Limit specific user from using RDP from WAN, but allow from LAN?

By Joem
in Smart Home, Network & Security

 Share

Recommended Posts

Neowinian

Joem

Posted
Posted

Hi,

I have a working Remote Desktop connection to Windows Server 2003. It is only in WORKGROUP networking not domain.

Users can use RDP from the office LAN ( due to performance consideration for a specific application) and from the home (WAN).

Now, there is one specific user that I want to allow RDP only from inside the office LAN, but not be able to do RDP from the WAN. (Please try to help me with this restriction and not tell me he can destroy the server when in the office, I know)

Is there a way to achieve this? IE, like only permit this user if his IP is local 192.168.1.* ? or some other way?

Thanks.

JM

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

there was just a thread on this -- no you can not restict access to RDP by user based and IP. You can limit access by IP, you can limit access by user.. But you can not say user A can access only if coming from IP B, etc.

On a side note -- why would anyone that has 2k3 server run it workgroup mode for???? You clearly have users that access the server, an I would assume you have to maintain the network, etc.. For what reason would not be be using AD???

But no -- even if you were running AD, you could not do what you ask.

But what you could do is limit when the user can logon by time.. So you could allow them to to login during working hours, but not after.

Grand Master

neufuse Veteran

Posted
  • Veteran
Posted

why dont you just add the users you want to let use RDP on the server to the Remote Desktop Users group on that server? thats what it's there for... to limit who can connect... it works in AD and Workgroup mode... That is what we do at work and it works great.. we have it set up so only admins can log into any of the servers through RDP... then have it set up so only terminal server users can only log into the terminal servers... all controlled by placing users into that group on the system you want to allow or disallow users to... btw why in the world are you using workgroup mode if you have a server?

as for lan / wan... get ISA server and you can do stuff like that by setting up filters based on server and user rights... we've done that also at work

Neowinian

Joem

Posted
  • Author
Posted

I thought that originating IP address is a good way to find out from where a user is logging on via RDP. Any other way to achieve this is OK with me.

I also thought about implementing a small login batch-file or program to check this situation and disconnect the specific user. Any idea where is the best place to start such batch file?

Limiting access by time is not a good idea as the user might be leaving the office at 3PM one day and staying till 10PM the next day.

The issue is of office politics only, as the user has the same privileges regardless where they are. Fortunately, the user does not know how to set RDP by himself, at least so far.

For the remarks on domain/workgroup: this is a very small office that worked without a server on workgroup where parts of the common stuff were shared among couple PCs. Now they want to grow and centralize office resources on the new server for better control and maintenance. There are 6 PCs, and unfortunately only 3 of which can logon to domain. :(

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • One of the best file managers for Windows 11 gets brand-new Omnibar and more

      By Imajin86 · Posted

      They probably mean File Pilot, which this colorful rainbow program can never compete with, because this WinUI crap isn’t made for apps like that. My advice? You should just switch the framework already
    • Scientists uncover bizarre new material that's breaking one of the laws of this Universe

      By hellowalkman · Posted

      Scientists uncover bizarre new material that's breaking one of the laws of this Universe by Sayan Sen Image by Ron Lach via Pexels Scientists from the University of Chicago and UC San Diego have discovered a group of materials that behave in surprising ways when put under heat, pressure or electricity. Instead of responding like most materials, these can shrink when heated, expand when compressed, and even bounce back to their original state with the right electric charge. The work focuses on oxygen-redox (OR) materials—types that can help batteries store more energy but typically suffer from stability problems due to structural disorder. In their normal state, the materials follow the usual rules of thermodynamics. But in what's called a “metastable” state, a kind of temporary balance, they behave in reverse. “When heated, the material shrinks instead of expanding,” said Prof. Shirley Meng, senior author of the study published in Nature. This is linked to what’s known as a disorder–order transition inside the material’s structure. The team recorded a negative thermal expansion rate of −14.4(2) × 10⁻⁶ °C⁻¹, which means the material actually contracts when warmed up. This goes against a common theory called the Grüneisen relationship, which usually explains why materials expand with heat. And pressure? Even stranger. When they pushed the material on all sides at levels seen in Earth's tectonic plates, it expanded instead of getting smaller. “Negative compressibility is just like negative thermal expansion,” explained Prof. Minghao Zhang. “If you compress a particle of the material in every direction… it will expand.” They also found that electricity can reset the material’s structure. By tweaking the voltage limits, they recovered almost 100% of the original structure and performance. This has big potential for battery tech, especially electric vehicles (EVs). “When we use the voltage, we drive the material back to its pristine state. We recover the battery,” said Zhang. He added: “You just do this voltage activation… your car will be a new car. Your battery will be a new battery.” The research may lead to materials with zero thermal expansion, helpful in everything from buildings to aircraft. Zhang noted, “Take every single building, for example. You don't want the materials making up different components to change volume that often.” As they move forward, the team wants to understand how redox chemistry can further control these effects and expand practical uses. “One of the goals is bringing these materials from research to industry,” said co-first author Bao Qiu. Their work opens up a new way of thinking about material design, where energy doesn’t just power devices, but reshapes the building blocks themselves. Source: University of Chicago, Nature This article was generated with some help from AI and reviewed by an editor. Under Section 107 of the Copyright Act 1976, this material is used for the purpose of news reporting. Fair use is a use permitted by copyright statute that might otherwise be infringing.
    • Elon Musk says a kid-friendly 'Baby Grok' is on the way

      By TRS-80 · Posted

      "Elon Musk says a kid-friendly 'Baby Grok' is on the way" No kid wants to be a baby anymore. "Kid friendly" I would have named it "Kid Grok"
    • One of the best file managers for Windows 11 gets brand-new Omnibar and more

      By Dolan · Posted

      🤮
    • TP-Link Tri-Band AXE5400 Wi-Fi 6E Gaming Router Archer GXE75 is just $135

      By hellowalkman · Posted

      TP-Link Tri-Band AXE5400 Wi-Fi 6E Gaming Router Archer GXE75 is just $135 by Sayan Sen If you’re juggling gaming consoles, 4K streams and a growing roster of smart devices, the TP-Link Archer GXE75 Tri-Band AXE5400 Wi-Fi 6E Gaming Router is a good option to look at right now, considering the device is currently on sale at just $135 (purchase link under the specs table below). The Archer GXE75 promises up to 5.4 Gbps of throughput across three bands: 574 Mbps on 2.4 GHz, 2402 Mbps on 5 GHz and 2402 Mbps on 6 GHz (HE160 channels enabled). A 2.5 Gbps WAN/LAN port pairs with three 1 Gbps LAN ports and a USB 3.0 port for fast file sharing or printer access (purchase link down below). The quad-core CPU and 512 MB of RAM should help to handle multiple streams without bogging down, while MU-MIMO, OFDMA and 1024-QAM improve efficiency when several devices connect simultaneously. The router’s built-in Game Accelerator engine is said to automatically prioritize gaming packets (both wired and wireless), and TP-Link’s GPN (Gamers Private Network) acceleration can reduce packet loss for supported titles. HomeShield security brings firewall protection, device quarantining and parental controls. The technical specifications of the router are given below: Specification Details Wireless Standards IEEE 802.11ax 6 GHz; IEEE 802.11ax/ac/n/a 5 GHz; IEEE 802.11ax/n/g/b 2.4 GHz Wi-Fi Speeds 6 GHz: 2402 Mbps (802.11ax); 5 GHz: 2402 Mbps (802.11ax); 2.4 GHz: 574 Mbps (802.11ax) Spatial Streams 6 streams (tri-band OFDMA/MU-MIMO) Processor 1.7 GHz 64-bit Quad-Core CPU Memory 512 MB high-speed RAM Ethernet Ports 1× 2.5 Gbps WAN/LAN; 1× 1 Gbps WAN/LAN; 3× 1 Gbps LAN USB 1× USB 3.0 SuperSpeed port (up to 10× faster than USB 2.0) Antennas 4× high-performance external antennas with Beamforming Buttons Power On/Off; Reset; WPS/Wi-Fi; LED On/Off Working Modes Router Mode; Access Point Mode Security WPA, WPA2, WPA3, WPA/WPA2-Enterprise; SPI firewall; Access Control; IP/MAC binding; Application-layer gateway; HomeShield security suite VPN OpenVPN, PPTP, L2TP (server & client); WireGuard (server & client) Software & Services IPv4/IPv6; TP-Link HomeShield; EasyMesh; Parental controls; QoS by device; WAN types (Dynamic IP, Static IP, PPPoE, PPTP, L2TP); DDNS (TP-Link, NO-IP, DynDNS); auto firmware updates Gaming Features Game QoS boost; gaming-port priority; Gamers Private Network acceleration; game-port forwarding; real-time game panel with stats & RGB control Operating Environment 0 °C – 40 °C; 10 %– 90 % non-condensing humidity Get the TP-Link Tri-Band AXE5400 Wi-Fi 6E Gaming Router Archer GXE75 at the link below: TP-Link Tri-Band AXE5400 Wi-Fi 6E Gaming Router Archer GXE75 | EasyMesh, HomeShield: $159.99 + $25 off with coupon => $134.99 (Sold and Shipped by Amazon US This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.

  • Recent Achievements

    • Rookie
      Snake Doc went up a rank
      Rookie
    • First Post
      nobody9 earned a badge
      First Post
    • One Month Later
      Ricky Chan earned a badge
      One Month Later
    • First Post
      leoniDAM earned a badge
      First Post
    • Reacting Well
      Ian_ earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      Michael Scrip
      203
    3. 3
      ATLien_0
      197
    4. 4
      Xenon
      137
    5. 5
      +FloatingFatMan
      116
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!