Customizing a Network Using the Registry phần 2
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (21.83 KB, 7 trang )
1.
Figure 8.33: The PortNumber value entry under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServe
r\WinStations\RDP-Tcp\PortNumber
2. Now, to access the server using the new setting, type the new port number after
the IP address of the computer to which you want to connect. If the new port is
8098, and the IP address of the server is 192.168.1.8, the new IP address and port
combination will be 192.168.1.8:8098.
Client Settings
To configure client settings for Remote Desktop, you need to open the Properties
window for specific user accounts. To do so, proceed as follows:
1. Open Control Panel, select the Administrative tools option, and then start Users
and Computers or Active Directory Users and Computers MMC snap-ins
(depending on the role of your computer and whether it participates in a domain).
2. Right-click the user account that will be used for administrative access, and select
the Properties command from the context menu to open the properties window. Go
to the Sessions tab (Fig. 8.34
). Notice that the settings on the Sessions tab are
similar to those found in Terminal Services Configuration. However, the
settings specified using the Terminal Services Configuration tool override those
set for the individual user.
Figure 8.34: The Sessions tab of the user account properties window
3. The Remote control tab (Fig. 8.35
) settings establish whether or not this account
can be remotely controlled. Administrative accounts and user accounts that are
used by administrators for Remote Desktop should not be configured to allow
remote control. Therefore, in order to strengthen security, it is recommended that
the user clear the Enable remote control checkbox, as shown in this illustration.
Figure 8.35: The Remote control tab of the user account properties window
Note In addition to settings that enhance security, strong policies and procedures will
increase security as well. More detailed information on this topic will be provided
in Chapter 9
.
Registry Entries for the W32Time Service
One of the most confusing elements in Windows 2000 and Windows Server 2003
domains is the W32Time service, which is integrated into the operating system in order
to ensure that date and time are properly synchronized throughout your organization.
Unfortunately, installation instructions don't explain the reliance of user authentication on
time, and, therefore, many organizations run into logon problems.
The W32Time service settings are stored in the registry under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameter
s key (Fig. 8.36
).
Figure 8.36: The W32Time service settings in the system registry
The value entries that you can specify here to tune the W32Time service are outlined in
Table 8.3
.
Table 8.3: W32Time Service Registry Values
Value name Data type Description Values
AvoidTimeSyncOnWan REG_DWORD Synchronize with a
computer that is at a
different site.
0 = Site is ignored
[default].
1 = Do not
synchronize with a
time source that is at
a different site.
GetDcBackofMaxTimes REG_DWORD The maximum number of
times to double the back
off interval when
successive attempts to
find a domain controller
fail. An event is logged
every time a full wait
occurs.
0 = The wait between
attempts is at a
minimum and no
event is logged.
7 = [default]
GetDcBackofMinutes REG_DWORD The starting number of
minutes to wait before
looking for a domain
controller, if the last
attempt failed.
15 =[default]
LocalNTP REG_DWORD Start the SNTP server. 0 = Don't start the
SNTP server, unless
this computer is a
domain controller
Table 8.3: W32Time Service Registry Values
Value name Data type Description Values
[default].
1 = Always start the
SNTP server.
NtpServer REG_SZ Stores the value from
NET TIME/SETSNTP.
Blank by defaut.
Sample data value:
192.4.41.40
Period REG_DWORD Control how often the
time service
synchronizes.
0 = once a day
65535, every 2 days
65534, every 3 days
65533, every week (7
days)
65532, every 45
minutes until 3 good
synchronizations
occur, then once
every 8 hours (3 per
day) [default]
65531, every 45
minutes until 1 good
synchronization
occurs, then once
every day
ReliableTimeSource REG_DWORD Does this computer have
a reliable time source?
0 = No [default]
1 = This computer
has a reliable time
source (this is only
useful on a domain
controller).
Type REG_SZ How does this computer
synchronize
Nt5DS = synchronize
to domain hierarchy
or manually
configured source
