1

Whenever anyone connects through Remote Desktop to my Windows 2003 server, I want to check his computer name (hostname) along with his username so I can allow the user to log in.

I don't know scripting, if somebody can help with steps I will be thankful. I want to allow access only to specific users with specific computer names.

jonsca
  • 125
  • 1
  • 1
  • 10
nitin
  • 11
  • 1
  • Are you using Active Directory or is this a standalone server? – James O'Gorman Dec 01 '12 at 10:09
  • 1
    Are you asking the other person if he has the right to log in? (And said other person has control over his own computer, including computer name and account name). Security wise that seems doubtful. – Hennes Dec 01 '12 at 11:38
  • Its a standalone server.I want only as per my list of host and users person allow to login on remote – nitin Dec 01 '12 at 12:05
  • I am not using Active Directory. – nitin Dec 01 '12 at 12:07

2 Answers2

0

Doing what you suggest with DNS is generally considered insecure (if I can penetrate your firewall and I have control of reverse DNS for my IP I can pretend to be any host I want).

A restricted list of allowed IP addresses is generally considered safer (particularly if enforced by Windows Firewall or your edge firewall -- unauthorized hosts won't even see the port as open).

voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • Yes you are right restricted list of allowed ip address is good. But my user will connect through internet so every time their IP address is dynamic, so how do I handle this without router level & firewall. – nitin Dec 04 '12 at 11:10
  • . . . if the IP is dynamic hostname checking won't work either (the reverse DNS lookup will be different every time even if there's no foul play. If you were suggesting trusting a "hostname" supplied by the client please rethink your entire security model). It sounds like what you really need/want is a VPN. – voretaq7 Dec 04 '12 at 16:08
0

Here's a script you can use to check the client name of the connecting computer. You'll need to enter a line for every computer name that you DO want to be able to connect, which means that you'll need to know the computer name for every user who will be allowed to log on. Edit to suit your needs:

IF %CLIENTNAME% == ComputerName1 GOTO OK

IF %CLIENTNAME% == ComputerName2 GOTO OK

msg * You are not authorized to login from this location. You will be logged off in 10 seconds.

sleep 10

LOGOFF

:OK

EXIT

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • This is exactly I want, but please let me know how to implement in windows server 2003. I tried above script by saving the same in batch file and assign that batch file to the user profile, but it couldn't work. I also check in internet batch file won't work in windos server 2003. Please help me how to execute above script, please let me know steps. – nitin Dec 04 '12 at 11:46
  • What is an "internet batch file"? Also, where did you put the script when you assigned it to the user profile? – joeqwerty Dec 04 '12 at 15:12
  • internet means ...I tried to connect remote login through internet to windows 2003 server that time batch file won't work. – nitin Dec 05 '12 at 09:35
  • script will be saved as batch file and stored in C:\WINDOWS\system32\drivers\etc and then assigned to user profile – nitin Dec 05 '12 at 09:43
  • Can somebody revert on this. – nitin Dec 25 '12 at 11:12
  • What do you mean "Can somebody revert on this"? – joeqwerty Dec 25 '12 at 14:54
  • I had written following batch file for windows server 2003 for checking client name while login, when i checked at command prompt it shows correct result but when i mentioned in user startup profile for valid users, its doing log-off. Batch file written as below : @echo off IF "%CLIENTNAME%" == "17-NIT" goto :eof IF "%CLIENTNAME%" == "ComputerName2" (goto :eof) else ( sleep 5 shutdown -l) Please help in this regard. – nitin Dec 26 '12 at 09:53