Restrict Terminal Server Logon by IP

Posted on 2010-08-25
Last Modified: 2013-11-21
I would like to know if there is a way in Active Directy to restrict logon to SVR 03 Terminal Server to only my local IP ranges for all users but my managers and myself.
I was going to setup two Security Groups or OUs if need be to restrict access but cannot seem to figure the IP part of it.
I don't want to go through the hassle of VPN clients for only the managers, etc.
Thanks in advance.
Question by:richakr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 30

Expert Comment

by:Brad Howe
ID: 33526377
This is not possible in windows 2003. In 2008, you can use RDS gateway but nothing like that in 2003.
You can deny access to a computer from the network via Local Security Policy on the target machine, by Groups, and Usernames, but not by IP Segment. To accomplish this you would need to filter on the firewall side.
LVL 31

Accepted Solution

Cláudio Rodrigues earned 500 total points
ID: 33544195
What you can do is to use two NICs and then get SecureRDP4 (search on Google for it) and for one NIC, use SecureRDP to filter by IP address and for the other one, on the RDP-tcp listener for that NIC, only allow you and the other people you want to connect to it.
That will do what you want.

Cláudio Rodrigues
Microsoft MVP - Remote Desktop Services
Citrix CTP

Expert Comment

ID: 33548379
you can restrict with creating ACL in your switch
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 30

Expert Comment

by:Brad Howe
ID: 34657617
Object, I would vote to delete this question. Points should not be award.
LVL 74

Expert Comment

by:Glen Knight
ID: 34657752
The 2x product referenced in the comment I suggested as the answer does exactly as the author has requested.

See here for further details:
LVL 30

Expert Comment

by:Brad Howe
ID: 34657815
So does upgrading, but the author has not responded.

ACL's on a switch work just as fine so does a properly configured firewall.

LVL 74

Expert Comment

by:Glen Knight
ID: 34657919
Upgrading their entire OS as spouses to installing a pluton? They may not have managed switches and/or the skills to do it.

The job of the CV is to pick the most appropriate answer or delete if no answer is available.  I believe the answer I suggested provides a feasible and achievable answer.
LVL 30

Expert Comment

by:Brad Howe
ID: 34657955
Hey, I'm arguing that the answer is wrong. I just don't think that it is justied as the only correct response without the author commenting, hence request for deletion.

The fact you state, They may not... gives doubt.

Leave it as then, not trying to give you are hardtime, i just see this often with others were the question goes dead and we still award points. As per the question, it was still answered. No it is not possible.. :)


Expert Comment

ID: 34690204
Following an 'Objection' by hades666 (at to the intended closure of this question, it has been reviewed by at least one Moderator and is being closed as recommended by the Cleanup Volunteer.
Thank you,
Community Support Moderator

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question