Securing a Self Hosted Teamspeak Server01 Aug 2019
My teamspeak server recently got borked, so nows the perfect time to learn how to properly secure it.
The first step is to enable advanced permissions
Settings > Options Application > Advanced System Permissions [enable] Ok
You should now see a much larger tree structure when you view the server permissions. An almost overwhelming amount of permissions are actually available.
General Admin Group
Lets get into the server group permissions window.
Permissions > Server Groups
You should have something that looks very similar to the following:
Lets go ahead and copy the
Server Admin groups, by right clicking
Server Admin > Copy. Give it a name, I am using
General Admin. Leave the two drop downs their default and hit ok.
Locking down group permissions
Now that the
General Admin group has been added, lets go ahead and click on it. As the settings are now, a
General Admin could break into any channel regardless of the permissions or passwords set on them. This is called the skip flag.
Client > Skip Channel Group Permissions [disable] Channel > Access > Ignore Channel Passwords [disable]
Now lets change the permission power on the
General Admin to have less power than you, the
Server Admin group. Lets change their power level to 70 from 75.
Group > Modify > Permission Modify Power  Group > Modify > Group Modify Power  Group > Modify > Group Member Add Power  Group > Modify > Group Member Remove Power 
General Admin will be unable to add other people to the
General Admin group, nor edit the group’s permissions. The
Server Admin group is also safe.
Locking down channel permissions
We have to do similar changes to the channel permissions.
Channel > Channel Permission Modify Power  Channel > Modify > Channel Modify Power  Channel > Delete > Channel Delete Power  Channel > Access > Channel Join Power  Channel > Access > Channel Subscribe Power  Channel > Access > Channel Description View Power 
The above permissions protect
General Admin from messing with any channels you protect with the power level 71-75. You still want your
General Admin to be able to create and edit channels generally however. Change the following permissions to enable that.
Channel > Access > Needed Channel Join Power  Channel > Access > Needed Channel Subscribe Power  Channel > Access > Needed Channel Description View Power 
Locking down individual permissions
You can manually change permissions on individuals, these will stick around even after you remove someone from a group. Lets tighen up another attack vector.
Group > Information > View List of Client Permissions [disable]
This single permission disables the entire individual Client Permissions for the
Kick and Ban permissions
If you don’t want your
General Admin to be able to kick each other, change the following permissions.
Client > Admin > Client Kick From Server Power  Client > Admin > Client Kick From Channel Power  Client > Admin > Client Ban From Server Power 
I disable this permissions and only enable it on an individual basis. This is mainly used by bots.
Client > Modify > Create a QueryServer Account
These changes are for all the randos that might join your server and grief everyone. All changes in this section will be on the
Whisper and General Griefing
This permission disables the ability to whisper everyone and anyone as long as you are still in the
Client > Basics > Client Whisper Power [-100]
Now you have a teamspeak server all setup, a
General Admin group that can administrate your server without wrecking it on you.