How Can I Allow Access From The Internet to Only Selected Users?

  • Thread starter Thread starter RickyC
  • Start date Start date
R

RickyC

Guest
I would like to restrict most of my users to use Remote Desktop Client from
inside the network. Only Administrators would be allowed access from outside
the lan.

Can this be done with a policy? Id rather not have to rely on VPN as it
does not work from some hotels, internet cafe's etc.

RickyC
 
Re: How Can I Allow Access From The Internet to Only Selected Users?

On Feb 6, 11:14 pm, RickyC <Ric...@discussions.microsoft.com> wrote:
> I would like to restrict most of my users to use Remote Desktop Client from
> inside the network.  Only Administrators would be allowed access from outside
> the lan.
>
> Can this be done with a policy?  Id rather not have to rely on VPN as it
> does not work from some hotels, internet cafe's etc.
>
> RickyC

There are a couple of ways I know of to do but it's dependant on how
big the lan is. What exactly are they needing access to? a web based e-
mail would work well and maybe a restricted FTP. Also, setting a
folder redirection so"My Documents" will sync in GP has worked well
for some users on my network for years. But to answer your original
question, yes, you will need to forward the port on the firewall to
which computer you want. Go to the computer, control panel, system.
When the systems box opens,click the tab that says remote. make sure
"Enable Remote Desktop on this Computer" is checked. Then go to
"select remote users" and enter in th administrators group. On mine,
Groups was not automatically searched so you may have to also tell it
to search groups. This way you really wouldn't need apoliciy but you
could create another group if you want to refine permissions

Hopefully that is along the lines of what you were asking. Remember,
unless you are this with a server then your connections are genrally
limited to one at a time. If you are using a server, be careful.
 
Re: How Can I Allow Access From The Internet to Only Selected User

Re: How Can I Allow Access From The Internet to Only Selected User

I just want to allow specific users to RDP to the server from the internet.
All users can access Terminal Server from inside the network (local address)

"Phil" wrote:

> On Feb 6, 11:14 pm, RickyC <Ric...@discussions.microsoft.com> wrote:
> > I would like to restrict most of my users to use Remote Desktop Client from
> > inside the network. Only Administrators would be allowed access from outside
> > the lan.
> >
> > Can this be done with a policy? Id rather not have to rely on VPN as it
> > does not work from some hotels, internet cafe's etc.
> >
> > RickyC
>
> There are a couple of ways I know of to do but it's dependant on how
> big the lan is. What exactly are they needing access to? a web based e-
> mail would work well and maybe a restricted FTP. Also, setting a
> folder redirection so"My Documents" will sync in GP has worked well
> for some users on my network for years. But to answer your original
> question, yes, you will need to forward the port on the firewall to
> which computer you want. Go to the computer, control panel, system.
> When the systems box opens,click the tab that says remote. make sure
> "Enable Remote Desktop on this Computer" is checked. Then go to
> "select remote users" and enter in th administrators group. On mine,
> Groups was not automatically searched so you may have to also tell it
> to search groups. This way you really wouldn't need apoliciy but you
> could create another group if you want to refine permissions
>
> Hopefully that is along the lines of what you were asking. Remember,
> unless you are this with a server then your connections are genrally
> limited to one at a time. If you are using a server, be careful.
>
 
Re: How Can I Allow Access From The Internet to Only Selected User

Re: How Can I Allow Access From The Internet to Only Selected User

On Feb 7, 12:05 am, RickyC <Ric...@discussions.microsoft.com> wrote:
> I just want to allow specific users to RDP to the server from the internet..  
> All users can access Terminal Server from inside the network (local address)
>
>
>
> "Phil" wrote:
> > On Feb 6, 11:14 pm, RickyC <Ric...@discussions.microsoft.com> wrote:
> > > I would like to restrict most of my users to use Remote Desktop Client from
> > > inside the network.  Only Administrators would be allowed access from outside
> > > the lan.
>
> > > Can this be done with a policy?  Id rather not have to rely on VPN as it
> > > does not work from some hotels, internet cafe's etc.
>
> > > RickyC
>
> > There are a couple of ways I know of to do but it's dependant on how
> > big the lan is. What exactly are they needing access to? a web based e-
> > mail would work well and maybe a restricted FTP. Also, setting a
> > folder redirection so"My Documents" will sync in GP has worked well
> > for some users on my network for years. But to answer your original
> > question, yes, you will need to forward the port on the firewall to
> > which computer you want. Go to the computer, control panel, system.
> > When the systems box opens,click the tab that says remote. make sure
> > "Enable Remote Desktop on this Computer" is checked. Then go to
> > "select remote users" and enter in th administrators group. On mine,
> > Groups was not automatically searched so you may have to also tell it
> > to search groups. This way you really wouldn't need apoliciy but you
> > could create another group if you want to refine permissions
>
> > Hopefully that is along the lines of what you were asking. Remember,
> > unless you are this with a server then your connections are genrally
> > limited to one at a time. If you are using a server, be careful.- Hide quoted text -
>
> - Show quoted text -

Then forward the RD port (forgot the number) to which server, then log
onusing the public IP andyou should be set.
 
Re: How Can I Allow Access From The Internet to Only Selected User

Re: How Can I Allow Access From The Internet to Only Selected User

Our Virtual Access Suite allows the administrator to publish applications to
users, groups, client ip address ranges, client computer naming conventions
and OUs, so you could accomplish your goal using these rules. We use this
all the time to publish certain applications to users when they're on the
local network, but not when they connect from a different subnet.

Without a third party utility like this you'd have to use VPN to restrict
access to the TS from the Internet.


--
Patrick C. Rouse
Microsoft MVP - Terminal Server
SE, West Coast USA & Canada
Quest Software, Provision Networks Division
Virtual Client Solutions
http://www.provisionnetworks.com


"RickyC" wrote:

> I just want to allow specific users to RDP to the server from the internet.
> All users can access Terminal Server from inside the network (local address)
>
> "Phil" wrote:
>
> > On Feb 6, 11:14 pm, RickyC <Ric...@discussions.microsoft.com> wrote:
> > > I would like to restrict most of my users to use Remote Desktop Client from
> > > inside the network. Only Administrators would be allowed access from outside
> > > the lan.
> > >
> > > Can this be done with a policy? Id rather not have to rely on VPN as it
> > > does not work from some hotels, internet cafe's etc.
> > >
> > > RickyC
> >
> > There are a couple of ways I know of to do but it's dependant on how
> > big the lan is. What exactly are they needing access to? a web based e-
> > mail would work well and maybe a restricted FTP. Also, setting a
> > folder redirection so"My Documents" will sync in GP has worked well
> > for some users on my network for years. But to answer your original
> > question, yes, you will need to forward the port on the firewall to
> > which computer you want. Go to the computer, control panel, system.
> > When the systems box opens,click the tab that says remote. make sure
> > "Enable Remote Desktop on this Computer" is checked. Then go to
> > "select remote users" and enter in th administrators group. On mine,
> > Groups was not automatically searched so you may have to also tell it
> > to search groups. This way you really wouldn't need apoliciy but you
> > could create another group if you want to refine permissions
> >
> > Hopefully that is along the lines of what you were asking. Remember,
> > unless you are this with a server then your connections are genrally
> > limited to one at a time. If you are using a server, be careful.
> >
 
Back
Top