Re: How Can I Allow Access From The Internet to Only Selected User

Our Virtual Access Suite allows the administrator to publish applications to
users, groups, client ip address ranges, client computer naming conventions
and OUs, so you could accomplish your goal using these rules. We use this
all the time to publish certain applications to users when they're on the
local network, but not when they connect from a different subnet.

Without a third party utility like this you'd have to use VPN to restrict
access to the TS from the Internet.


--
Patrick C. Rouse
Microsoft MVP - Terminal Server
SE, West Coast USA & Canada
Quest Software, Provision Networks Division
Virtual Client Solutions
http://www.provisionnetworks.com


"RickyC" wrote:

I just want to allow specific users to RDP to the server from the internet.
All users can access Terminal Server from inside the network (local address)

"Phil" wrote:

On Feb 6, 11:14 pm, RickyC <Ric...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I would like to restrict most of my users to use Remote Desktop Client from
inside the network. Only Administrators would be allowed access from outside
the lan.

Can this be done with a policy? Id rather not have to rely on VPN as it
does not work from some hotels, internet cafe's etc.

RickyC

There are a couple of ways I know of to do but it's dependant on how
big the lan is. What exactly are they needing access to? a web based e-
mail would work well and maybe a restricted FTP. Also, setting a
folder redirection so"My Documents" will sync in GP has worked well
for some users on my network for years. But to answer your original
question, yes, you will need to forward the port on the firewall to
which computer you want. Go to the computer, control panel, system.
When the systems box opens,click the tab that says remote. make sure
"Enable Remote Desktop on this Computer" is checked. Then go to
"select remote users" and enter in th administrators group. On mine,
Groups was not automatically searched so you may have to also tell it
to search groups. This way you really wouldn't need apoliciy but you
could create another group if you want to refine permissions

Hopefully that is along the lines of what you were asking. Remember,
unless you are this with a server then your connections are genrally
limited to one at a time. If you are using a server, be careful.

.

Relevant Pages

  • Re: "Access denied, unable to connect" viewing shared print queues
    ... the network" set to only Administrators. ... the User needs to be able to access his own PC over the network. ... >>> this is an issue when the print spooler on the print server is getting ... >>> access denied contacting the spooler service on the client machines. ...
    (microsoft.public.win2000.printing)
  • Re: IP printer in network
    ... Microsoft MVP - Terminal Server ... I'm using this version of RDP client. ... version which supports network printers. ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)
  • Re: [fw-wiz] Too Paranoid?
    ... stick the W2K server in its own network with no access to the ... internal network and limited access to just the machines on the Internet ... The "client" machine (terminal server) can have its configuration heavily ...
    (Firewall-Wizards)
  • Re: Printing to a TCP/IP printer
    ... The remote Windows XP client can print to this printer, ... users profile as a network printer. ... How to set the printer up at the Terminal Server end. ...
    (microsoft.public.win2000.termserv.clients)
  • Re: User name not showing in global address book after creating email account
    ... mode on the client. ... This is a new problem with the GAB that just started happening upon ... terminal server in to the network and launch Outlook on the TS, ... where else internally on the network. ...
    (microsoft.public.exchange.admin)