1

I'm planning an architecture of secure terminals only to access DC's.

So i have 2 computers which are secure and if i want to connect to the dc's i will have to log into those computers

So what i did is deploy GPO's block the logins of ADM users in the workstations and soforth i'm not being detailed here because i have it configured right.

What i need know is to block the ability of the ADM users to make RDP connection to DC from any workstation that isn't a secure one

What i mean is that a domain admin can iniciate an rdp conection to a dc using its credentials in any workstation of our domain. I want to know if it is posible to deny that by a gpo instead of blocking the network traffic

Francisco Fernandez Cecchetto
  • 11
  • 3

2 Answers2

0

Windows firewall advanced settings allow you to restrict RDP to certain source IPs.

Alternatively, you can use certificates on the clients.

Community
  • 1
mzhaase
  • 3,798
  • 2
  • 20
  • 32
0

No, you will need to use a host-based or network firewall.

As an alternative, you could specify the "Log On To" on the Account of the user account, and specify the "Logon Workstations", the domain controllers/administrative computers. That may work if you do not have that many.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82