IMON On a Terminal Server?

I have followed the advice about not running IMON on servers.

I wondered if IMON could be run on a terminal server running Windows 2003? Or would the same rule apply? I'm just aware that users do sometimes use the internet on this box.

 

My suggestions would be to not run IMON on the box. My opinion would also be to remove the ability for users to use Internet Explorer to browse the web while on the terminal server... just not a safe option.

-Cov

 

Since sometimes users may need to browse the internet , you can simply make them use Mozilla Firefox instead of IE . If Firefox and NOD32 are up-to-date , you'll have no problems with that

 

Should I also disable DMON and EMON on the terminal server? Or can I have these on?

Thanks

 

That would depend on what they are using the Terminal Server for... do they use Office and or Outlook? If Office and Outlook are being used you should probably leave them on, if not, turn them off... it won't hurt.

-Cov

 

DMON and EMON do not insert themselves into the network stack like IMON does, so they should be safe to run. In addition to checking Office, DMON checks ActiveX components as they are installed, so this alone may be a good reason to keep DMON running.

 

A terminal server is a workstation with a lot of users. I don't see why you should restrict IE from a Terminal Server.

In our case this is not an option. There are almost a dozen web based applications that rely on Internet Explorer and some requiring windows integrated authentication.

We're using a security appliance, limited user rights and Windows 2003 SP1 together with NOD32 and until now we have only had one report of NOD32 detecting a jscript worm.

 

andrator: are you using IMON on your box?

 

No, IMON is automatically disabled on Windows Server 2003.

 

one of my colleagues tested it recently by accident (he forgot to disable IMON) on a w2k3 terminal server. It ended with network troubles. So: don't leave IMON on a TS

greetings from a very, very rainy Holland