Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

Preventing users from accessing servers from a specific computer

Does anyone know how to prevent users from accessing a server from a specific workstation.

We have a workstation that has SQL Express installed, users can log into it and use the local database. We do not want these users to connect to network servers and access the databases on the network.

The users should have access to these databases from our Terminal Server as access is required when using certain applications which use Windows Authentication to write to tables in the databases.

Any way to prevent access from that specific workstation (regardless of the user logged in)? Or is there any way to limit the SQL Manager to only connecting to local databases.

If anyone knows a way of doing this through AD or some Windows settings, that would be great.

I've tried to setup a GPO (under User Rights Assignments) and set the specific workstation in the "Deny access to this computer from the network". But I believe this setting is specifically for users not computer objects.

I have tried creating a group in AD, adding the group to the security properties of the server object and set permissions to deny on the Allowed to Authenticate option (I've tried denying everything too).
2 Solutions
Could be a simpel as configuring the windows firewall to close the ports for SQL...
You could also disble remote connections. This article explains some of your options: http://support.microsoft.com/kb/914277
Currently, SQL Server 2005 can not block a client request based on IP Address automatically and it requires the administrator to use one of the following operating system tools to workaround.

(1) Firewall

When enabling exception for SQL Server port, the administrator can specify which ip addresses/network to be allowed to connect to it. Currently Window Firewall is available on windows XP and windows 2003.


(2) IP Sec

Configure IP Sec policy to block ip address from the machine. IPSec is available on windows 2000, XP and windows 2003.


(3) RRAS IP Filter

Configure RRAS to drop the traffic from the ip address. RRAS is only available on windows server products. such as windows 2000 and windows 2003.

Refer to http://www.microsoft.com/technet/archive/winntas/proddocs/rras40/rrasch03.mspx?mfr=true 


lgropperAuthor Commented:
Thanks for the help, very informative. I ended up going with the Windows Firewall solution

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now