Remote desktop, allow remote connections for some but deny remote for others

I use remote desktop to log into the server from outside the local
network remotely.

I have given some other people the ability to logon remotely by
adding
them to the Remote Desktop group.


However I only want them to be able to log on locally eg from
192.168.1.X ip addresses.

How can I give some users the ability to log on using remote destop to
the server locally but deny them access remotely from outside world.
All the time letting me access it from the outside world.

Regards

steve wrote:
> I use remote desktop to log into the server from outside the local
> network remotely.
>
> I have given some other people the ability to logon remotely by
> adding
> them to the Remote Desktop group.
>
>
> However I only want them to be able to log on locally eg from
> 192.168.1.X ip addresses.
>
> How can I give some users the ability to log on using remote destop to
> the server locally but deny them access remotely from outside world.
> All the time letting me access it from the outside world.
>
> Regards
>

If you've a hardware firewall (eg Netgear FVS114) or use something like
ISA Server, it will let you do this sort of thing: create a rule
allowing access on a given port from one (static) IP address. I guess
some firewalls can work with Dynamic DNS (eg DynDNS.com). Otherwise, I
think you may be able to wrestle with IpSec within Windows - less than
intuitive (to me at least!).

Disclaimer: there are experts about these parts, and I am NOT one of them!

Phil, London.

mm I might be able to do something like that with the router. Not
quite sure how to configure that into the router with dynamic dns.
However my home ip as you have well said changes, my other IP is
static. I could do some research on ipsec, I know its in linux never
really thought of it in windows. I was hoping with all the settings
and things in windows there would just be some microsofteze way of
doing it.

Thanks.

Can't you just deny the others VPN access to the LAN?
--
Newell White


"steve" wrote:

> mm I might be able to do something like that with the router. Not
> quite sure how to configure that into the router with dynamic dns.
> However my home ip as you have well said changes, my other IP is
> static. I could do some research on ipsec, I know its in linux never
> really thought of it in windows. I was hoping with all the settings
> and things in windows there would just be some microsofteze way of
> doing it.
>
> Thanks.
>
>

Im sorry I dont understand what you mean. Could you clarify.

I want them to access the server locally over the network but not from
the outside world through the router connected to the dsl line. But I
do want the administrator to access the machine from both the local
network and outside world.

Regards