Avatar of Harold
Harold
Flag for United States of America asked on

Controlling LAN access in Windows 7 that is a RDP machine.

We have machine sitting for RDP connections on our LAN(I know security). What we want to do is, have it accessible internally for Admin purposes but block it from a remote users on it, accessing LAN nodes. Is that possible?
Windows 7Security

Avatar of undefined
Last Comment
Harold

8/22/2022 - Mon
Kimputer

If you mean, access from lan okay, access from the internet not okay, just block rdp on the firewall, with the only exception, the internal ip numbers.
If you mean, users can log in from the internet, but have to stay on the machine and not being able to browse the local network, that's highly impractical, and maybe even impossible. The only thing I can imagine, is use a a local account, and don't have this account have access to the network resources.
Harold

ASKER
Why I posted the question, I was asked to do it and couldn't come up with a way and yes it is, to have a user connect from the internet and only access the machine they remote into, which is connected to the LAN.
joinaunion

You can specify the users who can connect. Follow tutorial here, http://4sysops.com/archives/how-to-setup-remote-desktop-with-windows-7/
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Harold

ASKER
joinaunion: this was already done, now I need to block the machine from internal LAN access. Thanks
SOLUTION
Kimputer

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Harold

ASKER
joinaunion: either config offered above, removed from domain, local standard user and creating this rule, after logging in you can still click Network and see all the domain machines.
joinaunion

Is this what your trying to do? You will need to force update to users after the changes  gpupdate /force

http://www.thewindowsclub.com/hide-show-add-remove-control-panel-applets

http://technet.microsoft.com/en-us/library/ee617167%28v=ws.10%29.aspx
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Harold

ASKER
No, we need administrative access to the machine, therefore it would have access from our side, but yet, when the user logs in the access they will have is THE machine NO WHERE else.

Thinking about building a VLAN, put it there and an Admin machine as well, then it'll be segmented.
joinaunion

Doing my suggestion in my last post won't block you from admin rights to there machine it will hide the network icons or any icon you choose to hide from the user.

The only other option I can think of is to turn off network discovery and only allow admins to change it on there machines.
Harold

ASKER
joinaunion: let me take another look at these over the weekend. I'll give it a shot.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Harold

ASKER
joinaunion: I've tried this and see that it is a full machine change, no matter who is logged in. So, does this mean we have to activate the GPO changes each time, when logged in to do maintenance on the machine? In other words, if logged in as Admin, we can have the features there and not for Standard user?
joinaunion

If I understand correctly the changes will apply to the user account only.
Admin account will not apply as its a separate account and you will be able to make whatever changes need be.

You can also trigger gpo each time the user/users log on.
Harold

ASKER
When I'm logged in as Admin and remove, say NIC access, Network leaves the menu.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
LeeTutor

I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
Harold

ASKER
thank you