Solved

How do I prevent mstsc from connecting to external ip addresses?

Posted on 2009-04-03
5
690 Views
Last Modified: 2012-05-06
We have an issue of employees using thier home machines to surf to blocked sites. Most of our employees use remote desktop for thier daily work so what we need to do is to allow remote desktop to work on our lan but prevent it from connecting out to the internet. We could use the firewall to do so, but we have not set any outside rules on the firewall and unfortunatly, you can't just set one, you have to do them all.
I would like to set the windows firewall to do this and apply it via GPO. Is this possible, and if so, how would I configure it?
0
Comment
Question by:fishsauce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 1

Expert Comment

by:njmatt
ID: 24061858
In windows Firewall settings, click Add Port in the exceptions list.
Port #3389. Then click Change Scope. Set it to My Network Only.
Make sure users do not have admin rights to change this later on.
0
 
LVL 1

Expert Comment

by:njmatt
ID: 24061897
Actually you will probably have to do this from Windows Firewall with Advanced Security mmc. Create the new outbound rule. Then right-click after to get the properties... change the scope from the scope tab.
0
 

Author Comment

by:fishsauce
ID: 24062227
I'd like to do it through the GPO. I have quite a few computers that I want to do this to without having to connect to each one.
0
 
LVL 1

Accepted Solution

by:
njmatt earned 500 total points
ID: 24062982
sorry missed your last line there. You can do it. you'll have to edit the Default Domain Policy from Group Policy Management.

Default Domain Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security

I think if you add the one rule to the domain GPO and the run Loopback processing with merge it may work. That way both sets of rules merge together. Check this out:
http://technet.microsoft.com/en-us/library/cc782810.aspx




0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question