Re: How can I prevent a TS user from TS or RDP to another server?
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 07/29/04
- Next message: Jason Darst: "EFS certificate renewal"
- Previous message: bill hou: "Administrator does not have sufficient privilege to add devices"
- In reply to: GX: "How can I prevent a TS user from TS or RDP to another server?"
- Next in thread: Colin Nash [MVP]: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jul 2004 23:12:50 +0200
Hi,
I am not sure how many (TS) servers you have and how practical this is for
you, but you can do this by managing permissions "Allow logon through
Terminal Services". This is a group policy setting. You can also open
"Terminal Services Configuration" right click on RDP-TCP and select
Properties. Click on Security tab and assign your "guest" user Deny
permission.
Last option that comes to mind -- again I don't know how convenient this is
for you. Setup your TS server in DMZ and deny access from DMZ to LAN on TS
TCP port (TCP port 3389).
I hope this helps,
Mike
"GX" <GX@DOMAIN.com> wrote in message
news:9CdOc.333$Hu2.108@tornado.tampabay.rr.com...
> Big Picture
>
> How can I prevent a TS user from TS or RDP to another server?
>
>
>
> Scenario:
>
> Users (Vendors) log into my organization via VPN. They are setup on the
VPN
> under a group which has only access to one machine and back via RDP. (i.e.
> Microsoft Group has access to the Microsoft Server Box, now we setup John
on
> the Microsoft group and he has only RDP access to the Win2KSVR). In order
> for them to get into the Win2KSVR they are also setup on the network as
jdoe
> (Domain Admins) and that's the way he log into the Win2KSVR.
>
>
>
> Concern:
>
> John VPN into organization and RDP to Win2KSVR did what he needed to do
and
> opened the network neighborhood and saw all the servers we have. Now he
> wants to browse and log into the boxes he has no need in loging in.
>
>
>
> Question:
>
> How can I prevent a user from login into another machine via TS or RDP
when
> they are login into a machine via TS or RDP?
>
>
- Next message: Jason Darst: "EFS certificate renewal"
- Previous message: bill hou: "Administrator does not have sufficient privilege to add devices"
- In reply to: GX: "How can I prevent a TS user from TS or RDP to another server?"
- Next in thread: Colin Nash [MVP]: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
