Mombu the Microsoft Forum sponsored links

Go Back   Mombu the Microsoft Forum > Microsoft > Best Practice Terminal Server User Setup
User Name
Password
REGISTER NOW! Mark Forums Read

sponsored links


Reply
 
1 25th May 05:16
jp
External User
 
Posts: 1
Default Best Practice Terminal Server User Setup


I have a terminal server hosting a web application accessed by 20 thin
clients. Currently, there is only 1 terminal server user account set up.
Whoever connected to the terminal server will be using the same credential
for authenticating to the TS. Users will then be authenticated to the
application by entering their specific name set up at the application level.

The advantage of this set up is simplicity. I don't have to create new user
name for additional thin clients. No matter there are 20, 30 or even 50
terminals, 1 user account on the server can do the job.

The disadvantage I can see so far is mainly the difficulties in managing the
connected clients. You cannot easily identify them as they are all using
the same user name. Even the IP addresses are dynamically assigned. Also, I
realized that when I logged on to the server console using the shared
account, I found that the performance is much slower than when I logged on
as administrator or another non-generic user. I am worrying about some
specific application data being mixed up as well when having one generic
account with multiplie sessions logged on concurrently.

Now I have to decide should I continue to use one generic account for all
terminal users, or create separate one for each terminal. Can some experts
please shed some light?

Cheers,

Joe
  Reply With Quote


  sponsored links


2 25th May 05:16
rick chisholm
External User
 
Posts: 1
Default Best Practice Terminal Server User Setup


that throws security and auditing right out the window.

Rick
  Reply With Quote
3 25th May 05:16
jp
External User
 
Posts: 1
Default Best Practice Terminal Server User Setup


Rick,

Thanks for your opinion. That's why I said I needed advice from experts.
But I cannot agree totally that security would be completely neglected. In
my situation, IE6. would be started automatically when a user connects. I
have locked down the browser completely and force it to run in kiosk mode.
The session will be closed when the browser terminates. Second, the
application will authenticate users when the browser load up the application
page.

In the case of Citrix, it generates a lot of anonymous users.
Administrators still cannot easily determine who is anon001.

Joe
  Reply With Quote
4 25th May 05:17
rick chisholm
External User
 
Posts: 1
Default Best Practice Terminal Server User Setup


yours might be a special case

so you are using TS to serve IE6 to anon users to autheticate via Citrix
web interface to published apps? When autheticating to the published
app are they then using a unique username and secure password?

what are they interfacing to the TS with? I asked b.c. they could run
their browser locally and attached to the published apps that way and
save some CPU cycles.

Rick
  Reply With Quote
5 25th May 05:17
lindsay keith
External User
 
Posts: 1
Default Best Practice Terminal Server User Setup


Do the applications inherit the Windows Account for authenication?

If so then any activity logged int hat application will be logged as one
user - could be problematic if you need to tack user behavoiur metrics in
that application.

Security is non-exisitent. Authentication, Access and Auditing are all
assigned to one user.

New Moon (Tarantella) Canaveral Allows you to easily set up applications and
user accounts. Relativiely Cheap compared to Citrix - less complicated to
manage as administrator. It has built in security model.

Lindsay
  Reply With Quote
Reply


Thread Tools
Display Modes




Copyright 2006 SmartyDevil.com - Dies Mies Jeschet Boenedoesef Douvema Enitemaus -
666