• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

Remote access to Windows 7 from outside but no access to internal LAN, but still need Admin management internally.

I know how to give remote access to the machine. What I'm trying to come up with, is a way to keep internal access to this PC for administration, but yet block this machine from access internal resources, like servers, PCs, printers, etc.. when they remote to it.
0
Harold
Asked:
Harold
  • 5
  • 3
1 Solution
 
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
Create OU on you domain.
Also create GPO based on what you want to achieved.
Assign the GPO to the OU.

Regards
0
 
MaheshArchitectCommented:
The two statements are exactly conflicting

When you said that you required machine access for administration, why you want to restrict access to resources, I mean then how you can do administration with machine ?

Mahesh.
0
 
HaroldNetwork EngineerAuthor Commented:
Mahesh: restrict the person remotely connecting only access to the machines resources and it is still connected to our LAN, so we can manage. Kind of like creating an ACL in a router, to let traffic in but yet controlling where it can go.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
MaheshArchitectCommented:
Ok
Got it
So in that case you if you have windows firewall between your servers and that client machine, then only its possible to restrict him to that workstation only

The ideally the client machine should be kept in DMZ network (If you have one) so that most of the resource access is already getting blocked and remaining you can put more firewall rules so that only required resources can be accessed by client machine

Mahesh.
0
 
HaroldNetwork EngineerAuthor Commented:
The ideally the client machine should be kept in DMZ network (If you have one) so that most of the resource access is already getting blocked and remaining you can put more firewall rules so that only required resources can be accessed by client machine

I like this idea, but wandering how much of pain it will be, since our router and firewall are all managed be our service provider.
0
 
MaheshArchitectCommented:
If it is managed by service providers, you can ask him for required workstation access and port restrictions etc and he can do that for you

You only need to tell him what exactly the requirement and how would you want to access client system from internet \ intranet.
0
 
HaroldNetwork EngineerAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for hdoolittle's comment #a39984420
Assisted answer: 175 points for MaheshPM's comment #a39985023

for the following reason:

Mahesh: working with ISP now. We're moving forward well, thanks!
0
 
HaroldNetwork EngineerAuthor Commented:
I was trying to give all the point to Mahesh, but via to of his replies. I must have hit something wrong.
0
 
HaroldNetwork EngineerAuthor Commented:
Thanks!! The DMZ option was perfect.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now