lgropper
asked on
Preventing users from accessing servers from a specific computer
Does anyone know how to prevent users from accessing a server from a specific workstation.
We have a workstation that has SQL Express installed, users can log into it and use the local database. We do not want these users to connect to network servers and access the databases on the network.
The users should have access to these databases from our Terminal Server as access is required when using certain applications which use Windows Authentication to write to tables in the databases.
Any way to prevent access from that specific workstation (regardless of the user logged in)? Or is there any way to limit the SQL Manager to only connecting to local databases.
If anyone knows a way of doing this through AD or some Windows settings, that would be great.
I've tried to setup a GPO (under User Rights Assignments) and set the specific workstation in the "Deny access to this computer from the network". But I believe this setting is specifically for users not computer objects.
I have tried creating a group in AD, adding the group to the security properties of the server object and set permissions to deny on the Allowed to Authenticate option (I've tried denying everything too).
We have a workstation that has SQL Express installed, users can log into it and use the local database. We do not want these users to connect to network servers and access the databases on the network.
The users should have access to these databases from our Terminal Server as access is required when using certain applications which use Windows Authentication to write to tables in the databases.
Any way to prevent access from that specific workstation (regardless of the user logged in)? Or is there any way to limit the SQL Manager to only connecting to local databases.
If anyone knows a way of doing this through AD or some Windows settings, that would be great.
I've tried to setup a GPO (under User Rights Assignments) and set the specific workstation in the "Deny access to this computer from the network". But I believe this setting is specifically for users not computer objects.
I have tried creating a group in AD, adding the group to the security properties of the server object and set permissions to deny on the Allowed to Authenticate option (I've tried denying everything too).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER