Multiple RDP access environment depending of the origin

Descat, Dominique (Nokia - FR/Paris-Saclay) 21 Reputation points
2020-06-18T11:15:47.557+00:00

Hi all,
I would like to access by RDP to the ‘App File server’ to 2 disjointed environments from one ‘SiteX App Server’ or from another one.
How can I manage these ‘rdp’ access? By GPO and/or ps-script?
The user has only one Uid/Pwd within the AD. An easy solution will be to have 2 (or 3, or 4) Uid/Pwd for one user coming from 2, 3 or 4 'SiteX App Server'.
But I think it would be possible to have a segregation that consider the origine of the previous 'rdp' connection.
The ‘SX Environment’ could then be of the type 'Disk:\Users\SiteX\User1'.
Please, thank you to help me.
Kind regards.
Dominique

Please see the attached file:

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,370 questions
0 comments
Accepted answer
  1. JoyDutt 816 Reputation points
    2021-01-03T15:22:12.353+00:00

    Hi @Descat, Dominique (Nokia - FR/Paris-Saclay)

    One of networking options here for your scenario -- Create 2 different subnets --Subnet 1 (calling it DEV) for AVM1 and Subnet2 (calling it PROD) for AVM2 . Then all subnets 's Route Table to have entry for SRV server. A lot of control can be made from route tables of subnets. Single user id can be used.

    (If this reply was helpful please don't forget to Upvote and/or Accept as an answer, Thank You)

    Regards,
    J.D.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. TravisCragg-MSFT 5,676 Reputation points Microsoft Employee
    2020-07-20T22:06:31.073+00:00
    0 comments
  2. TravisCragg-MSFT 5,676 Reputation points Microsoft Employee
    2020-07-20T22:06:31.467+00:00
    0 comments
  3. Descat, Dominique (Nokia - FR/Paris-Saclay) 21 Reputation points
    2020-07-21T08:10:52.7+00:00

    Thank you Travis for this feedback.
    Indeed, AzureBastion could have done part of the job, but my question is beyond the 'Taget VM subnet (s)'. Let me explain, based on the diagram contained in the link you provided (https://.../bastion/bastion-overview):
    A user authenticates on AzureBastion, accesses the environment 'Azure VM 1' (AVM1), then accesses beyond on a server 'SRV' to an environment associated with 'AVM1'.
    This same user during another session authenticates on AzureBastion, accesses the environment 'Azure VM 2', then accesses beyond on the same server 'SRV' to another environment from the previous one is in relation with ' AVM2 '.
    Regarding the best category for this post, during my research on the Internet, seemed to me to be this one, but indeed, maybe the section 'Windows Server for IT pros' would be a good choice, but then what to choose in the sub-sections?
    We work with Win Srv 2016, this is architecture setup using AD and RDP, maybe with network considerations.
    I would be happy if you can redirect this post to the most appropriate tag.
    Thank you in advance for your help.
    Kind regards. Dominique

  4. Descat, Dominique (Nokia - FR/Paris-Saclay) 21 Reputation points
    2021-01-04T09:07:00.837+00:00

    Hi JoydeepDutt-2506,
    Thank you very much for this reply.
    I think this solution will be appropriate for my problem avoiding to implement additional 'AzureBastion' servers.
    In the meantime, I implemented a solution depositing a sticker on the target system and I use it to mount a disk / sticker / user directory providing a differentiation of sources and a mastery of these differentiated environments.
    Kind regards.
    Dominique

    0 comments