Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lock Down Network Discovery from Remote Vendor

Posted on 2014-04-17
6
Medium Priority
?
336 Views
Last Modified: 2014-05-03
I have a new server running Windows 2008 R2 with Remote Desktop enabled. This server was  setup for a vendor to access through a vpn connection and they have local admin rights on this computer only.  My goal is to prevent the remote users from seeing any other system on the domain. What would be the best solution to accomplish this? If its group policy, which policy do I need to enable to lock this system down?


Thanks
smartin0924
0
Comment
Question by:smartin0924
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40007472
Enable Access Based Enumeration on your network shares what a user can't see they can't access.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40007560
To do what you are trying to do, place your server in DMZ network if you already have where environment is already locked down

Then only open required ports from DMZ server to production network with required servers only

The same thing can be achieved through Antivirus software as well (Symantec , Mcafee can do this) if you don't have DMZ network, in that case you can place AV rules to block NetBIOS broadcast, local resources in RDP, block application installation.
Also you can use GPO to block many items and effectively decide what logged on user can do and can't do

Now your vendor can logon to server through VPN and can access only logged on server and can't see most of the production network

Mahesh.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40007923
I would just create a separate vlan and put the server there.


Then you can control what it can or cannot access using access-list.

You will also need a firewall rule to block the vpn user from accessing other servers, of course.  (if you are using firewall vpn)
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 1

Accepted Solution

by:
smartin0924 earned 0 total points
ID: 40013923
None of the provided answers are an option at this time. There has to be some way to prevent users from seeing other computers on the network.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40027933
You can try with disabling workstation and Computer browser service so that users cannot see other computers on network and also same time cannot access them as well.

You can deploy this change through GPO \ local group policy (Gpedit.msc)
0
 
LVL 1

Author Closing Comment

by:smartin0924
ID: 40039029
The answers provided did not solve my problem.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question