restrict access to terminal services session in (Manage mode)

J

J

Hello,

First off thanks to anyone out there that adds there input to this question.

I have a W2k domain and I'm looking to restrict peoples ability to use the
RDP client to access one of my servers. I've disabled the use of mstsc.exe
on the domain computer accounts via GPO but this policy cannot be applied
globally as certain engineers need to use the RDP client for there day to
day job. Is there a way to restrict access to a terminal server running in
manage mode via IP, or MAC address, or by some other means?

My ideal solution is that users using a rdp client cannot get to the logon
screen of a terminal server in manage mode unless they are authorized.

Thanks in advance for any help.

J
 
S

Steven L Umbach

A user needs the logon locally user right to logon to a computer via TS in W2K.
Another way would be to configure ipsec filtering policy on that server to accept
port 3389 traffic from specific IP addresses. You could start with a mirrored block
all traffic on port 3389 and then add a mirrored permit rule creating a filter with
IP addresses of the allowed computers. See the links below for details on ipsec
filtering. --- Steve

http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/default.aspx?scid=kb;en-us;313190
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Citrix session within terminal services client. 1
Restrict Access to Domain Servers from Workgroup Computers 1
Group Policy and Terminal Services. 1
Control a terminal server in apps mode 0
RDP in RDP 0
is there a policy to stop users from connnecting local drives in RDP session 2
How to use Access 2007 FrontEnds over Terminal Services? 17
Terminal Services Manager in an XP MMC 1

Top