Hi All,

I've got the Pro Pack installed on Trial at the moment, and was just wondering whether the Java based RDP client supports use of local printers on the TS session? :confused:

If not, is this something that is likely to be included?

Thanks

Steve

Not quite sure what you are trying to do as I haven’t tried the Pro pack yet.

However if it is RDP that you require then why not use OpenVPN, I have been doing this for 3 or 4 years now very successfully, a secure and easily manageable solution

However local printing is not as easy as it may appear, you need to have the driver for the local printer on the server and it also needs to be named on the server in exactly the same way as it is on the client machine.

Hi bulldog, and thanks for the reply.

I've trialled the OpenVPN, and whilest it works well, it does not suit the requirements of my organisation, which is for the user to authenticate themselves on the connection to the VPN. Obviously, if the OpenVPN were user authenticated, then the end user could use the Microsoft client to gain the printing functionality (yes I am aware of the requirement of identical drivers between TS Server and client PC). We currently operate on this basis using an IPSec Cisco VPN. My query is whether the Java RDP client within Remote Access Portal has this same ability as the MS client to support local printers? If it does, then I may be able to do away with clients using the Cisco VPN for remote access, as all they really need is to be able to RDP to our TS Servers!

The java client IS Microsoft's but either way it still doesn't allow printing.

Thanks for the confirmation sky-knight. We'll see how this works out for my organisation, but it might be that we will need to retain the current VPN solution, at least until Untangle can operate as an IPSec gateway or supports a user authenticated VPN tunnel some other way.

Thanks

Steve

So you really need user authenticated VPN? OpenVPN operates on issued certificates that are on each machine. In the event that a machine is lost or stolen you simply deactivate the certificate and issue a new one. This type of authentication is just as strong as user level, since most users check the always remember box anyway...

This goes double true if the purpose of the VPN is to provide secure access to a terminal server. Using the firewall you can control access from the VPN to simply the terminal server or other resources with a very fine grain of control. At that point, using the normal RDP client to connect to terminal server still requires a user name and password. The terminal service itself hasn't had many vulnerabilities over the years to be that concerned about.

Of course all this means you have to keep track of your equipment, which you should be doing anyway! :D

Hi sky-knight,

Preaching to the converted! I know personally that a combination of machine authentication at the VPN with user auth at the TS Server would solve the problem, but as it stands, that's not the way things work here (and too many changes in one go make people nervous), so user auth it remains (for now).

I will, however, have another discussion in the short term future on this as it does seem a mite silly not to take advantage of securing against letting any old device connect to the VPN....

Steve