Solved

Lock Down Network Discovery from Remote Vendor

Posted on 2014-04-17
6
332 Views
Last Modified: 2014-05-03
I have a new server running Windows 2008 R2 with Remote Desktop enabled. This server was  setup for a vendor to access through a vpn connection and they have local admin rights on this computer only.  My goal is to prevent the remote users from seeing any other system on the domain. What would be the best solution to accomplish this? If its group policy, which policy do I need to enable to lock this system down?


Thanks
smartin0924
0
Comment
Question by:smartin0924
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40007472
Enable Access Based Enumeration on your network shares what a user can't see they can't access.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40007560
To do what you are trying to do, place your server in DMZ network if you already have where environment is already locked down

Then only open required ports from DMZ server to production network with required servers only

The same thing can be achieved through Antivirus software as well (Symantec , Mcafee can do this) if you don't have DMZ network, in that case you can place AV rules to block NetBIOS broadcast, local resources in RDP, block application installation.
Also you can use GPO to block many items and effectively decide what logged on user can do and can't do

Now your vendor can logon to server through VPN and can access only logged on server and can't see most of the production network

Mahesh.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40007923
I would just create a separate vlan and put the server there.


Then you can control what it can or cannot access using access-list.

You will also need a firewall rule to block the vpn user from accessing other servers, of course.  (if you are using firewall vpn)
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 
LVL 1

Accepted Solution

by:
smartin0924 earned 0 total points
ID: 40013923
None of the provided answers are an option at this time. There has to be some way to prevent users from seeing other computers on the network.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40027933
You can try with disabling workstation and Computer browser service so that users cannot see other computers on network and also same time cannot access them as well.

You can deploy this change through GPO \ local group policy (Gpedit.msc)
0
 
LVL 1

Author Closing Comment

by:smartin0924
ID: 40039029
The answers provided did not solve my problem.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Part One of the two-part Q&A series with MalwareTech.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question