• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3177
  • Last Modified:

Restrict login to terminal services by user by IP address range

all my users at the office use terminal services to do their work on one of our servers. As the system is installed, some of my users need to access the system from remote locations outside the firewall. I have setup everything so that they can have access.
My problem is the following, i want to restrict a few users from login in to their terminal service session if they are outside the firewall without using a VPN. Because, right know, if somebody knows the server address (and they all know it), they can login to their session.
Is there a type of a user policy I can use that would allow a user to login the terminal services if the machine he uses to connect is within a private IP address range?
1 Solution
Simple logon script that will do logoff based on IP address or IP address range can solve problem for you...

Hope this help!
vortex350Author Commented:
Could you give me an example?
Toni UranjekConsultant/TrainerCommented:
Hi vortex350,

Try this utility: http://www.2x.com/securerdp/download.html
You will have to register to download but it's freeware.


a simple way to do this is to go to properties of your computer and go to remote tab and on the remote desktop portion go to select users and you can choose a computer name by this way you will restrict the access but the computer name which will resolve to an ip
Rob WilliamsCommented:
>>" i want to restrict a few users from login in to their terminal service session if they are outside the firewall without using a VPN"
Not sure I understand the question. Users can only connect to your terminal server with out using the VPN, if you have port 3389 forwarded to the terminal server. Remove the forwarding and only VPN users can connect. They will be using the LAN IP not the public IP. It's much more secure to use a VPN for all users.
Perhaps I have misunderstood.

If you also want to restrict VPN users, you can do so with polices in your VPN configuration, assuming they are connecting from a site with a static IP, however, that is probably not the case.

Should you want a logon script that monitors your user connections, and the IP's from which they connect, please advise. That might help with your problem, at least to be able to "slap some hands".

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now