IMON On a Terminal Server?

slyder · #1 August 3rd, 2006, 04:32 AM

I have followed the advice about not running IMON on servers.

I wondered if IMON could be run on a terminal server running Windows 2003? Or would the same rule apply? I'm just aware that users do sometimes use the internet on this box.

covaro · #2 August 3rd, 2006, 10:32 AM

My suggestions would be to not run IMON on the box. My opinion would also be to remove the ability for users to use Internet Explorer to browse the web while on the terminal server... just not a safe option.

-Cov

#3 August 3rd, 2006, 10:39 AM

Quote:

Originally Posted by covaro

My opinion would also be to remove the ability for users to use Internet Explorer to browse the web while on the terminal server... just not a safe option.

Since sometimes users may need to browse the internet , you can simply make them use Mozilla Firefox instead of IE . If Firefox and NOD32 are up-to-date , you'll have no problems with that

slyder · #4 August 4th, 2006, 06:09 AM

Should I also disable DMON and EMON on the terminal server? Or can I have these on?

Thanks

covaro · #5 August 4th, 2006, 07:09 AM

That would depend on what they are using the Terminal Server for... do they use Office and or Outlook? If Office and Outlook are being used you should probably leave them on, if not, turn them off... it won't hurt.

-Cov

alglove · #6 August 4th, 2006, 11:50 AM

DMON and EMON do not insert themselves into the network stack like IMON does, so they should be safe to run. In addition to checking Office, DMON checks ActiveX components as they are installed, so this alone may be a good reason to keep DMON running.

andrator · #7 August 22nd, 2006, 10:51 AM

Quote:

Originally Posted by covaro

My opinion would also be to remove the ability for users to use Internet Explorer to browse the web while on the terminal server... just not a safe option.

A terminal server is a workstation with a lot of users. I don't see why you should restrict IE from a Terminal Server.

In our case this is not an option. There are almost a dozen web based applications that rely on Internet Explorer and some requiring windows integrated authentication.

We're using a security appliance, limited user rights and Windows 2003 SP1 together with NOD32 and until now we have only had one report of NOD32 detecting a jscript worm.

slyder · #8 August 22nd, 2006, 11:52 AM

andrator: are you using IMON on your box?

andrator · #9 August 23rd, 2006, 05:37 AM

Quote:

Originally Posted by slyder

andrator: are you using IMON on your box?

No, IMON is automatically disabled on Windows Server 2003.

duijv023 · #10 August 25th, 2006, 04:13 PM

one of my colleagues tested it recently by accident (he forgot to disable IMON) on a w2k3 terminal server. It ended with network troubles. So: don't leave IMON on a TS

greetings from a very, very rainy Holland

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search