Windows Remote Desktop IP address Control Access Permissions

Windows Remote Desktop IP address Control Access Permissions

1,Working Group Environment

In the working group environment, because there is no Group Policy Service, you only need to open "console", add "Group Policy object Editor", and set "group policy.

1) Click "start"> "run"> "cmd", enter "mmc", and open "console ".

2) Click "file"> "Add/delete Management Unit" to open the "Add/delete Management Unit" dialog box.

3) Click "add" and select "Group Policy object Editor ",.

 

4) Click "add" and click "OK" twice to complete adding.

5) go back to the "console" and choose "Local Computer Policy"> "Computer Configuration"> "Windows Settings"> "Security Settings"> "IP Security Policy, on the local computer ". As shown in.

6) Right-click the framework on the right, select "create IP Security Policy", open the "IP Security Policy wizard", and click "Next" to open the "IP Security Policy Name" page, as shown in.

 

7) Click "Next" to open the "Secure Communication Request" Page and remove the "Activate default response rules" check box, as shown in.

8) Click "Next" to open the "completing IP Security Policy wizard" Page and remove the "Edit attributes" check box, as shown in.

 

9) Click "finish.

10) Right-click the framework on the right and select "manage IP Filter and filter operations", as shown in.

11) Select the "manage Filter Operations" tab and click the "add" button to open the "Filter Operations" page.

 

12) on the "filter operation name" Page, enter "deny" and click "Next. Open the "Block" radio button in "general filter operations", as shown in.

 

13) complete the operation.

14) Select the manage IP Filter List tab.

15)

Click the Add button to open the IP Filter list and enter the "deny" name.

 

16) Click "add", select the "Address" tab, select "any IP Address" in the "Source Address" list, and select "my IP Address" in the "target address" list ". As shown in.

17) Select the "protocol" tab, select "TCP" in the select protocol type, select the "to this port" radio button, and enter "8933" in the text box ". As shown in.

 

18) shows the successful setting.

19) on the "manage IP Filter list" tab, click the "add" button and enter "allow one IP" in the name, as shown in.

 

20) Click "add" to open the "IP Filter Properties" dialog box, select the "Address" tab, and select "a specific IP Address" in the "Source Address" list ", enter the specified IP address in the IP address text box, and select "my IP Address" in the "target address" list ". As shown in.

21) Select the "protocol" tab, select "TCP" in the "select protocol type" list, select "to this port", and enter "8933" in the corresponding text box ". As shown in.

 

22) shows the successful setting.

23) double-click 8933 to open the 8933 properties page, as shown in.

 

24) remove the "use the" add wizard "check box, click the" add "button, select the" IP Filter list "tab, and select"

Shows the single-choice button of allow one IP.

 

25) Select the "Filter Operations" tab and select the "License" radio button, as shown in.

 

26) Click OK to complete the license authorization.

27) Likewise, deny authorization is completed. For example.

 

28) shows the configuration completion information.

29) Right-click "8933" and select "Assign" to complete the operation.

 

 

2,Domain environment

First, confirm that the domain environment is complete.

The procedure is as follows:

1) in the Domain manager, choose Start> program> Administrative Tools> domain security policy ". As shown in.

 

2) Click "IP Security Policy in ActiveDirectory (Domain Name)", as shown in.

3) Right-click the framework on the right and select "create IP Security Policy". The procedure is the same as that in "Working Group Environment" Step 6 to step 29. Complete the settings.

4) generally, the Group Policy response time is "180" minutes. Double-click "8933" to open the properties page, select the "General" tab, and modify the "check Policy Change Interval" to the appropriate time.

 

 

5) if multiple IP addresses are set to access the specified server (all servers in the domain), you can add multiple "filter policies" to the "IP Filter list ". As shown in.