I would certainly make sure that any users set up on the target machine have
sensibly strong passwords but no doubt you already addressed that risk.
You can stop the last user name being displayed at logon which further
reduces any clues, and of course rename the administrator. You can probably
restrict things further using file permissions with a purpose designed
"User" if you like but this would be useless if an admin ID and password
could be gained. Course if the whole point is for you personally to remote
administer that is a dead end. Another possibility is to apply a limit to
the number of failed logons, imposing say a 10 minute lockdown if logon
fails (say) 3 times. Can't claim to be an expert on the subject but I think
it's more likely you would be caught out a by a silly error than a
determined bit of hacking unless there is some reason to suspect being
targeted.
You could also try asking in one of the security or networking groups - you
can install the client and it's .dll on any Windows from 95 up but only XP
and W2003 have the "Server" so try the 2003 groups if you like as I'm sure
many server operators will have asked this very same question. W2000 no use
as it has no server component.
Charlie
