2

My company owns a cloud server having Windows 2003 Web Edition installed on it. This server can be access by anyone through remote desktop connection. I want to place some kind of restrictions on which I need some guidance from you guys.

We have two sites in different continents and this cloud server is accessed by the company employees from both locations. In first site which is our production site too, two internet connections are installed one with static IP and is also the primary and other with dynamic IP and it only use in case of primary internet goes down. In the second site only one internet connection is available which is also works with dynamic IP.

I want to create three user IDs in this way that one user ID is mapped with the static IP of our production site so the users only be able to log in from company's internet this will help us to prevent any information leakage. Second and third ID can allow access from any dynamic IP to facilitate IT admins in first site and company administration in second site.

Chris S
  • 77,945
  • 11
  • 124
  • 216
user74858
  • 21
  • 1

1 Answers1

1

There isn't any built-in functionality to "map" user accounts to IP addresses in Windows Server. I think you'd be best served by firewalling the machine to prevent attempted logons from unwanted sources.

Since you have a dynamic IP address to contend with normal Windows firewall rules aren't going to be of much use.

Your best bet is probably to use IPSEC to allow connections from authorized computers and deny all other incoming connections to the RDP server (port 3389). Since Windows 2003 Web Edition can't be joined to a domain you'll have to either create the necessary certificates yourself to allow a certificate-based authentication or use a pre-shared key for the IPSEC between these machines.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331