How can I prevent a TS user from TS or RDP to another server?

From: GX (GX_at_DOMAIN.com)
Date: 07/29/04

• Next message: bill hou: "Administrator does not have sufficient privilege to add devices"
• Previous message: HACKED OFF: "HELP, Hacked with machine account"
• Next in thread: Miha Pihler: "Re: How can I prevent a TS user from TS or RDP to another server?"
• Reply: Miha Pihler: "Re: How can I prevent a TS user from TS or RDP to another server?"
• Reply: Colin Nash [MVP]: "Re: How can I prevent a TS user from TS or RDP to another server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Jul 2004 21:03:01 GMT

Big Picture

How can I prevent a TS user from TS or RDP to another server?

Scenario:

Users (Vendors) log into my organization via VPN. They are setup on the VPN
under a group which has only access to one machine and back via RDP. (i.e.
Microsoft Group has access to the Microsoft Server Box, now we setup John on
the Microsoft group and he has only RDP access to the Win2KSVR). In order
for them to get into the Win2KSVR they are also setup on the network as jdoe
(Domain Admins) and that's the way he log into the Win2KSVR.

Concern:

John VPN into organization and RDP to Win2KSVR did what he needed to do and
opened the network neighborhood and saw all the servers we have. Now he
wants to browse and log into the boxes he has no need in loging in.

Question:

How can I prevent a user from login into another machine via TS or RDP when
they are login into a machine via TS or RDP?

• Next message: bill hou: "Administrator does not have sufficient privilege to add devices"
• Previous message: HACKED OFF: "HELP, Hacked with machine account"
• Next in thread: Miha Pihler: "Re: How can I prevent a TS user from TS or RDP to another server?"
• Reply: Miha Pihler: "Re: How can I prevent a TS user from TS or RDP to another server?"
• Reply: Colin Nash [MVP]: "Re: How can I prevent a TS user from TS or RDP to another server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to configure for Two different IP subnets ... Active Directory will go haywire in a setup like that. ... AD integrates with the local DNS, so you cannot use the DNS at your ISP ... With Server 2003 Standard ... for its internal interface (ie the VPN endpoint). ... (microsoft.public.windows.server.networking) Re: Port Forwarding? ... Here is my current setup at home. ... D-Link Wireless Router ... The term "Virtual Server" is D-Link speak for port forwarding. ... supports VPN passthru, so you'll have to setup a VPN client on the ... (microsoft.public.windowsxp.network_web) Re: Specified network name is no longer available ... ISP says nothing wrong with the connection.. ... Also it works just fine if the guys make a dial up VPN connection to ... On it's own the SBS2003 server worked well, ... So Site B was setup. ... (microsoft.public.windows.server.sbs) RDP to internal client machine? ... Have the router successfully setup to allow VPN to the server, ... to then RDP to other computers within the network, ... machines within the network I ... (microsoft.public.windows.server.sbs) Re: How to configure for Two different IP subnets ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... I realize this is actually way more than I need for my setup, ... setting up a server is more than I even actually need. ... server with the outside Wan coming into one and the network setup on the ... (microsoft.public.windows.server.networking)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint