?
Solved

How do I prevent mstsc from connecting to external ip addresses?

Posted on 2009-04-03
5
Medium Priority
?
691 Views
Last Modified: 2012-05-06
We have an issue of employees using thier home machines to surf to blocked sites. Most of our employees use remote desktop for thier daily work so what we need to do is to allow remote desktop to work on our lan but prevent it from connecting out to the internet. We could use the firewall to do so, but we have not set any outside rules on the firewall and unfortunatly, you can't just set one, you have to do them all.
I would like to set the windows firewall to do this and apply it via GPO. Is this possible, and if so, how would I configure it?
0
Comment
Question by:fishsauce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 1

Expert Comment

by:njmatt
ID: 24061858
In windows Firewall settings, click Add Port in the exceptions list.
Port #3389. Then click Change Scope. Set it to My Network Only.
Make sure users do not have admin rights to change this later on.
0
 
LVL 1

Expert Comment

by:njmatt
ID: 24061897
Actually you will probably have to do this from Windows Firewall with Advanced Security mmc. Create the new outbound rule. Then right-click after to get the properties... change the scope from the scope tab.
0
 

Author Comment

by:fishsauce
ID: 24062227
I'd like to do it through the GPO. I have quite a few computers that I want to do this to without having to connect to each one.
0
 
LVL 1

Accepted Solution

by:
njmatt earned 2000 total points
ID: 24062982
sorry missed your last line there. You can do it. you'll have to edit the Default Domain Policy from Group Policy Management.

Default Domain Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security

I think if you add the one rule to the domain GPO and the run Loopback processing with merge it may work. That way both sets of rules merge together. Check this out:
http://technet.microsoft.com/en-us/library/cc782810.aspx




0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question