Client Settings To configure client settings for Remote Desktop, you need to open the Properties window for specific user accounts.. Figure 8.35: The Remote control tab of the user acc
Trang 11
Figure 8.33: The PortNumber value entry under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServe r\WinStations\RDP-Tcp\PortNumber
2 Now, to access the server using the new setting, type the new port number after the IP address of the computer to which you want to connect If the new port is
8098, and the IP address of the server is 192.168.1.8, the new IP address and port combination will be 192.168.1.8:8098
Client Settings
To configure client settings for Remote Desktop, you need to open the Properties
window for specific user accounts To do so, proceed as follows:
1 Open Control Panel, select the Administrative tools option, and then start Users and Computers or Active Directory Users and Computers MMC snap-ins
(depending on the role of your computer and whether it participates in a domain)
2 Right-click the user account that will be used for administrative access, and select the Properties command from the context menu to open the properties window Go
to the Sessions tab (Fig 8.34) Notice that the settings on the Sessions tab are similar to those found in Terminal Services Configuration However, the
settings specified using the Terminal Services Configuration tool override those
set for the individual user
Trang 2Figure 8.34: The Sessions tab of the user account properties window
3 The Remote control tab (Fig 8.35) settings establish whether or not this account
can be remotely controlled Administrative accounts and user accounts that are used by administrators for Remote Desktop should not be configured to allow remote control Therefore, in order to strengthen security, it is recommended that
the user clear the Enable remote control checkbox, as shown in this illustration
Trang 3Figure 8.35: The Remote control tab of the user account properties window
Note In addition to settings that enhance security, strong policies and procedures will increase security as well More detailed information on this topic will be provided
in Chapter 9
Registry Entries for the W32Time Service
One of the most confusing elements in Windows 2000 and Windows Server 2003
domains is the W32Time service, which is integrated into the operating system in order
to ensure that date and time are properly synchronized throughout your organization
Unfortunately, installation instructions don't explain the reliance of user authentication on time, and, therefore, many organizations run into logon problems
The W32Time service settings are stored in the registry under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameter
s key (Fig 8.36)
Trang 4Figure 8.36: The W32Time service settings in the system registry
The value entries that you can specify here to tune the W32Time service are outlined in Table 8.3
Table 8.3: W32Time Service Registry Values
AvoidTimeSyncOnWan REG_DWORD Synchronize with a
computer that is at a different site
0 = Site is ignored [default]
1 = Do not
synchronize with a time source that is at
a different site
GetDcBackofMaxTimes REG_DWORD The maximum number of
times to double the back off interval when
successive attempts to find a domain controller fail An event is logged every time a full wait occurs
0 = The wait between attempts is at a
minimum and no event is logged
7 = [default]
GetDcBackofMinutes REG_DWORD The starting number of
minutes to wait before looking for a domain controller, if the last attempt failed
15 =[default]
LocalNTP REG_DWORD Start the SNTP server 0 = Don't start the
SNTP server, unless this computer is a domain controller
Trang 5Table 8.3: W32Time Service Registry Values
[default]
1 = Always start the SNTP server
NtpServer REG_SZ Stores the value from
NET TIME/SETSNTP
Blank by defaut Sample data value: 192.4.41.40
Period REG_DWORD Control how often the
time service synchronizes
0 = once a day
65535, every 2 days
65534, every 3 days
65533, every week (7 days)
65532, every 45 minutes until 3 good synchronizations occur, then once every 8 hours (3 per day) [default]
65531, every 45 minutes until 1 good synchronization occurs, then once every day
ReliableTimeSource REG_DWORD Does this computer have
a reliable time source?
0 = No [default]
1 = This computer has a reliable time source (this is only useful on a domain controller)
synchronize
Nt5DS = synchronize
to domain hierarchy
or manually configured source
Trang 6Table 8.3: W32Time Service Registry Values
[default]
NTP = synchronize
to manually configured source
NoSync = do not
synchronize time
information between reboots
Change not recommended
msSkewPerDay REG_DWORD Maintains computer clock
information between reboots
Change not recommended
Note Period can be a type REG_SZ with special values: Bidaily, every 2 days; Tridaily, every 3 days; Weekly, every week (7 days); SpecialSkew, every 45 minutes until 3 good synchronizations occur, then once every 8 hours (3 per day) [default];
DailySpecialSkew, every 45 minutes until 1 good synchronization occurs, then once every day
Disabling Dynamic DNS Registration
By default, all computers running Windows 2000, Windows XP, or Windows Server
2003 attempt to dynamically register on the DNS servers specified on the General tab of the TCP/IP properties window To disable this feature, click the Advanced button on the General tab of the Internet Protocol (TCP/IP) Properties window The Advanced TCP/IP Settings window will open Go to the DNS tab and clear the Register this
connection's addresses in DNS checkbox
In case you want to perform the same operation using the registry, open the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\In terfaces key, and set the DisableDynamicUpdate value (of REG_DWORD data type) to
1
Disabling Persistent Network Connections
To disable the option for restoring persistent network connections, start the registry editor, open the
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsNT\CurrentVersion\Network\
Trang 7Persistent Connections key, and locate the SaveConnections setting The default value for this setting is yes (Fig 8.37) To disable persistent network connections, set this value to
no
Figure 8.37: The
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsNT\CurrentVersion\Network\ Persistent Connections registry key
Not
e
To disable persistent network connections for users, set the SaveConnections value
to no in all existing user profiles This information is stored in the registry under the following keys:
HKEY_\USERS\<User_SID>\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ Network\Persistent Connections