butterhook
asked on
Remote desktop user permissions over RRAS / VPN
Hi there
This is the plan:
Users authenticate using their domain credentials over RRAS.
They use RDP to connect to their workstation - they know the internal DNS name of that workstation.
Everyone's happy.
Is it possible to configure specific user accounts within Active Directory to only be able to connect into certain internal resources/devices via some kind of firewall?
e.g. user1 would only be allowed to use RDP on computer1.internal.domain. com and shared drive on server1.internal.domain.co m and wouldn't be able to see/scan any other devices
Thanks in advance
This is the plan:
Users authenticate using their domain credentials over RRAS.
They use RDP to connect to their workstation - they know the internal DNS name of that workstation.
Everyone's happy.
Is it possible to configure specific user accounts within Active Directory to only be able to connect into certain internal resources/devices via some kind of firewall?
e.g. user1 would only be allowed to use RDP on computer1.internal.domain.
Thanks in advance
ASKER
Yeah it'd be group policy, I imagine from various Windows client OS, some Macs too!
Around 14 users.
So you reckon that their domain credentials would be enough?
I'd just rather the network couldn't be scanned or accessed other than what that user is specifically allowed.
Around 14 users.
So you reckon that their domain credentials would be enough?
I'd just rather the network couldn't be scanned or accessed other than what that user is specifically allowed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Target machines are XP/7/2008
Thanks for the info. I'm thinking now that it's a case of a group of people that are allowed to use RDP/VPN.
Is this better as an organisational unit, or as a security group do you think?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We've got different OUs for different machine types - but I've got enough information now to figure out how to do it. Thanks so much!
ASKER
ta
No problem at all!
Just post back here if you get any other problems.
Tom
Just post back here if you get any other problems.
Tom
Which OS are the workstations running?
I'm on XP Pro.
If you go to the System applet in Control Panel and go to the Remote tab, then click Select Remote Users, you can select the users who can connect to that machine. This will limit who can connect to what.
BUT
Would you need to roll this out via Group Policy? How many machines are you looking at?
As for the server shares, that's a case of setting the permission on the shares at the server.
Are they basic Windows file shares?
Thanks
Tom