My understanding is that the microsoft service called Terminal Services, is used for remote desktop/remote services
Is Terminal Services required for NIS 2010 to work? I mean other than if I requested remote help.
I have this service currently disabled and my Norton seems to be working fine. I know that if I wanted remote help, I'd need to enable the Terminal Services program, but other than that, can I keep it disabled?
Hi Calls,
To our knowledge Terminal Services are still required.
Did you follow up on SendOfJive's recommendation here?
Best wishes.
Allen
well then leaving terminal services on causes the port 3389 to be open and get connections from unsolicited IP addresses
I know, I have seen this in the log.
Hi Calls,
SendOfJive suggested that you visit ShieldsUp to see if it is able to successfully probe port 3389.
This will tell you for sure if anything is able to get into that port.
Just as a note, I have always had Remote Desktop enabled on my computer as I need it for my work since I am a software engineer and have to routinely connect via remote desktop. This has never created a security issue for me. Even with remote desktop enabled you can control which users are able to log into the computer. With it disabled, no one can access the computer via remote desktop.
Best wishes.
Allen
well here it is
I enabled Terminal Services
I deleted the block port 3389 rule I created on the Firewall
Ran Shields up
results showed that port 3389 open and receiving connections
Hi Calls,
Can you tell us exactly what the report said? Make sure and be generic and do not list any IP addresses but what did it report?
Understand that Terminal Services will be listening on that port when it is enabled. This is normal and does not mean that something is going to be able to break into your computer via that port. There are many ports which different services and/or applications will be listening to.
Thanks
Allen
thank you Allen
I have removed the block port 3389 rule from the firewall
I have enabled Terminal Services and set to manuel start up
ran Shields up specific to port 3389
Here are the results
| Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community. Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.) Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation. |
Port | Status | Protocol and Application |
3389 | OPEN! | msrdp Microsoft Remote Display Protocol |
Hi Calls,
I've sent SendOfJive a PM and requested he respond further as he is more knowledgeable in this particular area than I am.
But as I understand it, when you have Terminal Services enabled NIS will know that and allow the connection. It is then up to the OS itself to allow or deny the actual connection based on whether you have remote desktop enabled or not. And if you have remote desktop enabled you can control what users are allowed to connect to your computer.
For example on mine I have several users installed on my main desktop computer. I have only one user which is allowed to connect via remote desktop. Any attempt of me logging on via remote desktop with any installed user which is not on the approved remote desktop list is properly denied by the OS itself. I have tested this before.
With remote desktop disabled, no actual connections should be allowed by the OS.
I'll let SendOfJive comment on this further and correct anything I've said which is not 100% correct.
Best wishes.
Allen
So do I understand this correctly:
Norton NIS needs Terminal services if there is a need for remote help?
Hi Calls,
As mentioned in the following post by a Symantec employee, NIS uses terminal services to know when a user is logged on.
I'm sure SendOfJive will respond further regarding port 3389 when he comes on line later. 
Best wishes.
Allen
Thanks Allen, everyone's help is much apprecaited. I'm afraid I"m not that computer savvy
can you help me understand a few thing?
You said
But as I understand it, when you have Terminal Services enabled NIS will know that and allow the connection.
Is that saying NIS in regard to remote help?
What is meant by
NIS uses terminal services to know when a user is logged on.
logged on what? On the computer? Or logged on in regard to remote assistance?
Why would the functioning of NIS need to know if I was logged on?
Don't mean to be difficult, just trying to understand
I guess what I"m really asking is does NIS 2010 require terminal services in order to maintain the functioning of the NIS program, such as def updates, etc and to maintain the firewall?
Or does NIS require Terminal Services if and when there is a need for remote help?
maybe if I rephrase the question:
Can NIS 2010 install without Terminal services enabled?
For NIS 2010, what parts and functions of NIS 2010 would require that service Terminal Services, be enabled?
can NIS 2010 maintain its realtime security protection, get def updates and other updates without Terminal Services enabled?
Or maybe even more simplified, what functions of NIS 2010 would NOT work if Terminal Services were disabled
Terminal Services provides an environment to assist with specific things.
"Remote Desktop Protocol (RDP) has been enhanced to improve display and device redirection and enhance security through powerful encryption algorithms, making Terminal Services so secure you don't need a VPN tunnel when you're connecting to it over a public network like the Internet."
"Furthermore, centrally-deployed applications are usually easier to maintain (for example, patching and upgrading) and simpler to troubleshoot when things go wrong."
"The optional Session Directory component now lets you scale Terminal Services upwards to meet the demands of even large enterprises by letting you build a load-balanced terminal server farm that lets users reconnect to the same terminal server they were connected to should they somehow become disconnected.
From this info, it would appear that Terminal Services is used for authentication, patching, the ability to connect for updates, and upgrades, and the OneClick support functions, as well as increased security. It would also provide the ability to serve a much larger client base in order to provide these functions.
In this thread, Norton would not install without it.
Hi Calls,
Terminal Services needs to be running. Having this service running does not automatically cause port 3389 to be open. We need to find why the port is open. I assume that you are using Windows Firewall. SInce you had a remote assistance program at one time it is possible that an exception was created in the firewall and so port 3389 is not closed. Go into the Firewall settings, click on the Exceptions tab and make sure that Remote Desktop and Remote Assistance are not checked. Let us know what you find. Unchecking these entries will close the port.
Thanks Del
Well I have enabled Terminal Services
Deleted the block port 3389 rule
Now I just looked at my internet connection log and I see this inbound connection on my machine (11:59am)
| Details: | Connection: 59.151.112.219: 51346. to MY-PC: ms-wbt-server(3389). 0 bytes sent. 0 bytes received. 0.000 elapsed time |
So there is my concern, unsolicited connection to my machine via port 3389
This IP address that is shown is from China
So then if Terminal Services must be running, then I think I have to at least block port 3389
Thanks Send of Jive
Actually, currently I still have the NAV2008 with the inbound "firewall" that is my firewall and not Vista Firewall
The port 3389 shows listening when the Terminal Services is enabled. When Terminal services is disabled, there is nothing listening on the port. That is what leads me to believ that Terminal Services is opening the port
I checked. Windows Firewal is not on'But I opened it up as you have shown and
Remote Desktop and Remote Assistance are not checked
Try this... go to services and set remote desktop services to "manual" and disable remote registry
In run type service and a window should pop up. Scroll down to "remote desktop services" and right click on it.
In the window that opens select manual under start up type.
Do the same for remote registry but this time select "disable". Hopefully that will close the port.
This is what I have on my computer
| Port |  Status | Protocol and Application |
3389 | Stealth | msrdp Microsoft Remote Display Protocol |
Image not up yet
But are you saying that in the registry, remote desktop/remote access might still be open?
No... That's the name of the service. "Remote registry" and "remote destop access"
hen I type services into run command, I cant get any box to pull up
