Announcement

Collapse
No announcement yet.

Restricting admin account on TS 2000

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restricting admin account on TS 2000

    Hi everybody

    I am pretty noob in the world of Windows. My current problem is the Terminal Server 2000. It needs to run cos a lot of employees in my company work from home. However, I found recently in the log files a lot of failed entries for administrator account. This inidicates that somebody was trying to bruteforce admin's account/password. I as the admin, actually never use TS. So how can I restrict domain admin and local admin from login on the TS???

    Greets

    RS

  • #2
    Re: Restricting admin account on TS 2000

    First, it's a good practice to rename the administrator account to something else. This by itself will almost eliminate the ability to brute force the admin account.

    I believe this exists in Windows 2000...
    Check the security policy for the machine in question start->run->secpol.msc or group policy if you use one. Remove the admin account from the "Allow log on through Terminal Services" gpo.
    Last edited by ahinson; 31st July 2007, 22:28.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Restricting admin account on TS 2000

      Thanks for the quick response. I reckon renaming the admin account would be a bad idea in my case (there are some legacy dependencies on the admin account).

      However the second option sounds like a plan. Can you be a bit more specific? Please?

      RS

      Comment


      • #4
        Re: Restricting admin account on TS 2000

        Originally posted by RoughStuff View Post
        Thanks for the quick response. I reckon renaming the admin account would be a bad idea in my case (there are some legacy dependencies on the admin account).

        However the second option sounds like a plan. Can you be a bit more specific? Please?

        RS
        If you need more help follow the link.

        Originally posted by Technet
        http://technet2.microsoft.com/window....mspx?mfr=true
        Deny log on through Terminal Services
        Updated: January 21, 2005


        Deny log on through Terminal Services
        Description
        This security setting determines which users and groups are prohibited from logging on as a Terminal Services client.

        Default: None.

        Configuring this security setting
        You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

        For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.

        Important

        This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment

        Working...
        X