Re: One application, different users - security
The company hosts a TS with a proprietary application for a remote customer.
The TS is not part of the same workgroup so they do not see the LAN and they
have no need to access the LAN.
The TS has its own public IP and 1-to-1 NAT.
Thanks,
"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message
news:OZ6F$hX%23IHA.4816@TK2MSFTNGP06.phx.gbl...
> Unless you go 3rd party products, imo, your better off going a server per
> customer. Make sure you at leat go Win2k8 and use the TSGateway so that
> you can use 1 IP addresss and not expose the internal network.
>
> I'm curious how do they control access to their internal servers? Do they
> really create an account for a new user on every file server just to grant
> access? moving to a domain is a very simple and straight forward process
> and would, if dont correctly, have no real impact on the end users.
>
> --
> Jeff Pitsch
> Microsoft MVP - Terminal Services
>
> "r042wal" <rob@wiztalknospam.ca> wrote in message
> news:%23ClRYLW%23IHA.5056@TK2MSFTNGP06.phx.gbl...
>> Thanks for the quick reply Jeff. As it turns out, the Terminal Server is
>> part of a workgroup so that puts a damper on Group Policies. The company
>> has several internal file servers, a DNS server, and a public Web hosting
>> server. In addition, there are about 15 workstations on the LAN. If we
>> were to set one of the servers up as a DC, there would be quite a bit of
>> labor involved to essentially install a new network.
>>
>> The customer is new so I don't want to go in there at the very beginning
>> of our business relatioship and crucify him with big labout charges. He
>> is well aware that he can buy a Dell server off lease and set up a second
>> terminal server. In a workgroup, under the circumstances, would a second
>> server be the best route? We have a large pool of public IP addresses.
>>
>> Thanks,
>>
>>
>>
>>
>> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message
>> news:O9uD%23iV%23IHA.5056@TK2MSFTNGP06.phx.gbl...
>>> Yes it can BUT (bit but here) you, as the administrator, will be earning
>>> your keep. In other words, you'll have to work for this. TS and
>>> Windows are quite capable of doing this but you will have to use Group
>>> Policy, NTFS permissions, share permissions, that type of thing. You
>>> will have to customize those for each company. the hard part will be
>>> locking down the NTFS permissions on the file system.
>>>
>>> In the end, it can definitely be done.
>>>
>>> --
>>> Jeff Pitsch
>>> Microsoft MVP - Terminal Services
>>>
>>> "r042wal" <rob@wiztalknospam.ca> wrote in message
>>> news:%23YrVSOV%23IHA.544@TK2MSFTNGP03.phx.gbl...
>>>> Is it possible to host an application on a Terminal Server and have
>>>> different users from different companies connect to the application and
>>>> yet maintain security? I would like to have different profiles /
>>>> desktops for the different companies that log on. Also, I would not
>>>> want users to have access to the files and folders.
>>>>
>>>> Can all this be done inside TS?
>>>>
>>>> Thanks
>>>
>>>
>>
>
>