none
Secure Virtual Machines

    Question

  • Hello,

    I'm looking to get the best advice on setting up the following scenario. We have two Computers in a dedicated room that will be used to connect to a set of virtual machines. The Virtual machines will have a mapped drive that contains sensitive information so we want to lock things down so that users can only connect to these virtual machines (using RDP) from the two computers in the dedicated room and only certain users can connect to the virtual machines. Any ideas on how to best achieve this?

    Monday, August 25, 2014 6:02 PM

All replies

  • You can use restricted groups in Group Policy to do this.

    http://www.frickelsoft.net/blog/?p=13

    Add the users to the remote desktop users group.

    You can then use the windows firewall with advanced security settings to enable the RDP rule and only allow connections from your two machines.


    If my answer helped you, check out my blog: <a href="http://DeployHappiness.com"> DeployHappiness.</a> Subscribe by <a href="http://feeds.feedburner.com/Deployhappiness"> RSS</a> or <a href="http://feedburner.google.com/fb/a/mailverify?uri=Deployhappiness"> email.</a> 

    Monday, August 25, 2014 6:34 PM
  • Thanks , this gives me a start. What I also need to achieve is the Students that are using those two computers can only logon from those two computers because I will also need to give access to Professors from their offices. It's not likely that the student would gain access to the professors computer but I just want them to be able to only logon to the virtual machines from those two computers. Because according to your solution above, I will also add the professors computer to the firewall rule so in theory if the Student gets access to Professors machine he would be able to logon to the VMs, correct?
    • Edited by coder128 Monday, August 25, 2014 8:38 PM
    Monday, August 25, 2014 8:36 PM
  • The student would also need the username/password for the professor.

    If my answer helped you, check out my blog: http://DeployHappiness.com

    Tuesday, August 26, 2014 1:10 PM
  • I'm playing around with the windows advanced firewall and when I turn it on for the Domain it blocks my computer even though I added my computer as a computer to allow to logon. Any ideas? 
    Tuesday, August 26, 2014 3:46 PM
  • The Virtual Machines are Windows 7. There are only going to be like 3 Virtual machines so I'm just going to use Windows Firewalll advanced on the local VMs. When I choose the Computers to allow in in forces me to secure the connection and it seems like that may be causing the issue. Will remote desktop clients connect if they are required to use secure?
    Tuesday, August 26, 2014 9:10 PM