-2

need help here please I create standard user on my RDS server for people using a software outside office, but they can also access to any share folder on my network( it mean my other computer on the network) this server only connect to normal router in the workgroup network. not domain, not DMZ. any way I can stop them to be able to access to the share folder on my network I have done a lot research for the group policy setting, but they can only disable the user share other user folder within RDS server or stop other user access to the standard user's file, and the standard user still can access to my other computer's share folder on the network. please help, many thanks! Wayne

Bret Fisher
  • 3,963
  • 2
  • 20
  • 25
xuanyinwen
  • 1
  • 2
  • 1
    Have you tried configuring permissions on these shares? GPO is only going to work on the local RDS server since from what I gather (not really sure) you are not connected to a domain. –  Feb 23 '12 at 02:45

2 Answers2

1

The problem is your permissions on the share on the other computer. It's either allowing Public (all users) in or there is a user on that machine with the same username/password. I'm betting it's your Share and NTFS permissions on that share letting them in. Report back with details on that server i.e. OS version, share permissions list summary, NTFS permissions summary and we can help you change it.

Bret Fisher
  • 3,963
  • 2
  • 20
  • 25
  • HI Bret, thanks for your advice. I know I can edit my share permissions on all the share folder of other computers, but I got hundreds folders share on the network, so it will take long time to edit every single folder. just wonder any simple and best way to stop all user on the RDS server to access to the network folder? Regards Wayne – xuanyinwen Feb 23 '12 at 20:44
0

I have found the answer: create outgoing Windows firewall rule on this terminal server and block the SMB traffics(TCP 445) where to the certain internal addresses that we are not going to allow the users where connect to this terminal server externally to access and enable it. thanks for everyone here

xuanyinwen
  • 1
  • 2