none
Create firewall gpo to block rdp from everywhere but management servers

    Question

  • Create firewall gpo to block rdp from everywhere but management servers 

    So, how to create a GPO that can block RDP for 3 application servers  from everywhere except 3 management servers ?

    And some other ports ?

    Is there a way to create block all rule with exceptions ?


    Thursday, December 17, 2015 5:34 PM

Answers

  • > Create firewall gpo to block rdp from everywhere but management servers
     
    Then simply block all inbound (which is default anyway), then allow 3389
    from these 3 IPs.
     
    Friday, December 18, 2015 2:36 PM
  • No my friend you don't have to you just have to create 1 Inbound Rule in each Application Server  as the following:

    1-Open WF.msc.

    2-Create a new Inbound Rule.

    3-Choose Port as the Rule Type.

    4-The choose TCP Port 3389 (Which is RDP Port).

    5-Then choose Allow The Connection If It Is Secure.

    6-Skip User.

    7-In Computers section choose Only Allow Connection From These Users and the define these Management Servers Computer Accounts:

    8-Then choose a Network Profile for the Rule.

    9-Enter a friendly name.

    10-You're Done.

    Mark my reply as the answer if it helped you.

    Regards

    Saturday, December 19, 2015 1:02 PM

All replies

  • > Create firewall gpo to block rdp from everywhere but management servers
     
    Then simply block all inbound (which is default anyway), then allow 3389
    from these 3 IPs.
     
    Friday, December 18, 2015 2:36 PM
  • so 2 separate rules ? One for block all and one for allow 3 IPS?
    Friday, December 18, 2015 7:26 PM
  • No my friend you don't have to you just have to create 1 Inbound Rule in each Application Server  as the following:

    1-Open WF.msc.

    2-Create a new Inbound Rule.

    3-Choose Port as the Rule Type.

    4-The choose TCP Port 3389 (Which is RDP Port).

    5-Then choose Allow The Connection If It Is Secure.

    6-Skip User.

    7-In Computers section choose Only Allow Connection From These Users and the define these Management Servers Computer Accounts:

    8-Then choose a Network Profile for the Rule.

    9-Enter a friendly name.

    10-You're Done.

    Mark my reply as the answer if it helped you.

    Regards

    Saturday, December 19, 2015 1:02 PM