Se connecter
 
AccueilLibrairieFormationTéléchargementsSupport techniqueCommunautésForums
Pour les professionnels de l’informatique >
Limiting list of RDP servers to access

Traitée Limiting list of RDP servers to access

  • lundi 21 mai 2012 19:40
     
     
    Connectez-vous pour voter
    0

    I would like to limit access to servers via RDP to only specific servers.  I realize I can limit it via permissions to the server, but this client would like to limit the ability to manually type in a server name or IP address in to the RDP app.  Is this even possible.  Ideally, the user would only be able to access servers that were in the drop down list and not have the ability to type anything in the 'Computer' field at all.

    They think it used to be set up that way. 

    Does anyone know if this is possible or how this might be accomplished?

    Any help would be greatly appreciated.

    Thank you.

     

Toutes les réponses

  • mardi 22 mai 2012 08:01
    Modérateur
     
     
    Connectez-vous pour voter
    0

    I would like to limit access to servers via RDP to only specific servers.  I realize I can limit it via permissions to the server, but this client would like to limit the ability to manually type in a server name or IP address in to the RDP app.  Is this even possible.  Ideally, the user would only be able to access servers that were in the drop down list and not have the ability to type anything in the 'Computer' field at all.

    They think it used to be set up that way. 

    Does anyone know if this is possible or how this might be accomplished?


    It seems that it is impossible.To limit access to the target server, the acess control is always set on the target server. And the default .rdp file is writeable by the user because it is located in the user's Documents file by design.

    Regards,
    Clarence
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contacttnmff@microsoft.com

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


     
  • mardi 22 mai 2012 08:34
     
     
    Connectez-vous pour voter
    0
    You can put a RD Gateway server, even tough this is used for external clients, but that way you can create rules on witch servers users can connect. On the RD Session Host servers create a firewall rule to deny all RDP traffic and allow 443 traffic only from the RD Gateway server. Now users will use the RD Gateway FQDN to create RDP connections, and will not be able to connect using the RD Session Host server name.

    Adrian Costea - MCP, MCTS, MCSA 2003, MCITP: Windows 7

    My Blog: www.vkernel.ro/blog

     
  • lundi 28 mai 2012 03:41
    Modérateur
     
     
    Connectez-vous pour voter
    0
    Hi,

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,
    Clarence
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contacttnmff@microsoft.com.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     
  • lundi 28 mai 2012 16:24
     
     
    Connectez-vous pour voter
    0

    I'm not sure the RD Gateway server method will work since I don't have access to their firewall rules and I don't think they want to get too elaborate.  I was hoping for a way to simple disable the 'computer' field and limit access via a list of some sort. 

    Is this even possible?

     
  • mardi 29 mai 2012 08:21
    Modérateur
     
     Traitée
    Connectez-vous pour voter
    0

    I'm not sure the RD Gateway server method will work since I don't have access to their firewall rules and I don't think they want to get too elaborate.  I was hoping for a way to simple disable the 'computer' field and limit access via a list of some sort. 

    Is this even possible?


    As i know, if you have a full administrative access to the RD Gateway server, it is ok. RD Gateway server also provide the ability to filter the "computer" field as the administrators like. In the RD gateway manager, click the Resource Authorization Policy,define the Network resouce you want to limited to,and also need to make the policy that the clients must go thru the RD Gateway server even if the clients are inside or outside the LAN. All the filter functionality is provided by the RD gateway with its inside nature.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


     
  • jeudi 31 mai 2012 04:22
     
     
    Connectez-vous pour voter
    0

    I would like to do this, but need a bit more help if someone could.  I haven't set this up before and I'm a bit confused.

    In my lab, I have installed RD Gateway Manager on a test server.  I have configured two rules.  One to allow Domain Admins to connect via a RD CAP rule, and another rule that specifies the group of computer they can connect to via a RD RAP rule.  Both are enabled. 

    Silly question, but now what?  If I open the Remote Desktop Connection go to Options, Advances, Settings, I can specify to Use the RD Gateway server and uncheck the box to Bypass for local address however I can still connect to any server.  Or I get a message that the computer can not verify the identity of the RD Gateway server.

    So I think I have the RD Server side set up correctly with the rules but how do I make the clients use it?  And where can I set it so they can not type in a server name but only pick from a predefined list of servers?

    Thank you.

     
  • vendredi 1 juin 2012 08:25
    Modérateur
     
     Traitée
    Connectez-vous pour voter
    0

    Silly question, but now what?  If I open the Remote Desktop Connection go to Options, Advances, Settings, I can specify to Use the RD Gateway server and uncheck the box to Bypass for local address however I can still connect to any server.  Or I get a message that the computer can not verify the identity of the RD Gateway server.

    I suggest you using Group Policy to Manage Client Connections Through Remote Desktop Gateway:http://technet.microsoft.com/en-us/library/ee791831(v=ws.10).aspx

    Using Group Policy to Manage Client Connections Through Remote Desktop Gateway:http://technet.microsoft.com/en-us/library/cc730633

    You can make the setting greyed out in the RDC so that users can't change the setting.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.