I have the following situation:
Server 2008 with Terminal Server Gateway and Terminal Server Web access
Server 2008 with Terminal Services
People need to login for specific programs and should not log on directly using remote desktop (this would probably be an Port block. The administrator account should not be allowed to login to the website but should be able to login over normal RDP.
Currently the Terminal Services computer is also an Web access server and open from the Internet, I know i can "deny" rights to login over the Gateway to connect to the server, but I cannot deny login rights for the web access.
Now the real problem, I am able to login to the web page, but I also need to have a port opened for the normal RDP session to the computer since the computer is opened from the Internet.
1. Is it possible to deny Administrator login to the website, but allow (internal) RDP Sessions.
2. Is it possible to allow only users to login over the webpage but not directly to the RDP.
3. Would it be possible to only have port 443 (https) open for all the connections.