RDP access to specific users from local network only?

D

Denis2020-03-13 17:37:15

network hardware

Denis, 2020-03-13 17:37:15

Good day to all.

Faced in the first with a non-standard situation.

There is a Win2016 Terminal Server (DC / AD / RDP)
The server temporarily works with an open RDP port to the outside (You are right to say that this is not possible, but now as it is)
Users get access to the terminal server from the local network and via the Internet.
Is it possible to prevent a group of users from connecting via RDP forwarding, and leave only local connections?
Perhaps through policies you can configure to let in only if the IP of the local network?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexey Dmitriev, 2020-03-13
@SignFinder

Windows Firewall allows you to manage access for AD users or groups.
As an option - use a second network card \ second ip and Windows Firewall to allow access to the port for one group.

C

chief, 2020-03-16
_

How to build a network is of course your choice, but now you have a very dangerous setup.
Specifically on the issue:
I understand that you need to have access to Everyone from LAN, and Some from the Internet (while they can log in from LAN).
You can’t do this using RDP on a regular basis, there are no settings regarding access from a specific location.
But this is in the Remote Desktop Gateway. That is, this is a kind of server that should stand on the border of the Internet and LAN, and let it into the LAN using the user's login / password. This is where you can select a specific group of users who are allowed to log in. The rest will not be able to log in, which means that they will not get to the RDP server from the outside.