TS access in administrative mode is actually governed by ACLs which you can adjust in the TS configuration snap-in, and via group policy.
The security of the solution is better than the VNC solution, as the TS solution will only let you log in as yourself, and only grant access to disconnected desktops that you have permission to see (ie they're from your account). "Administrative" vs "application" - the major differences here is simply the way licensing works. Administrative mode does not install a license service and only allows 2 remote connections, and "application" mode installs the TS license service and allows as many connections as you have licenses for. To go to a Citrix style Program Neighborhood, where remote applications are displayed locally on the user's desktop, you have to go to Citrix. TS only does full screen access. This is okay as rdesktop doesn't support Citrix ICA connections anyway. Your second solution would also work. Andrew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Ossmann Sent: Thursday, 21 March 2002 4:42 AM To: [EMAIL PROTECTED] Subject: Re: Restricting access [snip] Doesn't Administration mode restrict access to users in an administrative group? Wouldn't it be just as insecure if everyone was an administrator? [snip] Another option would be to use some sort of gateway system. If VNC access is restricted to a particular Linux box, then you could run vncviewer fullscreen inside Xvnc -nevershared and have your users connect to that. Other convoluted possibilities abound. --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
