none
stop standard user access to other pc's share folder on the network.

    Question

  • Hi every one,  need help here please

    I create standard user on my RDS server for people using a software outside office, but they can also access to any share folder on my network( it mean my other computer  on the network)

    any way I can stop them to be able to access to the share folder on my network

    I have done a lot research for the group policy setting, but they can only disable the user share other user folder within RDS server or stop other user access to the standard user's file, and the standard user still can access to my other computer's share folder on the network. 

    please help, many thanks!

    Wayne


    Wayne Xuan

    Tuesday, February 21, 2012 9:29 PM

Answers

  •  

    Hi Wayne,

    Thanks for posting here.

    Please create outgoing Windows firewall rule on this terminal server and block the SMB traffics(TCP 445) where to the certain internal addresses that we are not going to allow the users where connect to this terminal server externally to access and enable it :

    Checklist: Creating Outbound Firewall Rules

    http://technet.microsoft.com/en-us/library/cc947827(v=ws.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by xuanyinwen123 Monday, February 27, 2012 1:33 AM
    Thursday, February 23, 2012 7:14 AM

All replies

  • Hi Wayne,

    Thanks for posting here.

    Is this terminal server located at DMZ? if so we can set firewall policies on my firewall device in order to restrict the SMB connection(TCP 445) to our internal network but allow only certain addresses . we can also do such restriction by setting windows firewall policy on terminal server :

    Checklist: Implementing a Basic Firewall Policy Design
    http://technet.microsoft.com/en-us/library/cc947838(WS.10).aspx

    Service overview and network port requirements for the Windows Server system
    http://support.microsoft.com/kb/832017

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Wednesday, February 22, 2012 9:38 AM
  • HI Tiger Li,

    Thanks for your reply,

    this server is not located at DMZ, only connect to a normail router THOMSON TG585v7, I have try to search some way to set the firewall bo block the server's IP, but no luck to get any solution yet.

    thanks


    Wayne Xuan

    Wednesday, February 22, 2012 9:30 PM
  •  

    Hi Wayne,

    Thanks for posting here.

    Please create outgoing Windows firewall rule on this terminal server and block the SMB traffics(TCP 445) where to the certain internal addresses that we are not going to allow the users where connect to this terminal server externally to access and enable it :

    Checklist: Creating Outbound Firewall Rules

    http://technet.microsoft.com/en-us/library/cc947827(v=ws.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by xuanyinwen123 Monday, February 27, 2012 1:33 AM
    Thursday, February 23, 2012 7:14 AM
  • Hi Mr Li,

    Thanks a lot for your answer, 

    should I just creating outbound firewall rules and block the RDS server's IP (like 192.168.1.32)?

    I just try that, it look work so far, but I don't know will it affect other sharing within the server as well.

    thanks for your time.

    cheers

    Wayne


    Wayne Xuan

    Thursday, February 23, 2012 9:44 PM