RDP, WIN2003 and LnS

I've loaded LnS on my SBS 2003 box. My problem is we are a few administrators that logon to the server using RDP. Each time we logon LnS is reloaded and the firewall rules in one RDP session (Terminal) is different to another RDP session blocking certain services again.

Can I load LnS as a system service to avoid LnS loading everytime someone RDP. Also then to have only one packet filtering rule set for the server and also just one application config?

Thanks

 

Under some conditions you could use 'Common to all users' on the Look 'n' Stop - 'Options' Tab/screen and under 'Registry keys'.


Regards,
Phant0m``

 

Thanks for the reply Phantom. I've set those settings but I seem to be picking up major inconsistensies between the main server screen (sitting at the server) and the various RDP sessions. It would seem that if you launch Look 'n Stop in one of the RDP sessions it loads it's own filtering rules again. Furthermore you cannot see the logs in Look 'n Stop at all from the RDP sessions.

 

You can try to remove the Look 'n' Stop entry from this registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

And add it only for one user in:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

Regards,

Frederic

 

Hi Frederic

Thanks for the reply. From what I gather is that Look 'n Stop does not check to see if there is an existing LnS running before launching another instance when connecting via RDP. Because if I RDP in to the server and would like to quickly mod a rule I can't because the currently launch RDP LnS is completely different from the LnS started using the service option. And if I quit the LnS launch in the RDP it closes all filtering including the LnS launched as a system service. Based on your suggestion, should we only enable it for one user who will it be? Because ideally we would like LnS to start as a service (like it is currently set due to the fact that we want LnS to startup independently from any user profile. This is due to the fact that it is a server and needs to start working the second the server boots).

Ideally what would be great is if you can launch the LnS engine via a system service and then admin the "engine" using a console application (Frontend like it is now). Basically separate the actual management application from the actual filtering engine. This would mean that you can launch the engine via a system service and let it run independent from the actual management interface. Then you can RDP and just launch the management interface, update rules, check the logs etc. Same with the next RDP sessions.

Thanks
Quinton

 

Yes, unfortunately, you can't mix the two modes. Either it is started as a service, and you should have only one instance, and it is not possible to modify the rules from one RDP session, or you have one instance by logged user, and each user has its own options.

Yes, I agree this would be the ideal design to support properly multiple sessions. It require a new design...

Regards,

Frederic