RE: Restrict WAN access
- From: Rodrigo_live <Rodrigolive@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Oct 2008 05:31:01 -0700
James:
No, that's not what I need to do. I need to restrict access to the Terminal
Server from outside the network for some users. It's not related to internet
access, just access to the TS Server.
"James Yeomans BSc, MCSE" wrote:
Hi if i understand correctly you want some users to be able to access the.
internet and some to be restricted. If this is the case and considering
you're working on a TS you shouldn't change any IP settings. on a
workstation you could remove the default gateway so the internet could not be
reached. However in this case you really need something else filteringt he
web traffic, say ISA server or another proxy type package. With ISA server
you can restrict internet access to specific users/groups. Thats the only
really sensible way to achieve what ytou are trying to.
--
James Yeomans, BSc, MCSE
"Rodrigo_live" wrote:
Hi. In my company there’s a Windows 2003 Terminal Server that users access to
work every day. W e need to restrict access to LAN only TS for some users and
LAN & WAN access to others. I’ve managed to get TS Console to identify the
two NICs in the server (LAN and WAN) by duplicating the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp Key in the registry (renaming each one of them
after). This way I can distinct the LAN and WAN connection and set access
port (LAN uses default 3389 and WAN uses another port) and color depth etc
etc.
On the WAN adapter I’ve set only the group who should get access outside the
network and in the LAN adapter both groups (outside users and lan users).
This works fine because LAN users can’t logon from outside the network. BUT
there’s a problem. If the user leaves his session disconnected the TS Server
will reconnect him. I can’t just restrict disconnected time period because
users work every day with a lot of documents and they leave them opened to
the next day. I’ve discovered that the SYSTEM account is the responsible of
“reconnect sessions” so I’ve tried to remove that account from the WAN
adapter and it works! The sessions are not reconnected from the outside but
the problem is that Wan-enabled users can’t reconnect to their sessions and
the system generates a new one because can’t re establish the link with the
one opened. I’ve tried almost anything and still no luck. Even if I restrict
one session by user the wan-enabled users can’t reconnect to the disconnected
session they left opened but if I give the SYSTEM account the right to
reconnect them LAN users will get access from outside the network.
Someone recommend me to use 2X SecureRDP but despite this software is grate
it can’t distinguish between LAN and WAN adapters.
Any ideas will be greatly!!!
- Follow-Ups:
- RE: Restrict WAN access
- From: James Yeomans BSc, MCSE
- RE: Restrict WAN access
- References:
- Restrict WAN access
- From: Rodrigo_live
- RE: Restrict WAN access
- From: James Yeomans BSc, MCSE
- Restrict WAN access
- Prev by Date: Re: Terminal server Profile folders
- Next by Date: RE: Restrict WAN access
- Previous by thread: RE: Restrict WAN access
- Next by thread: RE: Restrict WAN access
- Index(es):
Relevant Pages
|
Loading
