Learn how to a build a cloud-first strategyRegister Now


How to limit access to Remote Desktop to mobile users?

Posted on 2005-04-29
Medium Priority
Last Modified: 2013-12-04
I am running Windows Small Business Server 2k3.  I have a vpn setup using remote access and the windows xp client.   Everything on the vpn is working fine.  The problem I am having is restricting access to the mobile users group.  I have 1 client that needs access to remote desktop through the vpn and that works fine.  I don't want the other 3 clients to have access to remote desktop at all.  I also don't want them to have any access to the few file shares I have inside the network.  Actually the only access they need is to the internal webserver and my MS sql server via access.  Any help would be greatly appreciated.  Thanks.
Question by:allanhendershot
  • 2
  • 2
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points
ID: 13896864
A personal firewall on the pc's would be good, it would allow you to block the access to the servers/ports you specify, no matter where they are coming from.
You may consider changing the port for TS/RD to a non standard port the other clients wouldn't be aware of, and useing the XP RemoteDesktop client (which can be installed on most M$ os's) will allow you to have the user specify the port to use
Conntect to: serverX:1234 (1234 would be the destination port on the TS/RD server you changed the listening port to)
This doesn't eliminate the share issue, which could be resolved with using share and NTFS permissions to keep the unwanted account off of them.

Author Comment

ID: 13897074
The remote desktop solution presented above will work in the short term but the problem is that the users in question are in another state and I don't know who else will have access to their system.  Hiding the port will help in the short term but a simple port scan would reveal the remote desktop port  as open and potentially lead to a system compramise.   I was hoping to limit access either through some sort of policy or through active directory maybe.   I am just not sure how to go about it.  I have tried creating a severaly limited group in active directory and setting it up to have access to the vpn but little else, but they can still log into local machines through remote desktop with their user accounts.  
LVL 25

Accepted Solution

mikeleebrla earned 800 total points
ID: 13897892
perhaps i am missing something, but when you allow remote desktop connections you have to option to select which users can connect to the server.  All you have to do is select which users you want to allow, and don't allow the others.  This is done on the remote tab of the system properties. (rightclick my computer and choose properties to get to the system properties).
LVL 38

Expert Comment

by:Rich Rumble
ID: 13901792
mikeleebrla is correct, i totally missed this solution, KISS (keep it simple stupid)

Author Comment

ID: 13908892
Thanks.  that answeres the question.  I was overcomplicating things.  So obvious and simple I completely missed it.  

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month20 days, 21 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question