• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 212
  • Last Modified:

Preventing users from accessing servers from a specific computer

Does anyone know how to prevent users from accessing a server from a specific workstation.

We have a workstation that has SQL Express installed, users can log into it and use the local database. We do not want these users to connect to network servers and access the databases on the network.

The users should have access to these databases from our Terminal Server as access is required when using certain applications which use Windows Authentication to write to tables in the databases.

Any way to prevent access from that specific workstation (regardless of the user logged in)? Or is there any way to limit the SQL Manager to only connecting to local databases.

If anyone knows a way of doing this through AD or some Windows settings, that would be great.

I've tried to setup a GPO (under User Rights Assignments) and set the specific workstation in the "Deny access to this computer from the network". But I believe this setting is specifically for users not computer objects.

I have tried creating a group in AD, adding the group to the security properties of the server object and set permissions to deny on the Allowed to Authenticate option (I've tried denying everything too).
2 Solutions
Could be a simpel as configuring the windows firewall to close the ports for SQL...
You could also disble remote connections. This article explains some of your options: http://support.microsoft.com/kb/914277
Currently, SQL Server 2005 can not block a client request based on IP Address automatically and it requires the administrator to use one of the following operating system tools to workaround.

(1) Firewall

When enabling exception for SQL Server port, the administrator can specify which ip addresses/network to be allowed to connect to it. Currently Window Firewall is available on windows XP and windows 2003.


(2) IP Sec

Configure IP Sec policy to block ip address from the machine. IPSec is available on windows 2000, XP and windows 2003.


(3) RRAS IP Filter

Configure RRAS to drop the traffic from the ip address. RRAS is only available on windows server products. such as windows 2000 and windows 2003.

Refer to http://www.microsoft.com/technet/archive/winntas/proddocs/rras40/rrasch03.mspx?mfr=true 


lgropperAuthor Commented:
Thanks for the help, very informative. I ended up going with the Windows Firewall solution
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now