how to isolate an admin access to only 1 server

rastafaray
rastafaray used Ask the Experts™
on
we have 1 win 2003 server that is not a part of the domain.  but its in the same IP range.
DMZ is not an option for us, but we would prefer it that when the user (a/local admin previligdes) logs in, that they do not see any other node on the same network, wether its thru shares (private or otherwsie) or even ping the other nodes.

in a nut-shell we want this 1 server to be isolated.

is this possible?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hello,

you can use W2k8 for this, disallow network browsing via policy . I dont now exactly if this works for W2k3 too.

bytesleuth
Jason WatkinsIT Project Leader

Commented:
Hello,

What is this server doing? Disabling File and Printer Sharing would take care of that, but it would also disable all shares too.

Disabling NetBIOS over TCP/IP will make the server difficult to find on the LAN.
Placing the server in a different WORKGROUP will stop casual browsing through My Network Places/Network Neighborhood.
Firewall exceptions, or the lack therof, will have the machine not respond to PING packets.
>in a nut-shell we want this 1 server to be isolated.

Put it in a different IP subnet range.  If it's only parked there for internet access (like a co-location), then you only need to route from firewall to this new private LAN.

If you don't have a core router to do this, you can still accomplish it with a cheap Linksys or other router.  Disable the wireless on Router 2, of course.
network-isol.srver.jpg

Author

Commented:
thank you for the diagram

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial