terminal Server and have > different users from different companies connect to the application and > yet maintain security? I would like to have different profiles / desktops > for the different companies that log on. Also, I would not want users to > have access to the files and folders. > > Can all this be done inside TS? > > Thanks
Guest r042wal Posted August 8, 2008 Posted August 8, 2008 Re: One application, different users - security Thanks for the quick reply Jeff. As it turns out, the Terminal Server is part of a workgroup so that puts a damper on Group Policies. The company has several internal file servers, a DNS server, and a public Web hosting server. In addition, there are about 15 workstations on the LAN. If we were to set one of the servers up as a DC, there would be quite a bit of labor involved to essentially install a new network. The customer is new so I don't want to go in there at the very beginning of our business relatioship and crucify him with big labout charges. He is well aware that he can buy a Dell server off lease and set up a second terminal server. In a workgroup, under the circumstances, would a second server be the best route? We have a large pool of public IP addresses. Thanks, "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message news:O9uD%23iV%23IHA.5056@TK2MSFTNGP06.phx.gbl... > Yes it can BUT (bit but here) you, as the administrator, will be earning > your keep. In other words, you'll have to work for this. TS and Windows > are quite capable of doing this but you will have to use Group Policy, > NTFS permissions, share permissions, that type of thing. You will have to > customize those for each company. the hard part will be locking down the > NTFS permissions on the file system. > > In the end, it can definitely be done. > > -- > Jeff Pitsch > Microsoft MVP - Terminal Services > > "r042wal" <rob@wiztalknospam.ca> wrote in message > news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl... >> Is it possible to host an application on a Terminal Server and have >> different users from different companies connect to the application and >> yet maintain security? I would like to have different profiles / >> desktops for the different companies that log on. Also, I would not want >> users to have access to the files and folders. >> >> Can all this be done inside TS? >> >> Thanks > >
Guest Jeff Pitsch Posted August 8, 2008 Posted August 8, 2008 Re: One application, different users - security Unless you go 3rd party products, imo, your better off going a server per customer. Make sure you at leat go Win2k8 and use the TSGateway so that you can use 1 IP addresss and not expose the internal network. I'm curious how do they control access to their internal servers? Do they really create an account for a new user on every file server just to grant access? moving to a domain is a very simple and straight forward process and would, if dont correctly, have no real impact on the end users. -- Jeff Pitsch Microsoft MVP - Terminal Services "r042wal" <rob@wiztalknospam.ca> wrote in message news:%23ClRYLW%23IHA.5056@TK2MSFTNGP06.phx.gbl... > Thanks for the quick reply Jeff. As it turns out, the Terminal Server is > part of a workgroup so that puts a damper on Group Policies. The company > has several internal file servers, a DNS server, and a public Web hosting > server. In addition, there are about 15 workstations on the LAN. If we > were to set one of the servers up as a DC, there would be quite a bit of > labor involved to essentially install a new network. > > The customer is new so I don't want to go in there at the very beginning > of our business relatioship and crucify him with big labout charges. He > is well aware that he can buy a Dell server off lease and set up a second > terminal server. In a workgroup, under the circumstances, would a second > server be the best route? We have a large pool of public IP addresses. > > Thanks, > > > > > "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message > news:O9uD%23iV%23IHA.5056@TK2MSFTNGP06.phx.gbl... >> Yes it can BUT (bit but here) you, as the administrator, will be earning >> your keep. In other words, you'll have to work for this. TS and Windows >> are quite capable of doing this but you will have to use Group Policy, >> NTFS permissions, share permissions, that type of thing. You will have >> to customize those for each company. the hard part will be locking down >> the NTFS permissions on the file system. >> >> In the end, it can definitely be done. >> >> -- >> Jeff Pitsch >> Microsoft MVP - Terminal Services >> >> "r042wal" <rob@wiztalknospam.ca> wrote in message >> news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl... >>> Is it possible to host an application on a Terminal Server and have >>> different users from different companies connect to the application and >>> yet maintain security? I would like to have different profiles / >>> desktops for the different companies that log on. Also, I would not >>> want users to have access to the files and folders. >>> >>> Can all this be done inside TS? >>> >>> Thanks >> >> >
Guest r042wal Posted August 8, 2008 Posted August 8, 2008 Re: One application, different users - security The company hosts a TS with a proprietary application for a remote customer. The TS is not part of the same workgroup so they do not see the LAN and they have no need to access the LAN. The TS has its own public IP and 1-to-1 NAT. Thanks, "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message news:OZ6F$hX%23IHA.4816@TK2MSFTNGP06.phx.gbl... > Unless you go 3rd party products, imo, your better off going a server per > customer. Make sure you at leat go Win2k8 and use the TSGateway so that > you can use 1 IP addresss and not expose the internal network. > > I'm curious how do they control access to their internal servers? Do they > really create an account for a new user on every file server just to grant > access? moving to a domain is a very simple and straight forward process > and would, if dont correctly, have no real impact on the end users. > > -- > Jeff Pitsch > Microsoft MVP - Terminal Services > > "r042wal" <rob@wiztalknospam.ca> wrote in message > news:%23ClRYLW%23IHA.5056@TK2MSFTNGP06.phx.gbl... >> Thanks for the quick reply Jeff. As it turns out, the Terminal Server is >> part of a workgroup so that puts a damper on Group Policies. The company >> has several internal file servers, a DNS server, and a public Web hosting >> server. In addition, there are about 15 workstations on the LAN. If we >> were to set one of the servers up as a DC, there would be quite a bit of >> labor involved to essentially install a new network. >> >> The customer is new so I don't want to go in there at the very beginning >> of our business relatioship and crucify him with big labout charges. He >> is well aware that he can buy a Dell server off lease and set up a second >> terminal server. In a workgroup, under the circumstances, would a second >> server be the best route? We have a large pool of public IP addresses. >> >> Thanks, >> >> >> >> >> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message >> news:O9uD%23iV%23IHA.5056@TK2MSFTNGP06.phx.gbl... >>> Yes it can BUT (bit but here) you, as the administrator, will be earning >>> your keep. In other words, you'll have to work for this. TS and >>> Windows are quite capable of doing this but you will have to use Group >>> Policy, NTFS permissions, share permissions, that type of thing. You >>> will have to customize those for each company. the hard part will be >>> locking down the NTFS permissions on the file system. >>> >>> In the end, it can definitely be done. >>> >>> -- >>> Jeff Pitsch >>> Microsoft MVP - Terminal Services >>> >>> "r042wal" <rob@wiztalknospam.ca> wrote in message >>> news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl... >>>> Is it possible to host an application on a Terminal Server and have >>>> different users from different companies connect to the application and >>>> yet maintain security? I would like to have different profiles / >>>> desktops for the different companies that log on. Also, I would not >>>> want users to have access to the files and folders. >>>> >>>> Can all this be done inside TS? >>>> >>>> Thanks >>> >>> >> > >
Recommended Posts