penthese
asked on
Terminal Server/RDS gateway block XP users
Hello experts,
our customer wants to block all xp computers which are connecting from outside the network to their remote desktop services (through remote desktop services gateway) (all 2008 R2 servers).
We searched for this but where unable to find a solution.
Is this possible somehow?
Thanks in advance.
our customer wants to block all xp computers which are connecting from outside the network to their remote desktop services (through remote desktop services gateway) (all 2008 R2 servers).
We searched for this but where unable to find a solution.
Is this possible somehow?
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Experts,
Since we have not found a viable option to block XP Users from our terminal servers, we have taken it upon ourselves to develop a program which is capable of doing just that. (With great succes as of now)
We do however wish to thank everyone in this topic that has tried to help us.
Penthese.
Since we have not found a viable option to block XP Users from our terminal servers, we have taken it upon ourselves to develop a program which is capable of doing just that. (With great succes as of now)
We do however wish to thank everyone in this topic that has tried to help us.
Penthese.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for penthese's comment #a40041727
for the following reason:
Developing the program ourselves was our choice in handling this matter.
Accepted answer: 0 points for penthese's comment #a40041727
for the following reason:
Developing the program ourselves was our choice in handling this matter.
Hmmm ... nobody found an existing solution out there, but I think the participants have pointed you into the direction you've chosen at last. Even while that is not the preferred one - developing sth new is usually the last resort - wouldn't you think the experts have earned some points in that case ?
I agree with frankhelk.
Question was "Is this possible somehow?". Both frankhelk and I suggested mechanisms for doing this, and noted that custom development was probably required - the exact solution you opted to go with.
Question was "Is this possible somehow?". Both frankhelk and I suggested mechanisms for doing this, and noted that custom development was probably required - the exact solution you opted to go with.
ASKER
Hello experts,
Despite having the costumer service look at this and agree with me, stating that: "Hello,
You are correct, there is no reward for trying – accepted solutions are accepted solutions."
I will awards you points for pushing me into the direction of development, the program works correctly and we are very happy with it.
Have a good day,
Penthese.
Despite having the costumer service look at this and agree with me, stating that: "Hello,
You are correct, there is no reward for trying – accepted solutions are accepted solutions."
I will awards you points for pushing me into the direction of development, the program works correctly and we are very happy with it.
Have a good day,
Penthese.
I haven't tested tsver.exe see if it works in 2008, and I can't find any references. You may want to try the 2000 version of the tool to see if it works under 2008, but I wouldn't count on it.
As far as I know there is no group policy setting for this either, and I'm not aware of any public tools that will do it.
I didn't do a lot of research, but unless tsver works in 2008, I suspect you'd have to build (or have built) a custom tool to do this. Looks like the Client Build Number is reported to the server, so that probably isn't too difficult to do.
I'm not sure why you need this restriction, but if it is due to security concerns,you may want to consider limiting connections to clients using Network Level Authentication. XP clients can still connect, but only at XP SP3 with the CredSSP enabled - at least until you can find or develop a tool to block XP clients completely.
http://technet.microsoft.com/en-us/library/cc732713.aspx