Not putting terminal server in domain

[Guest Alex]

We have a central domain controller (server 2003). With a separate SQL

server (server 2003 x64) joined to domain.

 

A new appliaction is being installed on the SQL box to be used remotely via

Terminal Services, new server, 8 users.

 

The users of Terminal services cannot have any access to any resource on the

domain controller (Apart from authentication if needed), only the SQL on the

second server.

 

Could the terminal services be configured with Local user accounts and not

joined to the domain? Totally standalone. But authentication issue might

arise accessing the SQL server. don't want to have to duplicate accounts etc.

 

Join the terminal services server to the domain and lockout access to the

domain controller resources, shared folders etc. Can this be done via Group

policy?

 

Any other ideas?

 

Thanks

[Guest Lanwench [MVP - Exchange]]

Re: Not putting terminal server in domain

 

Alex <Alex@discussions.microsoft.com> wrote:

> We have a central domain controller (server 2003). With a separate

> SQL server (server 2003 x64) joined to domain.

>

> A new appliaction is being installed on the SQL box to be used

> remotely via Terminal Services, new server, 8 users.

>

> The users of Terminal services cannot have any access to any resource

> on the domain controller (Apart from authentication if needed), only

> the SQL on the second server.

>

> Could the terminal services be configured with Local user accounts

> and not joined to the domain? Totally standalone. But authentication

> issue might arise accessing the SQL server. don't want to have to

> duplicate accounts etc.

>

> Join the terminal services server to the domain and lockout access to

> the domain controller resources, shared folders etc. Can this be done

> via Group policy?

>

> Any other ideas?

>

> Thanks

 

 

 

You'd be much, much better off joining it to the domain (a member server

only) and making use of your centralized security & group policy.