Preventing users from accessing servers from a specific computer

Posted on 2009-04-24
Last Modified: 2013-12-04
Does anyone know how to prevent users from accessing a server from a specific workstation.

We have a workstation that has SQL Express installed, users can log into it and use the local database. We do not want these users to connect to network servers and access the databases on the network.

The users should have access to these databases from our Terminal Server as access is required when using certain applications which use Windows Authentication to write to tables in the databases.

Any way to prevent access from that specific workstation (regardless of the user logged in)? Or is there any way to limit the SQL Manager to only connecting to local databases.

If anyone knows a way of doing this through AD or some Windows settings, that would be great.

I've tried to setup a GPO (under User Rights Assignments) and set the specific workstation in the "Deny access to this computer from the network". But I believe this setting is specifically for users not computer objects.

I have tried creating a group in AD, adding the group to the security properties of the server object and set permissions to deny on the Allowed to Authenticate option (I've tried denying everything too).
Question by:lgropper
    LVL 6

    Assisted Solution

    Could be a simpel as configuring the windows firewall to close the ports for SQL...
    You could also disble remote connections. This article explains some of your options:
    LVL 14

    Accepted Solution

    Currently, SQL Server 2005 can not block a client request based on IP Address automatically and it requires the administrator to use one of the following operating system tools to workaround.

    (1) Firewall

    When enabling exception for SQL Server port, the administrator can specify which ip addresses/network to be allowed to connect to it. Currently Window Firewall is available on windows XP and windows 2003.

    (2) IP Sec

    Configure IP Sec policy to block ip address from the machine. IPSec is available on windows 2000, XP and windows 2003.

    (3) RRAS IP Filter

    Configure RRAS to drop the traffic from the ip address. RRAS is only available on windows server products. such as windows 2000 and windows 2003.

    Refer to


    Author Closing Comment

    Thanks for the help, very informative. I ended up going with the Windows Firewall solution

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    OfficeMate Freezes on login or does not load after login credentials are input.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now