Terminal services

I want to use TS to remotely admin the server, what port
does TS use so as I can set my router to forward to that
port?

Paul
Wed May 19 08:52:31 CDT 2004

This is a multi-part message in MIME format.

------=_NextPart_000_0032_01C43DF8.28B74660
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

3389 tcp
"Kevin" <anonymous@discussions.microsoft.com> wrote in message =
news:f31201c43d9f$abd6c510$a001280a@phx.gbl...
I want to use TS to remotely admin the server, what port=20
does TS use so as I can set my router to forward to that=20
port?
------=_NextPart_000_0032_01C43DF8.28B74660
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial>3389 tcp</FONT></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Kevin" &lt;<A=20
=
href=3D"mailto:anonymous@discussions.microsoft.com">anonymous@discussions=
.microsoft.com</A>&gt;=20
wrote in message <A=20
=
href=3D"news:f31201c43d9f$abd6c510$a001280a@phx.gbl">news:f31201c43d9f$ab=
d6c510$a001280a@phx.gbl</A>...</DIV>I=20
want to use TS to remotely admin the server, what port <BR>does TS use =
so as I=20
can set my router to forward to that =
<BR>port?</BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0032_01C43DF8.28B74660--

Steve
Wed May 19 09:00:28 CDT 2004

Kevin wrote:

> I want to use TS to remotely admin the server, what port
> does TS use so as I can set my router to forward to that
> port?

TCP/3389.

Note that it's usually a good to set up VPN and then use TS over VPN
rather than directly. This has the added advantage that you can access
any LAN resources, not just the server.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

Mark
Wed May 19 20:23:31 CDT 2004

STeve, no, you DON'T need a VPN to add security to TS.....it will only
REDUCE it. TS should be setup with high encryption for 128 bit encryption.
He is using it for admin purposes, and shouldn't need access to LAN
resources. While he is an admin, he maybe accessing it from his family
computer and putting a PC on a company LAN like that is LESS secure than
SBC.

--
Sincerely,
Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000
www.MCSE2000.com
www.AppLauncher.com



"Steve Foster [SBS MVP]" <steve.foster@picamar.co.uk> wrote in message
news:xn0diglqj3xutb801e@msnews.microsoft.com...
> Kevin wrote:
>
> > I want to use TS to remotely admin the server, what port
> > does TS use so as I can set my router to forward to that
> > port?
>
> TCP/3389.
>
> Note that it's usually a good to set up VPN and then use TS over VPN
> rather than directly. This has the added advantage that you can access
> any LAN resources, not just the server.
>
> --
> Steve Foster [SBS MVP]
> ---------------------------------------
> MVPs do not work for Microsoft. Please reply only to the newsgroups.

Steve
Wed May 19 20:36:28 CDT 2004

Mark Mancini wrote:

> STeve, no, you DON'T need a VPN to add security to TS.....it will only
> REDUCE it. TS should be setup with high encryption for 128 bit
> encryption. He is using it for admin purposes, and shouldn't need
> access to LAN resources. While he is an admin, he maybe accessing it
> from his family computer and putting a PC on a company LAN like that
> is LESS secure than SBC.

The default configuration for a VPN connection is more secure than
direct TS, and offers much more functionality.

The default for TS is to not lock out administrator accounts, no matter
how many attempt to logon, whereas with a VPN it's easy to have a
separate account just for the VPN tunnel.

I know it's possible to make changes to mitigate against these, but
those are not the default settings, and the maximum security with
default settings will come from the use of VPN rather than direct TS.

Who's to say the original poster doesn't need remote access to LAN
resources... When I'm doing remote administrative tasks for my
customers, I often have a need to reach out to the internal network.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

Mark
Thu May 20 21:35:26 CDT 2004

Steve, how could a connection that allows viruses and worms through be MORE
secure than one that doesn't/. SBC is more secure than any VPN.

--
Sincerely,
Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000
www.MCSE2000.com
www.AppLauncher.com



"Steve Foster [SBS MVP]" <steve.foster@picamar.co.uk> wrote in message
news:xn0dihgni4moy1001s@msnews.microsoft.com...
> Mark Mancini wrote:
>
> > STeve, no, you DON'T need a VPN to add security to TS.....it will only
> > REDUCE it. TS should be setup with high encryption for 128 bit
> > encryption. He is using it for admin purposes, and shouldn't need
> > access to LAN resources. While he is an admin, he maybe accessing it
> > from his family computer and putting a PC on a company LAN like that
> > is LESS secure than SBC.
>
> The default configuration for a VPN connection is more secure than
> direct TS, and offers much more functionality.
>
> The default for TS is to not lock out administrator accounts, no matter
> how many attempt to logon, whereas with a VPN it's easy to have a
> separate account just for the VPN tunnel.
>
> I know it's possible to make changes to mitigate against these, but
> those are not the default settings, and the maximum security with
> default settings will come from the use of VPN rather than direct TS.
>
> Who's to say the original poster doesn't need remote access to LAN
> resources... When I'm doing remote administrative tasks for my
> customers, I often have a need to reach out to the internal network.
>
> --
> Steve Foster [SBS MVP]
> ---------------------------------------
> MVPs do not work for Microsoft. Please reply only to the newsgroups.