secure lockdown of terminal server liscencing?

[TonyZeigler]

I have two domains that I want to keep separate. However, I do have a need to
have one machine on one of the domains access the liscence server for TS on
the other.

Unfortunately, all the config screens for the liscence server management
want me to specify a server on a trusted domain.

Given that I'm a complete newb when it comes to trusting domains, I am
hopefully overworried about security implications of trusting them? Can
anyone describe how to trust the two domains to limit the trust to servicing
just the liscence server service?

 

[S. Pidgorny]

Domain trust doesn't create a vulnerability - it only allows assigning
permissions to resources in trusting domain to users and systems in trusted
domain. Administrators still have to assign permissions.

There seem to be some issues with Terminal Services licensing in trust
scenarios: http://support.microsoft.com/kb/905687 - I just found the
article, I'm not a licensing expert...


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *




"TonyZeigler" <TonyZeigler@discussions.microsoft.com> wrote in message
news:7A4A37BF-ADC7-4C05-9E75-433D8F2C6B86@microsoft.com...
>I have two domains that I want to keep separate. However, I do have a need
>to
> have one machine on one of the domains access the liscence server for TS
> on
> the other.
>
> Unfortunately, all the config screens for the liscence server management
> want me to specify a server on a trusted domain.
>
> Given that I'm a complete newb when it comes to trusting domains, I am
> hopefully overworried about security implications of trusting them? Can
> anyone describe how to trust the two domains to limit the trust to
> servicing
> just the liscence server service?

 

[TonyZeigler]

Thanks, I didn't realize that - people always get wide eyes when we talk
about trusting domains between our main office and our clients.

As for the article linked, I had reviewed that one already, but we were
already up to the latest service pack. The problem I was trying to get around
was trusting the domains in any way, but it sounds like that might not be the
issue I thought it was.
(The moment I created the trust I was able to get it to work)

"S. Pidgorny <MVP>" wrote:

> Domain trust doesn't create a vulnerability - it only allows assigning
> permissions to resources in trusting domain to users and systems in trusted
> domain. Administrators still have to assign permissions.
>
> There seem to be some issues with Terminal Services licensing in trust
> scenarios: http://support.microsoft.com/kb/905687 - I just found the
> article, I'm not a licensing expert...
>
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>
>
>
> "TonyZeigler" <TonyZeigler@discussions.microsoft.com> wrote in message
> news:7A4A37BF-ADC7-4C05-9E75-433D8F2C6B86@microsoft.com...
> >I have two domains that I want to keep separate. However, I do have a need
> >to
> > have one machine on one of the domains access the liscence server for TS
> > on
> > the other.
> >
> > Unfortunately, all the config screens for the liscence server management
> > want me to specify a server on a trusted domain.
> >
> > Given that I'm a complete newb when it comes to trusting domains, I am
> > hopefully overworried about security implications of trusting them? Can
> > anyone describe how to trust the two domains to limit the trust to
> > servicing
> > just the liscence server service?
>
>
>