Tuesday 12 June 2007

SBS 2K3 - RWW & Terminal Server Publishing

Once a Terminal Server is installed and configured on the SBS network, external access to the TS desktop is served via Remote Web Workplace:

Once the user clicks on "Connect to my company's application-sharing server" the user will be redirected to the TS desktop's logon screen via a TSWeb session.

Proxy for the session is handled in the same way as a Remote Desktop session to Windows XP Pro or Vista Business via port 4125.

A few years back with the advent of TSHammer TSGrinder, one should never expose a Terminal Server listener to the Internet. It does not matter what port either, whether 3389, or somewhere in the 10K+ range. TSHammer TSGrinder was adept at snooping TS listeners and subsequently hitting them with dictionary attacks.

With the advent of RDP version 6 and the restructuring of TS authentication, we may see a change in our ability to expose Terminal Services to the Internet.

These changes might explain why TSHammer TSGrinder is harder to find in Internet searches.

UPDATE 2008-10-07: TSHammer could not be found because the old gray matter had clouded over the name! It is TSGrinder.

Philip Elder
Microsoft Small Business Specialists

No comments: