Using Windows Server 2003 in a Managed Environment
NetMeeting
On This PageBenefits and Purposes of NetMeetingNetMeeting conferencing software, which is included in the Microsoft Windows Server 2003 family, enables real-time communication and collaboration over the Internet or an intranet. From a computer running the Windows 95, Windows 98, Windows NT 4.0, Windows 2000, or Windows XP operating system, users can communicate over a network with real-time voice and video technology. Users can work together on virtually any Windows-based application, exchange or mark up graphics on an electronic whiteboard, transfer files, or use the text-based chat program. NetMeeting helps small and large organizations take full advantage of their corporate intranet for real-time communication and collaboration. On the Internet, connecting to other NetMeeting users is made easy with Internet Locator Service (ILS), enabling participants to call each other from a dynamic directory within NetMeeting or from a Web page. Features include remote desktop sharing, virtual conferencing using Microsoft Outlook, security features, and the ability to embed the NetMeeting user interface in an organizations intranet Web pages. Note: NetMeeting is not available on the 64-bit versions of the Windows Server 2003 family. To learn more about the NetMeeting features, see the article on the Microsoft TechNet Web site at: www.microsoft.com/technet/prodtechnol/netmting/evaluate/nm3feats.asp Overview: Using NetMeeting in a Managed EnvironmentNetMeeting supports communication standards for audio, video, and data conferencing. NetMeeting users can communicate and collaborate with users of other standards-based, compatible products. They can connect by modem, Integrated Services Digital Network (ISDN), or local area network (LAN) using Transmission Control Protocol/Internet Protocol (TCP/IP). In addition, support for Group Policy in NetMeeting makes it easy for administrators to centrally control and manage the NetMeeting work environment. You can use Active Directory directory service and Group Policy to configure NetMeeting to help meet your security requirements. You can also control the configuration of NetMeeting by using the NetMeeting Resource Kit. For more information about the NetMeeting Resource Kit, see "Alternate Methods for Controlling NetMeeting," later in this section. NetMeeting components and features require that several ports be open from the firewall. For more information, see "NetMeeting and firewalls," later in this section. How NetMeeting Communicates with Sites on the InternetNetMeeting provides an infrastructure for communication between network applications and services. In this infrastructure, NetMeeting is both an application and a platform for other applications or services. The components and services in NetMeeting provide real-time communication and collaboration over the Internet or an organizations intranet. NetMeeting audio and video conferencing features are based on the H.323 infrastructure, which enables NetMeeting to interoperate with other H.323 standards-based products. (H.323 is a standard approved by the International Telecommunication Union [ITU] that defines how audiovisual conferencing data is transmitted across networks.) NetMeeting data conferencing features are based on the T.120 infrastructure, enabling NetMeeting to interoperate with other T.120 standards-based products. (The T.120 standard is a suite of communication and application protocols developed for real-time, multipoint data connections and conferencing.) Detailed information about the H.323 and T.120 standards is beyond the scope of this white paper. Further information can be found on the following sites:
(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.) NetMeeting Port AssignmentsWhen you use NetMeeting to call other users over the Internet, several IP ports are required to establish the outbound connection. The following table describes the port numbers, their functions, and the resulting connection. Port assignments for NetMeeting
For more information about NetMeeting communication ports and firewall configuration topics, see Part 2, Chapter 4, "Firewall Configuration," in the Microsoft NetMeeting 3 Resource Kit at: www.microsoft.com/technet/prodtechnol/netmting/reskit/netmtg3/part2/chapter4.asp Controlling NetMeeting to Limit the Flow of Information to and from the InternetYou can configure NetMeeting by using Group Policy objects (GPOs) on servers running products in the Windows Server 2003 family. (You can also control the configuration of NetMeeting by using the NetMeeting Resource Kit; for more information, see "Alternate Methods for Controlling NetMeeting," later in this section.) This subsection includes information about the following topics:
NetMeeting and Group PolicyGroup Policy can be used to define the default NetMeeting configuration settings that will be automatically applied to users and computers. These settings determine which NetMeeting features and capabilities are available to a particular group of users. The Group Policy configuration settings that are specific to NetMeeting are grouped into two different categories. These category groupings enable you to independently manage NetMeeting configuration settings for computers and users within your organization. Through the use of Group Policy you can enable, disable, or set configuration options for NetMeeting features or capabilities. For additional information about Group Policy, see Appendix B, "Resources for Learning About Group Policy." You can use Group Policy to manage the following NetMeeting configuration options for users in your organization:
Configuring NetMeeting Settings for Computers Through Group PolicyYou can use Group Policy to determine the NetMeeting features and capabilities that are available to all users of the computers that are affected by the application of the NetMeeting Group Policy settings. For details about locating the Group Policy objects (GPOs) for NetMeeting, see "Procedures for Configuration of NetMeeting," later in this section. The NetMeeting Group Policy configuration setting that is specific to computers is as follows:
For more information about how to use Group Policy to manage the NetMeeting computer settings, see "To disable the NetMeeting remote desktop sharing feature through Group Policy," later in this section. Note: Computer-related Group Policy settings are applied when the operating system starts and during the periodic refresh cycle. Configuring NetMeeting Settings through Group PolicyYou can use Group Policy to determine the NetMeeting features and capabilities that are available for a user or a group of users that are affected by the application of the NetMeeting Group Policy settings. These Group Policy configuration options include the policy settings for NetMeeting, application sharing, audio and video, and the options page. For more information about how to use Group Policy to manage the NetMeeting user settings, see "Procedures for Configuration of NetMeeting, later in this section. The NetMeeting Group Policy configuration settings that are specific to users are as follows: Configuring NetMeeting Settings for Users Through Group Policy For details about locating the Group Policy objects for NetMeeting, see "Procedures for Configuration of NetMeeting," later in this section. You can use Group Policy to set configuration settings for the following NetMeeting features:
Configuring NetMeeting Application Sharing Settings Through Group Policy For details about locating the Group Policy objects (GPOs) for NetMeeting, see "Procedures for Configuration of NetMeeting," later in this section. You can use Group Policy to set configuration settings for the following elements of the NetMeeting Application Sharing feature:
Configuring NetMeeting Audio and Video Settings Through Group Policy For details about locating the Group Policy objects (GPOs) for NetMeeting, see "Procedures for Configuration of NetMeeting," later in this section. You can use Group Policy to set configuration settings for the following audio and video elements in NetMeeting:
Configuring NetMeeting Options Settings Through Group Policy For details about locating the Group Policy objects (GPOs) for NetMeeting, see "Procedures for Configuration of NetMeeting," later in this section. You can use Group Policy to set configuration settings for the following elements of the NetMeeting Options page:
Note: User-related Group Policy settings are applied when a user logs on to the computer and during the periodic refresh cycle. NetMeeting SecurityThe NetMeeting security architecture for data conferencing takes advantage of the existing, standards-compliant security features of the Windows Server 2003 family and Microsoft Internet Explorer. The NetMeeting security architecture utilizes a 40-bit encryption technology and has the following security features:
If you need stronger encryption than the 40-bit encryption supported in NetMeeting, you can use applications based on the RTC protocols and technologies built into products in the Windows Server 2003 family. For more information about these protocols and technologies, see the Real-Time Communications Web page on the Microsoft Web site at: http://office.microsoft.com/home/office.aspx?assetid=FX010908711033 NetMeeting security features integrate with security in the Windows Server 2003 family and Internet Explorer in a variety of ways, including the following:
These security features can be implemented by an administrator or a NetMeeting user. Using the NetMeeting Resource Kit Wizard or Group Policy in NetMeeting, the administrator can enforce security settings that apply to all users. If allowed by the administrator, NetMeeting users can also select their own security settings in the NetMeeting user interface (UI) and change security settings for individual calls. You can use the following sources to learn more about NetMeeting configuration and security topics:
NetMeeting and FirewallsYou can configure firewall components in a variety of ways, depending on your organization's specific security policies and overall operations. While most firewalls are capable of allowing primary (initial) and secondary (subsequent) Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) connections, it is possible that they are configured to support only specific connections based on security considerations. For example, some firewalls support only primary TCP connections, which some professionals view as the most reliable. For NetMeeting multipoint data conferencing—program sharing, whiteboard, chat, file transfer, and directory access—your firewall only needs to pass through primary TCP connections on assigned ports. NetMeeting audio and video features require secondary TCP and UDP connections on dynamically assigned ports. Note: NetMeeting audio and video features require secondary TCP and UDP connections. Therefore, when you establish connections through firewalls that accept only primary TCP connections, you are not able to use the audio or video features of NetMeeting. Detailed firewall configuration procedures for NetMeeting are beyond the scope of this white paper. For more information about NetMeeting firewall connections, see Part 2, Chapter 4, "Firewall Configuration," of the Microsoft NetMeeting 3 Resource Kit, particularly the section titled, "Establishing a NetMeeting Connection with a Firewall," at: www.microsoft.com/technet/prodtechnol/netmting/reskit/netmtg3/part2/chapter4.asp Microsoft NetMeeting can be configured to work with an organizations existing firewall security. Because of limitations in most firewall technology, however, few products are available that enable you to securely transport inbound and outbound NetMeeting calls containing audio, video, and data across a firewall. You should consider carefully the relative security risks of enabling different parts of a NetMeeting call in your firewall product. You must especially consider the security risks involved when modifying your firewall configuration to enable any component of an inbound NetMeeting call. Some organizations have security or policy concerns that require them to limit how fully they support NetMeeting in their firewall configuration. These concerns are based on network capacity planning or weaknesses in the firewall technology being used. For example, security concerns might prohibit an organization from accepting any inbound or outbound flow of UDP data through the firewall. Because these UDP connections are required for NetMeeting audio and video features, disabling this function excludes audio and video features in NetMeeting for calls through the firewall. The organization can still use NetMeeting data conferencing features such as program sharing, file transfer, whiteboard, and chat for calls through the firewall by allowing only TCP connections on ports 522 and 1503. For more information about NetMeeting firewall security, see the section titled "Security and Policy Concerns," in the chapter of the NetMeeting Resource Kit from the previous link (scroll through the chapter until you find the section). Establishing a NetMeeting Connection with a Firewall When you use NetMeeting to call other users over the Internet, several IP ports are required to establish the outbound connection. If you use a firewall to connect to the Internet, it must be configured so that the following IP ports are not blocked:
To establish outbound NetMeeting connections through a firewall, the firewall must be configured to do the following:
The H.323 call setup protocol dynamically negotiates a TCP port for use by the H.323 call control protocol. Also, both the audio call control protocol and the H.323 call setup protocol dynamically negotiate UDP ports for use by the H.323 streaming protocol, called the Real-Time Transfer Protocol (RTP). In NetMeeting, two UDP ports are designated on each side of the firewall for audio and video streaming, for a total of four ports for inbound and outbound audio and video. These dynamically negotiated ports are selected arbitrarily from all ports that can be assigned dynamically. NetMeeting directory services require either port 389 or port 522, depending on the type of server you are using. The Microsoft Internet Locator Service (ILS), which supports LDAP for NetMeeting, requires port 389. The Microsoft User Location Service (ULS), developed for NetMeeting 1.0, requires port 522. Firewall Limitations for NetMeeting Some firewalls cannot support an arbitrary number of virtual internal IP addresses, or cannot do so dynamically. With these firewalls, you can establish outbound NetMeeting connections from computers inside the firewall to computers outside the firewall, and you can use the audio and video features of NetMeeting. Users outside the organization cannot, however, establish inbound connections from outside the firewall to computers inside the firewall. Typically, this restriction is due to limitations in the network implementation of the firewall. Note: Some firewalls are capable of accepting only certain protocols and cannot handle TCP connections. For example, if your firewall is a Web proxy server with no generic connection-handling mechanism, you will not be able to use NetMeeting through the firewall. You can use the following sources to learn more about NetMeeting configuration and firewall topics: For more information about NetMeeting firewall connections, see Part 2, Chapter 4, "Firewall Configuration," of the Microsoft NetMeeting 3 Resource Kit, particularly the section titled, "Establishing a NetMeeting Connection with a Firewall," at: www.microsoft.com/technet/prodtechnol/netmting/reskit/netmtg3/part2/chapter4.asp For more information about using NetMeeting and your firewall, see article 158623, "How to Establish NetMeeting Connections through a Firewall," in the Microsoft Knowledge Base at: support.microsoft.com/default.aspx?scid=kb;en-us;158623&sd=tech Alternate Methods for Controlling NetMeetingYou can create customized installation options for specific users or groups within your organization by using the NetMeeting Resource Kit Wizard. Additionally, you can use the NetMeeting Resource Kit Wizard to control user and computer access rights by creating custom configurations of client settings and specific features that you have selected to restrict or allow. For example, you can control audio and video access, set data throughput limits and network speeds, and choose to display online support. The Resource Kit Wizard can also help you set up various configurations of NetMeeting for different types of users and different levels of security. It can help you save network bandwidth by restricting specific features. You can also use the Resource Kit Wizard to both change registry settings for all NetMeeting users, and to implement such changes globally. Note: By selecting certain options in the Resource Kit Wizard, be aware that you may be changing the NetMeeting user interface. For example, if you click Restrict the Use of Video, the Video tab doesn't appear in the NetMeeting user's Options dialog box. The Resource Kit for NetMeeting has a section that provides detailed information about responding to NetMeeting problems, including problem descriptions, causes, and resolutions. For more information about the Microsoft NetMeeting 3 Resource Kit, see the Microsoft Web site at: www.microsoft.com/technet/prodtechnol/netmting/reskit/netmtg3/nm3dldoc.asp Procedures for Configuration of NetMeetingNetMeeting is designed to enhance the enterprise environment and enable users to communicate internally and externally with other NetMeeting users. You can use Group Policy to develop a NetMeeting feature management policy to support the specific business rules or communication policies that exist within your organization. For example, your organization may not want users to be able to access or use the NetMeeting chat feature from their computers. By using Active Directory and Group Policy, you can disable the chat feature from any or all computers that are affected by the application of the Group Policy configuration settings. For lists of Group Policy settings that you can use to manage NetMeeting configuration options, see "NetMeeting and Group Policy," earlier in this section. Procedures for Managing NetMeeting Features Through Group PolicyThis subsection provides procedures for the following configuration methods:
To Locate the Group Policy Objects (GPOs) for NetMeeting User configuration Settings
For more information about the GPOs for NetMeeting user configuration settings, see Configuring NetMeeting settings for users through Group Policy, earlier in this section. To Disable the NetMeeting Remote Desktop Sharing Feature Through Group Policy
Note: Computer-related Group Policy settings are applied when the operating system starts and during the periodic refresh cycle. Related LinksYou can learn more about NetMeeting from the following online resources:
(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.) Printed References For more information about firewall design, policy, and security considerations for firewall design in general, you can consult the following reference:
|
In This Article
|
