I have been tasked with allowing a specific user the ability to RDP a workstation over our VPN connection.
The user is already in the list of permitted RDP users on the workstation, however our firewall is set to deny all inbound connections by default.
If I create a rule that applies to everyone (just a standard rule) it works and the user can connect to the workstation over RDP while using the VPN connection.
However I am required to set it to just this specific user, with the possibility of extending the access to other users in the future. So I created a security group and placed the user and myself (for testing) into the group.
Within Windows Firewall I have specified in the rule for the connection to be secure and then specified to only allow connections from these users and listed the security group.
With the rule set like this, it fails.
Here is the rule parameters:
Name: Allow RDP over VPN
Action: Allow the connection if it is secure (Allow the connection ifi t is authenticated and integrity protected)
Protocol Type: TCP/6
Local Port: Specific Ports - 3389
Remote IP Address: These IP Addresses: 10.4.100.0/24, 10.4.101.0/24
Profiles: Domain, Private, Public
Authorized Users: Only allow connections from these users: company.lan\Allow RDP over VPN
Is it just that the RDP traffic does not send the details of the user account which sent the data or is it there an additional attribute I need to specify?
