Restrict Terminal Server Logon by IP

I would like to know if there is a way in Active Directy to restrict logon to SVR 03 Terminal Server to only my local IP ranges for all users but my managers and myself.
I was going to setup two Security Groups or OUs if need be to restrict access but cannot seem to figure the IP part of it.
I don't want to go through the hassle of VPN clients for only the managers, etc.
Thanks in advance.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Cláudio RodriguesConnect With a Mentor Founder and CEOCommented:
What you can do is to use two NICs and then get SecureRDP4 (search on Google for it) and for one NIC, use SecureRDP to filter by IP address and for the other one, on the RDP-tcp listener for that NIC, only allow you and the other people you want to connect to it.
That will do what you want.

Cláudio Rodrigues
Microsoft MVP - Remote Desktop Services
Citrix CTP
Brad HoweDevOps ManagerCommented:
This is not possible in windows 2003. In 2008, you can use RDS gateway but nothing like that in 2003.
You can deny access to a computer from the network via Local Security Policy on the target machine, by Groups, and Usernames, but not by IP Segment. To accomplish this you would need to filter on the firewall side.
you can restrict with creating ACL in your switch
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Brad HoweDevOps ManagerCommented:
Object, I would vote to delete this question. Points should not be award.
Glen KnightCommented:
The 2x product referenced in the comment I suggested as the answer does exactly as the author has requested.

See here for further details:
Brad HoweDevOps ManagerCommented:
So does upgrading, but the author has not responded.

ACL's on a switch work just as fine so does a properly configured firewall.

Glen KnightCommented:
Upgrading their entire OS as spouses to installing a pluton? They may not have managed switches and/or the skills to do it.

The job of the CV is to pick the most appropriate answer or delete if no answer is available.  I believe the answer I suggested provides a feasible and achievable answer.
Brad HoweDevOps ManagerCommented:
Hey, I'm arguing that the answer is wrong. I just don't think that it is justied as the only correct response without the author commenting, hence request for deletion.

The fact you state, They may not... gives doubt.

Leave it as then, not trying to give you are hardtime, i just see this often with others were the question goes dead and we still award points. As per the question, it was still answered. No it is not possible.. :)

Following an 'Objection' by hades666 (at to the intended closure of this question, it has been reviewed by at least one Moderator and is being closed as recommended by the Cleanup Volunteer.
Thank you,
Community Support Moderator
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.