How to block a user login terminal server from a un-authorized workstaion.

[Guest Sam]

Hi Sir/Miss,

 

My company had used of the terminal service for long time already.

It's very good & convenience for such a user whom could login to our server

to work from office & home.

But our boss ask me to set up the right of such users , that means the users

could only login from outside with a specified notebook (Not all pc it could

run the remote desktop) . ~__~... I could not find a way to set it ...

 

Samples :

Terminal erver name : ts01

User : john

Company provide for Johon's Notebook pc name : nb01

John's office pc : ws01

John's home pc : johnpc01

My boss only allow John to login the terminal server ts01 from nb01 & ws01

only.

 

Could any person help me ? thanks so much !

 

Sam Mok

2009-03-03

[Guest Vera Noest [MVP]]

Re: How to block a user login terminal server from a un-authorized workstaion.

 

Check this out:

 

How can I allow rdp connections from specific clients only?

http://ts.veranoest.net/ts_faq_connectivity.htm#filter_rdp_clients

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Sam" <sam_mok@163.net> wrote on 03 mar 2008 in

microsoft.public.windows.terminal_services:

> Hi Sir/Miss,

>

> My company had used of the terminal service for long time

> already. It's very good & convenience for such a user whom

> could login to our server to work from office & home.

> But our boss ask me to set up the right of such users , that

> means the users could only login from outside with a specified

> notebook (Not all pc it could run the remote desktop) . ~__~...

> I could not find a way to set it ...

>

> Samples :

> Terminal erver name : ts01

> User : john

> Company provide for Johon's Notebook pc name : nb01

> John's office pc : ws01

> John's home pc : johnpc01

> My boss only allow John to login the terminal server ts01 from

> nb01 & ws01 only.

>

> Could any person help me ? thanks so much !

>

> Sam Mok

> 2009-03-03

[Guest Sam]

Re: How to block a user login terminal server from a un-authorized workstaion.

 

Hi Vera Noest ,

 

Thanks for your helps so much , but I can't have a specific IP addresses for

the notebook pc named nb01 , as it could be used outside of our company ,

just like in his home , public place, or on our customer's company.

The ip address must be changed very frequently.

 

How could I do ? Thanks so much!

 

Sam Mok

2008-03-04

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> ¦b¶l¥ó

news:Xns9A56D816A377Dveranoesthemutforsse@207.46.248.16 ¤¤¼¶¼g...

> Check this out:

>

> How can I allow rdp connections from specific clients only?

> http://ts.veranoest.net/ts_faq_connectivity.htm#filter_rdp_clients

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Sam" <sam_mok@163.net> wrote on 03 mar 2008 in

> microsoft.public.windows.terminal_services:

>

>> Hi Sir/Miss,

>>

>> My company had used of the terminal service for long time

>> already. It's very good & convenience for such a user whom

>> could login to our server to work from office & home.

>> But our boss ask me to set up the right of such users , that

>> means the users could only login from outside with a specified

>> notebook (Not all pc it could run the remote desktop) . ~__~...

>> I could not find a way to set it ...

>>

>> Samples :

>> Terminal erver name : ts01

>> User : john

>> Company provide for Johon's Notebook pc name : nb01

>> John's office pc : ws01

>> John's home pc : johnpc01

>> My boss only allow John to login the terminal server ts01 from

>> nb01 & ws01 only.

>>

>> Could any person help me ? thanks so much !

>>

>> Sam Mok

>> 2009-03-03

[Guest Vera Noest [MVP]]

Re: How to block a user login terminal server from a un-authorized workstaion.

 

But how does he connect to your network? VPN? SSL?

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

*----------- Please reply in newsgroup -------------*

 

"Sam" <sam_mok@163.net> wrote on 04 mar 2008:

> Hi Vera Noest ,

>

> Thanks for your helps so much , but I can't have a specific IP

> addresses for the notebook pc named nb01 , as it could be used

> outside of our company , just like in his home , public place,

> or on our customer's company. The ip address must be changed

> very frequently.

>

> How could I do ? Thanks so much!

>

> Sam Mok

> 2008-03-04

>

> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> ¦b¶l¥ó

> news:Xns9A56D816A377Dveranoesthemutforsse@207.46.248.16

> ¤¤¼¶¼g...

>> Check this out:

>>

>> How can I allow rdp connections from specific clients only?

>> http://ts.veranoest.net/ts_faq_connectivity.htm#filter_rdp_clien

>> ts

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> ___ please respond in newsgroup, NOT by private email ___

>>

>> "Sam" <sam_mok@163.net> wrote on 03 mar 2008 in

>> microsoft.public.windows.terminal_services:

>>

>>> Hi Sir/Miss,

>>>

>>> My company had used of the terminal service for long time

>>> already. It's very good & convenience for such a user whom

>>> could login to our server to work from office & home.

>>> But our boss ask me to set up the right of such users , that

>>> means the users could only login from outside with a specified

>>> notebook (Not all pc it could run the remote desktop) .

>>> ~__~... I could not find a way to set it ...

>>>

>>> Samples :

>>> Terminal erver name : ts01

>>> User : john

>>> Company provide for Johon's Notebook pc name : nb01

>>> John's office pc : ws01

>>> John's home pc : johnpc01

>>> My boss only allow John to login the terminal server ts01 from

>>> nb01 & ws01 only.

>>>

>>> Could any person help me ? thanks so much !

>>>

>>> Sam Mok

>>> 2009-03-03

[Guest Sam]

Re: How to block a user login terminal server from a un-authorized workstaion.

 

Hi Vera Noest,

 

No we just used the remote desktop provide by XP to connect to our server's

WAN port 3389 & port forward to our company's terminal server.

 

Sam Mok

 

 

"Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> ¦b¶l¥ó

news:Xns9A579B00B468Fveranoesthemutforsse@207.46.248.16 ¤¤¼¶¼g...

> But how does he connect to your network? VPN? SSL?

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> *----------- Please reply in newsgroup -------------*

>

> "Sam" <sam_mok@163.net> wrote on 04 mar 2008:

>

>> Hi Vera Noest ,

>>

>> Thanks for your helps so much , but I can't have a specific IP

>> addresses for the notebook pc named nb01 , as it could be used

>> outside of our company , just like in his home , public place,

>> or on our customer's company. The ip address must be changed

>> very frequently.

>>

>> How could I do ? Thanks so much!

>>

>> Sam Mok

>> 2008-03-04

>>

>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> ¦b¶l¥ó

>> news:Xns9A56D816A377Dveranoesthemutforsse@207.46.248.16

>> ¤¤¼¶¼g...

>>> Check this out:

>>>

>>> How can I allow rdp connections from specific clients only?

>>> http://ts.veranoest.net/ts_faq_connectivity.htm#filter_rdp_clien

>>> ts

>>>

>>> _________________________________________________________

>>> Vera Noest

>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>> TS troubleshooting: http://ts.veranoest.net

>>> ___ please respond in newsgroup, NOT by private email ___

>>>

>>> "Sam" <sam_mok@163.net> wrote on 03 mar 2008 in

>>> microsoft.public.windows.terminal_services:

>>>

>>>> Hi Sir/Miss,

>>>>

>>>> My company had used of the terminal service for long time

>>>> already. It's very good & convenience for such a user whom

>>>> could login to our server to work from office & home.

>>>> But our boss ask me to set up the right of such users , that

>>>> means the users could only login from outside with a specified

>>>> notebook (Not all pc it could run the remote desktop) .

>>>> ~__~... I could not find a way to set it ...

>>>>

>>>> Samples :

>>>> Terminal erver name : ts01

>>>> User : john

>>>> Company provide for Johon's Notebook pc name : nb01

>>>> John's office pc : ws01

>>>> John's home pc : johnpc01

>>>> My boss only allow John to login the terminal server ts01 from

>>>> nb01 & ws01 only.

>>>>

>>>> Could any person help me ? thanks so much !

>>>>

>>>> Sam Mok

>>>> 2009-03-03

[Guest Vera Noest [MVP]]

Re: How to block a user login terminal server from a un-authorized workstaion.

 

That's not a very secure setup.

I'm sorry, then I don't know how to do this properly.

The only quick-and-sirty workaround which comes to mind is to run a

logon acript on the TS which immediately logs the session of when

it's not coming from an authorized client. Clumsy, and not fool-

proof, but it just might do the trick.

Something like (check the correct syntax):

 

if %clientname%==johnpc01 logoff.exe

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Sam" <sam_mok@163.net> wrote on 05 mar 2008 in

microsoft.public.windows.terminal_services:

> Hi Vera Noest,

>

> No we just used the remote desktop provide by XP to connect to

> our server's WAN port 3389 & port forward to our company's

> terminal server.

>

> Sam Mok

>

>

> "Vera Noest [MVP]" <Vera.Noest@remove-this.hem.utfors.se> ¦b¶l¥ó

> news:Xns9A579B00B468Fveranoesthemutforsse@207.46.248.16

> ¤¤¼¶¼g...

>> But how does he connect to your network? VPN? SSL?

>>

>> _________________________________________________________

>> Vera Noest

>> MCSE, CCEA, Microsoft MVP - Terminal Server

>> TS troubleshooting: http://ts.veranoest.net

>> *----------- Please reply in newsgroup -------------*

>>

>> "Sam" <sam_mok@163.net> wrote on 04 mar 2008:

>>

>>> Hi Vera Noest ,

>>>

>>> Thanks for your helps so much , but I can't have a specific IP

>>> addresses for the notebook pc named nb01 , as it could be used

>>> outside of our company , just like in his home , public place,

>>> or on our customer's company. The ip address must be changed

>>> very frequently.

>>>

>>> How could I do ? Thanks so much!

>>>

>>> Sam Mok

>>> 2008-03-04

>>>

>>> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>

>>> ¦b¶l¥ó news:Xns9A56D816A377Dveranoesthemutforsse@207.46.248.16

>>> ¤¤¼¶¼g...

>>>> Check this out:

>>>>

>>>> How can I allow rdp connections from specific clients only?

>>>> http://ts.veranoest.net/ts_faq_connectivity.htm#filter_rdp_cli

>>>> en ts

>>>>

>>>> _________________________________________________________

>>>> Vera Noest

>>>> MCSE, CCEA, Microsoft MVP - Terminal Server

>>>> TS troubleshooting: http://ts.veranoest.net

>>>> ___ please respond in newsgroup, NOT by private email ___

>>>>

>>>> "Sam" <sam_mok@163.net> wrote on 03 mar 2008 in

>>>> microsoft.public.windows.terminal_services:

>>>>

>>>>> Hi Sir/Miss,

>>>>>

>>>>> My company had used of the terminal service for long time

>>>>> already. It's very good & convenience for such a user whom

>>>>> could login to our server to work from office & home.

>>>>> But our boss ask me to set up the right of such users , that

>>>>> means the users could only login from outside with a

>>>>> specified notebook (Not all pc it could run the remote

>>>>> desktop) . ~__~... I could not find a way to set it ...

>>>>>

>>>>> Samples :

>>>>> Terminal erver name : ts01

>>>>> User : john

>>>>> Company provide for Johon's Notebook pc name : nb01

>>>>> John's office pc : ws01

>>>>> John's home pc : johnpc01

>>>>> My boss only allow John to login the terminal server ts01

>>>>> from nb01 & ws01 only.

>>>>>

>>>>> Could any person help me ? thanks so much !

>>>>>

>>>>> Sam Mok

>>>>> 2009-03-03