Solved

Lock Down Network Discovery from Remote Vendor

Posted on 2014-04-17
6
325 Views
Last Modified: 2014-05-03
I have a new server running Windows 2008 R2 with Remote Desktop enabled. This server was  setup for a vendor to access through a vpn connection and they have local admin rights on this computer only.  My goal is to prevent the remote users from seeing any other system on the domain. What would be the best solution to accomplish this? If its group policy, which policy do I need to enable to lock this system down?


Thanks
smartin0924
0
Comment
Question by:smartin0924
6 Comments
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40007472
Enable Access Based Enumeration on your network shares what a user can't see they can't access.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40007560
To do what you are trying to do, place your server in DMZ network if you already have where environment is already locked down

Then only open required ports from DMZ server to production network with required servers only

The same thing can be achieved through Antivirus software as well (Symantec , Mcafee can do this) if you don't have DMZ network, in that case you can place AV rules to block NetBIOS broadcast, local resources in RDP, block application installation.
Also you can use GPO to block many items and effectively decide what logged on user can do and can't do

Now your vendor can logon to server through VPN and can access only logged on server and can't see most of the production network

Mahesh.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40007923
I would just create a separate vlan and put the server there.


Then you can control what it can or cannot access using access-list.

You will also need a firewall rule to block the vpn user from accessing other servers, of course.  (if you are using firewall vpn)
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 1

Accepted Solution

by:
smartin0924 earned 0 total points
ID: 40013923
None of the provided answers are an option at this time. There has to be some way to prevent users from seeing other computers on the network.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40027933
You can try with disabling workstation and Computer browser service so that users cannot see other computers on network and also same time cannot access them as well.

You can deploy this change through GPO \ local group policy (Gpedit.msc)
0
 
LVL 1

Author Closing Comment

by:smartin0924
ID: 40039029
The answers provided did not solve my problem.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now