Using Group Policy to Restrict Access for a New Security Group to only have access to specified Servers

mbott03 1 Reputation point
2021-06-15T19:02:07.97+00:00

Hello
I have an existing Server 2012 Environment.
We have servers that have granted permissions in windows to our admin groups, our service groups, and also Read and Execute to the local "Users" group.

I am tasked with creating a new AD security group = Done
Adding a few New user accounts to this group = Done
And having them have full Access to Existing Server1 and Server2 = Done
But denying them any and all access to Existing Server3, Server4, Server5, etc = Not Done

This seems like such a trivial task yet I can't formulate the best way to do this without modifying permissions on the existing server that I don't want the new group to have access to.

Can anyone point me in the right direction? Perhaps I am missing the obvious.

Thank you for any and all help

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,320 questions
Internet Information Services
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,580 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,939 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,442 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Vicky Wang 2,731 Reputation points
    2021-06-16T09:44:46.937+00:00

    Hi,

    Thank you for posting in our forum.

    Administrative credentials

    To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.

    To create a firewall rule that grants access to an isolated server
    Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security. You must edit the GPO that applies settings to servers in the isolated server zone.

    In the navigation pane, right-click Inbound Rules, and then click New Rule.

    On the Rule Type page, click Custom, and then click Next.

    If you must restrict access to a single network program, then you can select This program path, and specify the program or service to which to grant access. Otherwise, click All programs, and then click Next.

    If you must restrict access to only some TCP or UDP port numbers, then enter the port numbers on the Protocol and Ports page. Otherwise, set Protocol type to Any, and then click Next.

    On the Scope page, select Any IP address for both local and remote addresses, and then click Next.

    On the Action page, click Allow the connection if it is secure. If required by your design, you can also click Customize and select Require the connections to be encrypted. Click Next.

    On the Users and Computers page, select the check box for the type of accounts (computer or user) you want to allow, click Add, and then enter the group account that contains the device and user accounts permitted to access the server.

    Hope this information can help you

    Best wishes

    Vicky


  2. Vicky Wang 2,731 Reputation points
    2021-06-22T09:42:43.087+00:00

    >>***These instructions help with allowing access to the servers, but I'm trying to deny users of this particular Sec Group any access to all of these other servers in the environment

    Is there any way to do this through a GPO?***

    Thank you for your waiting and reply, according to my knowledge, there is no way to achieve it through GPO

    Hope this information can help you

    Best wishes

    Vicky

    0 comments No comments

  3. Vicky Wang 2,731 Reputation points
    2021-06-25T06:57:49.813+00:00

    Hi,

    Welcome to share your current situation if there are any updates.

    Please feel free to let us know if you need further assistance.

    Best Regards,
    Vicky

    0 comments No comments

  4. Vicky Wang 2,731 Reputation points
    2021-06-29T09:43:29.783+00:00

    Hi,

    Welcome to share your current situation if there are any updates.

    Please feel free to let us know if you need further assistance.

    Best Regards,
    Vicky

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.