Announcement

Collapse
No announcement yet.

Deny Outbound RDP on Windows 2003 R2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Deny Outbound RDP on Windows 2003 R2

    We have some offshore users that RDP to some dev/QA machines. We want to prevent them from using these servers as a jump server, i.e. to RDP out from these machines to other machines on the network. They're AD accounts don't have Remote Desktop permissions to the other machines but they have some shared accounts/passwords they could use if they wanted.

    With Windows 2008 you can create a outbound firewall rule to deny port 3389 but Windows 2003 doesn't support outbound filtering.

    I'm going to deny them rights to the MSTSC.EXE file but that won't stop them from using some other RDP client. Anybody have any ideas on this one?

  • #2
    Re: Deny Outbound RDP on Windows 2003 R2

    could try using ipsec filtering..... make it so the connection must be ipsec enabled, then make sure the other ends wont accept ipsec.. ?


    (I know roughly what i mean)
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Deny Outbound RDP on Windows 2003 R2

      Thank you for the suggestion but as interesting as that sounds I don't think introducing IPsec on the network is a viable solution.

      Comment


      • #4
        Re: Deny Outbound RDP on Windows 2003 R2

        if this help... use software restriction policy, link below,
        http://support.microsoft.com/kb/324036

        Comment


        • #5
          Re: Deny Outbound RDP on Windows 2003 R2

          install a firewall application then.

          or take dnleong's suggestion: lock down sofware restriction so they can only use programms you've specifically implemented. then lock down mstsc so they can't use it.
          that way, they can't install their own, and they can't use mstsc.
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Deny Outbound RDP on Windows 2003 R2

            That's actually a good idea. I didn't even think of installing a 3rd party firewall.

            I am aware of Software Restriction Policies, which I may end up using, but didn't think that was a end all solution since they could just use another RDP client.

            Thanks for you help guys. Hopefully I won't get too much resistance with the 3rd party firewall idea.

            Comment


            • #7
              Re: Deny Outbound RDP on Windows 2003 R2

              Can you recommend any 3rd party software based firewalls for Windows 2003 R2?

              Some of the free ones aren't compatible on server platforms. So far the ones I've seen that do install on Windows 2003 are really clunky and don't support outbound filtering.

              Thanks

              Comment


              • #8
                Re: Deny Outbound RDP on Windows 2003 R2

                Originally posted by polycarp View Post
                That's actually a good idea. I didn't even think of installing a 3rd party firewall.

                I am aware of Software Restriction Policies, which I may end up using, but didn't think that was a end all solution since they could just use another RDP client.

                Thanks for you help guys. Hopefully I won't get too much resistance with the 3rd party firewall idea.
                thats why you use SRP to allow only the specific applications you decide on.

                windows based firewalls.. try kerio. It's probably not free though.
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment

                Working...
                X