Solved

How do I prevent mstsc from connecting to external ip addresses?

Posted on 2009-04-03
5
688 Views
Last Modified: 2012-05-06
We have an issue of employees using thier home machines to surf to blocked sites. Most of our employees use remote desktop for thier daily work so what we need to do is to allow remote desktop to work on our lan but prevent it from connecting out to the internet. We could use the firewall to do so, but we have not set any outside rules on the firewall and unfortunatly, you can't just set one, you have to do them all.
I would like to set the windows firewall to do this and apply it via GPO. Is this possible, and if so, how would I configure it?
0
Comment
Question by:fishsauce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 1

Expert Comment

by:njmatt
ID: 24061858
In windows Firewall settings, click Add Port in the exceptions list.
Port #3389. Then click Change Scope. Set it to My Network Only.
Make sure users do not have admin rights to change this later on.
0
 
LVL 1

Expert Comment

by:njmatt
ID: 24061897
Actually you will probably have to do this from Windows Firewall with Advanced Security mmc. Create the new outbound rule. Then right-click after to get the properties... change the scope from the scope tab.
0
 

Author Comment

by:fishsauce
ID: 24062227
I'd like to do it through the GPO. I have quite a few computers that I want to do this to without having to connect to each one.
0
 
LVL 1

Accepted Solution

by:
njmatt earned 500 total points
ID: 24062982
sorry missed your last line there. You can do it. you'll have to edit the Default Domain Policy from Group Policy Management.

Default Domain Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security

I think if you add the one rule to the domain GPO and the run Loopback processing with merge it may work. That way both sets of rules merge together. Check this out:
http://technet.microsoft.com/en-us/library/cc782810.aspx




0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question