Results 1 to 11 of 11
  1. #1
    New Lounger
    Join Date
    Oct 2013
    Posts
    12
    Thanks
    0
    Thanked 1 Time in 1 Post

    Question Access Windows Server from specific location

    Hello Guys,

    I have a server which runs Windows Server 2008 R2 Standard. I have admin rights and I can login through Remote Desktop Connection and access the server.

    I wanted to create an account so that my office staff can access (restricted access) only from office systems. I do not want them to access the server from any other location. This way they can run some office application in server.

    Is it possible ?

    Thanks,

    Cheers,
    GR

  2. #2
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,616
    Thanks
    7
    Thanked 231 Times in 219 Posts
    Remote Desktop does this for you and you can set it up to filter connections etc.
    Can you advise what restrictions you want - IP address, location, LAN, internet etc?

    cheers, Paul

  3. #3
    New Lounger
    Join Date
    Oct 2013
    Posts
    12
    Thanks
    0
    Thanked 1 Time in 1 Post
    Thank you for your reply Paul. I want that they access it from their computers only in the workplace. Now to restrict that we can use either ip or something specific to their machine (which you suggest).

    Plus I also want limited access when they use Win Server 2008. This means they can only modify limited programs and cannot fiddle with SQL Server or IIS.

    How can I achieve that ?

  4. #4
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,616
    Thanks
    7
    Thanked 231 Times in 219 Posts
    Granting users server access is done with permissions, usually in Active Directory. You need to add the user as a member of the Remote Desktop user group.
    To grant access to a program you install it, then set the permissions on the desktop icon so they can use it - read only for members of the group who should have access to the program.
    Don't make the users Admin or power users and they won't be able to break anything.

    cheers, Paul

  5. #5
    New Lounger
    Join Date
    Oct 2013
    Posts
    12
    Thanks
    0
    Thanked 1 Time in 1 Post
    Thanks Paul. I do not have a lot of experience using Windows Server. Can you tell me how to add user as a member of remote desktop group and set permissions.

    Plus you did not mention how to restrict access so that they don't login from any other computer (except office systems).

  6. #6
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,616
    Thanks
    7
    Thanked 231 Times in 219 Posts
    This guide from Berkeley Uni is pretty good.

    cheers, Paul

  7. #7
    New Lounger
    Join Date
    Oct 2013
    Posts
    12
    Thanks
    0
    Thanked 1 Time in 1 Post
    Thank you paul for your help. I did manage to configure the server so that it accept RDC connection from a specific ip but unfortunately my IP is dynamic and that got me stuck. Any workaround for this ?

  8. #8
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,616
    Thanks
    7
    Thanked 231 Times in 219 Posts
    Try certificate based authentication, then you don't care what the IP is.

    cheers, Paul

  9. #9
    New Lounger
    Join Date
    Oct 2013
    Posts
    12
    Thanks
    0
    Thanked 1 Time in 1 Post
    I don't think I can manage that. Any other way to restrict to specific system(s) ?

  10. #10
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,616
    Thanks
    7
    Thanked 231 Times in 219 Posts
    Certificates are the standard mechanism for encryption and/or restriction.
    How to set up a CA.
    Using certificates for RDP.

    cheers, Paul

  11. #11
    New Lounger
    Join Date
    Oct 2013
    Posts
    12
    Thanks
    0
    Thanked 1 Time in 1 Post
    Thank you paul.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •