Re: How to block SOME remote users while allowing others?

Leythos <spam999free@xxxxxxxxxx> wrote on 10 mar 2009 in
microsoft.public.windows.terminal_services:

In article <Xns9BCAE836711CEveranoesthemutforsse@xxxxxxxxxxxxx>,
vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx says...
Leythos <spam999free@xxxxxxxxxx> wrote on 09 mar 2009 in
microsoft.public.windows.terminal_services:

In article <e652c914-7334-4c61-968d-caf408a52679
@w34g2000yqm.googlegroups.com>, zerbie45@xxxxxxxxx says...
hi!

a very simple solution would be this:

use reconnact.exe to log the current ip client of the user
that connects to your terminal server in the form of an
environment variable.
you need this tool because the standard variable given by
microsoft is not updated in case the user disconnects from
the corporate computer and later reconnects the session from
a home computer. the same goes for the computer name.

this way you can add this command to your current logon
script and also create a connection and disconnection logon
script. then, you can trap either the ip address or the
hostname. if the ip address, or the hostname, does not
correspond to your corporate environment, just execute
logoff.exe with a msgbox "you are not at work, watch a movie
or eat a sandwhich or have fun with your girlfriend" or
something similar ;-)


Thanks, I will see if I can find that tool and use it.

I have the users that we don't want connecting remotely set
to disconnect and logout after 30 minutes, so it might not be
needed.

But that will limit them also when connecting from the inside.
You will need to go by IP number, as zerbie mentions.
You can find ReconnAct here:
http://www.dennisdamen.com/?p=156

Check also:
How can I allow rdp connections from specific clients only?
http://ts.veranoest.net/ts_faq_connectivity.htm#filter_rdp_clien
ts

The login is from that terminal only, and it works. I would like
the IP version, but I've not checked out the other options.

It's only on the login for that one user, others are permitted
to login remotely/locally and don't use that logon script.

OK, if it's only a single client or user you want to block, then
your method is the easiest one.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
.

Relevant Pages

  • Re: How to block SOME remote users while allowing others?
    ... use reconnact.exe to log the current ip client of the user that ... and also create a connection and disconnection logon script. ... But that will limit them also when connecting from the inside. ... The login is from that terminal only, ...
    (microsoft.public.windows.terminal_services)
  • Re: Is it possible to find out if mstsc.exe was able to login or not?
    ... mind is to check the output from a "netstat -an" command on the ... client, and search for an established connection to port 3389 on ... I've been asked to write a script of some sort which will find ... out whether the login failed ...
    (microsoft.public.windows.terminal_services)
  • Disappearing files, created from /etc/X11/Xclients
    ... You can find the startwm.py script at the end of this e-mail. ... I wanted to save client IP addresses and the date of the login into different files. ... fout = file),'ab+') ...
    (freebsd-questions)
  • RE: Print Management Default Printer
    ... What operating systems are you using on the client and the server? ... I currently make all my users set a ... default printer everytime they login because it wipes out the default...... ... I suppose I could set the script for every user but this seems extremely ...
    (microsoft.public.windows.terminal_services)
  • Re: File copied to desktop in login script appears to be overwritten by users profile
    ... I say "appears" because if I put a pause in the script, ... However, if I check the client desktop, it is still the old ... What I think is happening is, the login script is successfully copying ...
    (microsoft.public.windows.server.sbs)
Loading