How to restrict RDP connection to specific source machines and specific users (both restrictions acting simultaneously)?

Igor Gershgorin 21 Reputation points
2021-01-18T19:29:14.597+00:00

The company I work for has an Active Directory server and a lot of users' workstations/PCs in the domain. Needless to say, switches, routers, firewalls and a virtual infrastructure are also present. My question is, how do I go about configuring this whole system in such a way, that I restrict RDP access to certain PCs to be allowed only from specific PCs and only from specific users (both restrictions - source machines and specific users - have to act simultaneously)? What I mean is, for example, if there are the following PCs in my company:

PC-A
PC-B
PC-C
PC-D
and so on

and the following users:

USER-A
USER-B
USER-C
USER-D
and so on

and I want to configure the whole system in such a way, that the workstation PC-D will accept RDP connections only when BOTH of the following conditions are true:

The RDP connection is made from either of the workstations PC-A or PC-B (but NOT from PC-C)
The RDP connection is made from either of the users USER-A and USER-B (but NOT from USER-C)
How can I do that? If there are several ways to accomplish the above, then, please, tell me all of them.
With gratitude,
Igor.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,838 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,234 questions
Accepted answer
  1. Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,671 Reputation points Microsoft Vendor
    2021-01-19T03:31:19.723+00:00

    Hi,

    The RDP connection is made from either of the workstations PC-A or PC-B (but NOT from PC-C)

    On PC-D, open the firewall settings>set inbound rules "Remote Desktop - User Mode (TCP-In) & Remote Desktop - User Mode (UDP-In)">navigate to General tab>select Allow the connection if it is secure>navigate to Remote Computers tab>sellect Only allow connections from these computers>add PC-A and PC-B to the list
    57830-image.png
    57944-image.png
    57817-image.png

    The RDP connection is made from either of the users USER-A and USER-B (but NOT from USER-C)

    On PC-D, open Local Users and Groups>double click "Remote Desktop Users" group>add USER-A and USER-B to the list
    57818-image.png

    Setting both of the above at the same time should restrict RDP connection to source machines and specific users simultaneously.

    Thanks,
    Eleven

    If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhattarai, Rupesh 1 Reputation point
    2022-10-06T15:08:15.997+00:00

    I need to do the same thing via GPO. I have applied a GPO setting but it doesn't work for me for some reason. Do you have any inputs?

    0 comments