Restrict access to LAN share if connected via RDP over a VPN
Daft question of the day but here goes:
We have a network share in our AD domain containing confidential data that should not be accessed outside of our office.
We have a couple of users who need access to that share as part of their role but who also need to connect remotely to their Windows 7 PC using our Windows 2008 R2 Remote Access Server by VPN and Remote Desktop Connection.
We want to prevent them accessing the confidential data share if they are connected over the VPN. Is there a way of doing that?
Just make sure the VPN clients get their IP address from a pool, and have that pool input in the firewall as an exception to deny traffic (in the SMB/File Sharing rule).
You should know, information will always get out if someone really wants to, including copying the data to usb, or heck, even taking pics of their screen. That's just how life is, if you give them access, even read only, the information is already out.
If you meant, in the office they can access the share, but if they use VPN to take over their own computer, and suddenly the share should be disabled, that's a totally different story. How can they do their work even without that data? The "problem" with remote control is, that it's meant to work as if they're right there in the office.