any way to allow 2x connections but forbid mstsc connections

I'm trying to station restrict one of a few apps on a Terminal Server. You can do this from inside 2x and it works great but you can still RDP directly to the server and log in.

I can't forbid RDP cause that'll break 2x.

I can't use SecureRDP because I have other apps on this server that I don't want IP restricted.

Any ideas on how to restrict this?


On a slightly related topic is there any way to forbid saving passwords on the 2x client?

 

maybe change listener port?

I realize that this is security through obscurity but perhaps I could change the TS listening port from 3389. That way when people use mstsc it will fail but if they use the 2x client it'll work.

I tried this but I can't get it to work. I have one server acting as the gateway and a separate server as the Term server. If I change the port on the term server and Check Agent under Servers in Farm then it correctly says the new port. But clients won't connect. I just get a "client could not access the remote application" error.

Terminal services still work from mstsc if you add the port to the computer name.

 

The latest 2x client, has a save password option.

Make sure you a have updated the port number from the console too, Connection settings, RDP Port.

Nixu

 

yeah, missed the listener port

Yeah, I didn't change the RDP port on the server properties. I assumed that since the Check Agent dialog knew what RDP port was being used that all was well.

I know I can save the password. I want to forbid saving of the password so that users have to enter it every time. I want to take away the save password check boxes.