Re: How can I prevent a TS user from TS or RDP to another server?
From: John Smith (someone_at_microsoft.com)
Date: 07/30/04
- Previous message: Rashmi.K.Y [MSFT]: "RE: Administrator does not have sufficient privilege to add devices"
- In reply to: Colin Nash [MVP]: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Next in thread: Roger Abell: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Reply: Roger Abell: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jul 2004 02:51:46 GMT
Sorry, let me try to make it clear...
These people are contractors/vendors (ie. Cisco Engineers hired to
troubleshoot Win2KSVR box with CallManager installaed on it), the VPN into
my workplace and then they can TS or RDP to the specific designated server.
So, I just want them to be able to TS or RDP to this box only and if they
try to open a TS or RDP to another box it would be restricted.
The problem is that they have to be Domain Admins in order to manage this
box. So, is there any way to actually include this user on a OU; let's say
"Vendors" and manage the Terminal Server connection or Remote Desktop
Connection via a GPO setting or so?
Thank you very much....
Hector
and
"Colin Nash [MVP]" <cnash x@x mvps.org> wrote in message
news:e1hc0obdEHA.244@TK2MSFTNGP12.phx.gbl...
> So he's a Domain Admin but you don't want him administering your domain?
> Maybe I don't understand...
>
>
> "GX" <GX@DOMAIN.com> wrote in message
> news:9CdOc.333$Hu2.108@tornado.tampabay.rr.com...
> > Big Picture
> >
> > How can I prevent a TS user from TS or RDP to another server?
> >
> >
> >
> > Scenario:
> >
> > Users (Vendors) log into my organization via VPN. They are setup on the
> > VPN
> > under a group which has only access to one machine and back via RDP.
(i.e.
> > Microsoft Group has access to the Microsoft Server Box, now we setup
John
> > on
> > the Microsoft group and he has only RDP access to the Win2KSVR). In
order
> > for them to get into the Win2KSVR they are also setup on the network as
> > jdoe
> > (Domain Admins) and that's the way he log into the Win2KSVR.
> >
> >
> >
> > Concern:
> >
> > John VPN into organization and RDP to Win2KSVR did what he needed to do
> > and
> > opened the network neighborhood and saw all the servers we have. Now he
> > wants to browse and log into the boxes he has no need in loging in.
> >
> >
> >
> > Question:
> >
> > How can I prevent a user from login into another machine via TS or RDP
> > when
> > they are login into a machine via TS or RDP?
> >
> >
>
>
>
- Previous message: Rashmi.K.Y [MSFT]: "RE: Administrator does not have sufficient privilege to add devices"
- In reply to: Colin Nash [MVP]: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Next in thread: Roger Abell: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Reply: Roger Abell: "Re: How can I prevent a TS user from TS or RDP to another server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
