Announcement

Collapse
No announcement yet.

Allow administrator log onto TS only from some computers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allow administrator log onto TS only from some computers

    Hi,

    Can we allow only some computers make the remote desktop connection to Terminal Server via administrator account ? (based on MAC address or computer name, ....). That means with administrator account, we can only log onto Terminal Server from our admin computers.

    Thanks.
    Love in vain is better than love no one.

  • #2
    Re: Allow administrator log onto TS only from some computers

    Originally posted by nguyennp View Post
    Hi,

    Can we allow only some computers make the remote desktop connection to Terminal Server via administrator account ? (based on MAC address or computer name, ....). That means with administrator account, we can only log onto Terminal Server from our admin computers.

    Thanks.
    I don't believe that you can do this... Connections are not restricted based on MAC or Computername using the built-in TS tools. There might be 3rd party tools that allow that or a way to script it.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Allow administrator log onto TS only from some computers

      VLAN setup may help u
      Cheers!!
      MCSE 2003,MCSA- Messaging 2003, VCP

      Comment


      • #4
        Re: Allow administrator log onto TS only from some computers

        Originally posted by entadm View Post
        VLAN setup may help u
        This may work. Choose not to route traffic on 3389 to the VLAN where the servers exist except for some condition.
        Last edited by ahinson; 25th June 2007, 05:51.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Allow administrator log onto TS only from some computers

          If you want to allow connection through RDP to a server only from specific computers, why not use the internal firewall? Or create a GPO for it, if you're in an AD environment...

          Sorin Solomon


          In order to succeed, your desire for success should be greater than your fear of failure.
          -

          Comment


          • #6
            Re: Allow administrator log onto TS only from some computers

            @entadm & ahinson: If use VLAN, I have to change a lot. I think that's the last choice for me.

            @sorinso: yeah, Internal firewall is a good idea. Yet, there're no budget for that. So I want to find a simple solution or workaround. I'm thinking of your idea about GPO. Can you show me the TS policies which solve the issue ? I don't see any TS policy in GPO similiar to my requirement.

            Thanks so much for all replies.
            Love in vain is better than love no one.

            Comment


            • #7
              Re: Allow administrator log onto TS only from some computers

              Originally posted by sorinso View Post
              If you want to allow connection through RDP to a server only from specific computers, why not use the internal firewall? Or create a GPO for it, if you're in an AD environment...
              Doh! Ya firewall = good idea

              GPO to do what exactly? Control firewall? Enlighten me if you mean something else
              Andrew

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: Allow administrator log onto TS only from some computers

                <Obsolete>There's no need for budget, my friend. I was referring to the internal firewall of the TS server, not an external appliance.
                You will need to create a new GPO, that contains the appropriate settings, link it to the OU that the TS servers are placed in, apply them to the TS servers only and disable the User Settings (since firewall settings are computer-related).
                You can find all the firewall-relevant settings in Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile.
                Although you didn't mention it clearly, I assume you are working in an Active Director environment.
                </Obsolete>

                Andrew is right, of course. If you want to make the RDP restriction for the Administrator account only, the firewall not only will not solve your problem, but will make things worse (you will not be able to connect to the TS servers at all, but from the computers that appear in the GPO even with plain users). My mistake, apologies.
                Last edited by sorinso; 25th June 2007, 21:23. Reason: Andrew rang the bell... and it woke me up...

                Sorin Solomon


                In order to succeed, your desire for success should be greater than your fear of failure.
                -

                Comment


                • #9
                  Re: Allow administrator log onto TS only from some computers

                  Originally posted by nguyennp View Post
                  Hi,

                  Can we allow only some computers make the remote desktop connection to Terminal Server via administrator account ? (based on MAC address or computer name, ....). That means with administrator account, we can only log onto Terminal Server from our admin computers.

                  Thanks.
                  Hi all,

                  Sorry but correct me if I'm wrong. I accidentally remember that Internal Firewall or even VLAN can't solve the issue. I don't want to denied admin users make the remote connection, what I want is : they (admins) only can log on using admin account from their computer. With Internal Firewall, VLAN, GPO, I can allow some computers connect to TS but can't control if they're using admin account to log on or not.
                  Last edited by nguyennp; 28th June 2007, 03:10.
                  Love in vain is better than love no one.

                  Comment

                  Working...
                  X