0HWD)UDPH$GPLQLVWUDWRUªV*XLGH
Click the Advanced tab to adjust the importance of advanced factors when
calculating overall system load. The Importance factor for each parameter can be
adjusted independently of any others.
0HWD)UDPH6HFXULW\7RROVIn addition to the security issues common to Microsoft Windows NT Server,
Windows Terminal Server has additional security issues related to remote control;
that is, its ability to allow remote users to logon and execute applications remotely.
This means that any remote users who logon to the server must be allowed to
access files and directories in a secure fashion.
The MetaFrame security tools enhance the standard Windows Terminal Server
security features by providing additional methods for securing file systems.
8VLQJ$FOVHWWR6HFXUHWKH)LOH6\VWHP
Aclset automatically secures all files and directories on all hard drives. Aclset
secures all files, directories, and drives. After the file systems are secured, use the
Security Configuration utility and other tools to selectively enable user access to
files and directories. This method makes sure that there are no file system security
holes. Aclset sets all file and directory Access Control Lists (ACLs) to grant Full
Access rights to the Administrators and System groups only; the Users group is
denied access. This step is also referred to as “locking down” the file system.
Running Aclset denies user access to all files and directories on the
Windows Terminal server. After running Aclset, users may not be able to logon
and run any applications. Use Aclset only when a high security environment is
required.
ÃTo use Aclset to secure the file system
1. Start a Command Prompt session. Make sure no other programs or users are
active.
2. At the command prompt, type aclset and press ENTER.
3. When Aclset is complete, the command prompt returns. There is no success
message but any errors encountered are reported.
After Aclset completes, the file system is locked down. The Users group has no
access to any drive, directories, or files. Running the Security Configuration utility
unlocks selected system files and gives users limited access to selected directories
(including users’ home directories and temp directories).
:DUQLQJ