Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restrict Terminal Server Logon by IP

Posted on 2010-08-25
11
Medium Priority
?
785 Views
Last Modified: 2013-11-21
I would like to know if there is a way in Active Directy to restrict logon to SVR 03 Terminal Server to only my local IP ranges for all users but my managers and myself.
I was going to setup two Security Groups or OUs if need be to restrict access but cannot seem to figure the IP part of it.
I don't want to go through the hassle of VPN clients for only the managers, etc.
Thanks in advance.
0
Comment
Question by:richakr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33526377
This is not possible in windows 2003. In 2008, you can use RDS gateway but nothing like that in 2003.
You can deny access to a computer from the network via Local Security Policy on the target machine, by Groups, and Usernames, but not by IP Segment. To accomplish this you would need to filter on the firewall side.
-Hades666
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 2000 total points
ID: 33544195
What you can do is to use two NICs and then get SecureRDP4 (search on Google for it) and for one NIC, use SecureRDP to filter by IP address and for the other one, on the RDP-tcp listener for that NIC, only allow you and the other people you want to connect to it.
That will do what you want.

Cláudio Rodrigues
Microsoft MVP - Remote Desktop Services
Citrix CTP
0
 
LVL 1

Expert Comment

by:alireza1023
ID: 33548379
you can restrict with creating ACL in your switch
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:Brad Howe
ID: 34657617
Object, I would vote to delete this question. Points should not be award.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34657752
The 2x product referenced in the comment I suggested as the answer does exactly as the author has requested.

See here for further details: http://www.2x.com/securerdp/
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 34657815
So does upgrading, but the author has not responded.

ACL's on a switch work just as fine so does a properly configured firewall.

-Hades666
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34657919
Upgrading their entire OS as spouses to installing a pluton? They may not have managed switches and/or the skills to do it.

The job of the CV is to pick the most appropriate answer or delete if no answer is available.  I believe the answer I suggested provides a feasible and achievable answer.
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 34657955
Hey, I'm arguing that the answer is wrong. I just don't think that it is justied as the only correct response without the author commenting, hence request for deletion.

The fact you state, They may not... gives doubt.

Leave it as then, not trying to give you are hardtime, i just see this often with others were the question goes dead and we still award points. As per the question, it was still answered. No it is not possible.. :)

Cheers,
hades666
0
 

Expert Comment

by:_alias99
ID: 34690204
All,
 
Following an 'Objection' by hades666 (at http://www.experts-exchange.com/Q_26759216.html) to the intended closure of this question, it has been reviewed by at least one Moderator and is being closed as recommended by the Cleanup Volunteer.
 
 
Thank you,
 
_alias99
Community Support Moderator
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question