[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I prevent mstsc from connecting to external ip addresses?

Posted on 2009-04-03
5
Medium Priority
?
694 Views
Last Modified: 2012-05-06
We have an issue of employees using thier home machines to surf to blocked sites. Most of our employees use remote desktop for thier daily work so what we need to do is to allow remote desktop to work on our lan but prevent it from connecting out to the internet. We could use the firewall to do so, but we have not set any outside rules on the firewall and unfortunatly, you can't just set one, you have to do them all.
I would like to set the windows firewall to do this and apply it via GPO. Is this possible, and if so, how would I configure it?
0
Comment
Question by:fishsauce
  • 3
4 Comments
 
LVL 1

Expert Comment

by:njmatt
ID: 24061858
In windows Firewall settings, click Add Port in the exceptions list.
Port #3389. Then click Change Scope. Set it to My Network Only.
Make sure users do not have admin rights to change this later on.
0
 
LVL 1

Expert Comment

by:njmatt
ID: 24061897
Actually you will probably have to do this from Windows Firewall with Advanced Security mmc. Create the new outbound rule. Then right-click after to get the properties... change the scope from the scope tab.
0
 

Author Comment

by:fishsauce
ID: 24062227
I'd like to do it through the GPO. I have quite a few computers that I want to do this to without having to connect to each one.
0
 
LVL 1

Accepted Solution

by:
njmatt earned 2000 total points
ID: 24062982
sorry missed your last line there. You can do it. you'll have to edit the Default Domain Policy from Group Policy Management.

Default Domain Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security

I think if you add the one rule to the domain GPO and the run Loopback processing with merge it may work. That way both sets of rules merge together. Check this out:
http://technet.microsoft.com/en-us/library/cc782810.aspx




0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question