Solved

Restrict Terminal Server Logon by IP

Posted on 2010-08-25
11
763 Views
Last Modified: 2013-11-21
I would like to know if there is a way in Active Directy to restrict logon to SVR 03 Terminal Server to only my local IP ranges for all users but my managers and myself.
I was going to setup two Security Groups or OUs if need be to restrict access but cannot seem to figure the IP part of it.
I don't want to go through the hassle of VPN clients for only the managers, etc.
Thanks in advance.
0
Comment
Question by:richakr
11 Comments
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33526377
This is not possible in windows 2003. In 2008, you can use RDS gateway but nothing like that in 2003.
You can deny access to a computer from the network via Local Security Policy on the target machine, by Groups, and Usernames, but not by IP Segment. To accomplish this you would need to filter on the firewall side.
-Hades666
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 500 total points
ID: 33544195
What you can do is to use two NICs and then get SecureRDP4 (search on Google for it) and for one NIC, use SecureRDP to filter by IP address and for the other one, on the RDP-tcp listener for that NIC, only allow you and the other people you want to connect to it.
That will do what you want.

Cláudio Rodrigues
Microsoft MVP - Remote Desktop Services
Citrix CTP
0
 
LVL 1

Expert Comment

by:alireza1023
ID: 33548379
you can restrict with creating ACL in your switch
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 34657617
Object, I would vote to delete this question. Points should not be award.
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 74

Expert Comment

by:Glen Knight
ID: 34657752
The 2x product referenced in the comment I suggested as the answer does exactly as the author has requested.

See here for further details: http://www.2x.com/securerdp/
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 34657815
So does upgrading, but the author has not responded.

ACL's on a switch work just as fine so does a properly configured firewall.

-Hades666
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34657919
Upgrading their entire OS as spouses to installing a pluton? They may not have managed switches and/or the skills to do it.

The job of the CV is to pick the most appropriate answer or delete if no answer is available.  I believe the answer I suggested provides a feasible and achievable answer.
0
 
LVL 30

Expert Comment

by:Brad Howe
ID: 34657955
Hey, I'm arguing that the answer is wrong. I just don't think that it is justied as the only correct response without the author commenting, hence request for deletion.

The fact you state, They may not... gives doubt.

Leave it as then, not trying to give you are hardtime, i just see this often with others were the question goes dead and we still award points. As per the question, it was still answered. No it is not possible.. :)

Cheers,
hades666
0
 

Expert Comment

by:_alias99
ID: 34690204
All,
 
Following an 'Objection' by hades666 (at http://www.experts-exchange.com/Q_26759216.html) to the intended closure of this question, it has been reviewed by at least one Moderator and is being closed as recommended by the Cleanup Volunteer.
 
 
Thank you,
 
_alias99
Community Support Moderator
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now