Is there a way to provide a user with rdp access only to their own machine?
Eg. We have several hundred users and wish to only allow them RDP access to their own machine only.
I was playing around with this idea, but it depends on how you have your users, usernames, and machines configured. Our MS domain users are <first initial><lastname> and their permanent workstations are named the same.
I created an RDP bookmark with the IP address of the machine as the variable <USERNAME> and the password as <PASSWORD> . Because the users logging in to the SSL VPN are authenticated agains our LDAP AD, it passes these credentials along and logs them in to their desktop.
Of course, once their on that desktop, they're free to connect elsewhere on the LAN, depending on how you have your network setup.
i think yes, but you must to do some modification witin their laptop and you config files SA.
the first you create host checker policy like examplepolicy name : users policy
after that :custom Rule : Registry Setting: -----> Registry Root keyYSTEM\CurrentControlSet\Services\Tcpip\Security>>>>>value f0de90dFER422221ort4553>>>>name key>>>>type binary or tring
after that you deploy this by network with files.bach for the all host you need to authenticate.
i hope help
We had this same thing, and what I did was create a RDP shortcut that sends the logged in user to rdp://xxusername:3389. (in the hostname for the bookmark I put in "xx<USER>.mydomain.com". The Access control also has the username imbedded it in the same way, so the user only has access to their workstation.
Then in DNS on our prodction network, I did a cname entry that points "xxusername" to the real name of their workstation. I also set it to auto launch, so as soon as they login, it pops then into the RDP session.... Works like a charm...
For Windows XP SP2/SP3 in a Windows Server 2003 Active Directory Domain:
Logged in as a Local or Domain Administrator on the PC -
1. Start > Settings > Control Panel> System
2. Select the "Remote" tab
3. Select (check) "Allow users to connect remotely to this computer"
4. Click the "Select Remote Users" button
5. Add the User(s) for that PC - also consider adding the Domain Admins AD Group.
Only the Users / Groups added here will be able to connect via Remote Desktop (unless overridden via GPO, etc.)
If it were me, i would use an A/D field to store the users' computername, and then simply use that variable in the connect script. This would save having hundreds of CNAMES. It also means you only have to store the computername-to-user relationship in one way, in one place.
just my two cents.