boss wants to rww inside the lan but not from outside

Discussion in 'Windows Small Business Server' started by Pedro Leite, Oct 2, 2006.

  1. Pedro Leite

    Pedro Leite Guest

    Good afternoon

    is this scenario possible ??

    boss wants to have access to a given machine inside the lan from his office
    pc, but doesn't wanst that pc to be visible from the outside world.

    can this be done ?

    how ?

    thank you in advance

    PLeite from Portugal
     
    Pedro Leite, Oct 2, 2006
    #1
    1. Advertisements

  2. Pedro Leite

    Pedro Leite Guest

    hi.

    my bad, didn't explain my self very well

    i want to be able to rww to other stations from the outside world.
    just that one in particular, i want to be able to rww only from inside the
    lan

    thank for your help

    PLeite
    -----------------------------------------------------------------
    "Robert L [MVP - Networking]" <> escreveu na mensagem
    Assuming you have a router, make sure the port 4125 is closed. Or he can use
    remote desktop connection.

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
    "Pedro Leite" <naoehpreciso> wrote in message
    Good afternoon

    is this scenario possible ??

    boss wants to have access to a given machine inside the lan from his
    office
    pc, but doesn't wanst that pc to be visible from the outside world.

    can this be done ?

    how ?

    thank you in advance

    PLeite from Portugal
     
    Pedro Leite, Oct 2, 2006
    #2
    1. Advertisements

  3. There is a registry key that you can globally "hide" computers from Remote
    Web Workplace. As far as I know, you cannot selectively allow from the LAN
    and deny from the Internet. This key has not been fully tested so please
    make sure you document the changes below.

    On the Small Business Sever computer, open up Regedit and navigate to the
    following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal

    Right click on RemoteUserPortal and click New -> String Value. Name the
    value ExcludeList. Modify the Data to include the name of the computer you
    want to exclude. If you want to exclude multiple computers, separate them
    by a comma (no spaces).

    As an alternate, you could change the Remote Desktop port on his machine to
    a non-standard port. That way it would show up but fail to connect. If he
    wanted to connect from another LAN client, simply type in the name of the
    computer followed by the port in the Windows XP Remote Desktop Client
    (FrontDesk:3390 for example). You would then have to open a port on the
    Windows XP Firewall to allow 3390 into the Windows XP machine. The
    registry key for the Remote Desktop port on Windows XP is
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
    Server\WinStations\RDP-Tcp. The Name is PortNumber. The Data by default
    is 3389 (decimal). You could change that to 3390 (decimal) and that would
    allow Remote Desktop on port 3390 (don't forget to open the port on the
    Windows XP Firewall).

    Thank you for using Microsoft Direct Access!

    Peter Gallagher
    Microsoft Technical Support
     
    Peter Gallagher [MSFT], Oct 3, 2006
    #3
  4. Pedro Leite

    Pedro Leite Guest

    Good morning

    great !! the port seems to be the way to go.

    i can hide the machine on the remote portal using the first described
    technique and change the remote access port locally.
    we are behind a firewalled / nat router so the whatever port will be
    unvailable from the outside.

    thank you very much

    Pedro Leite from Portugal
     
    Pedro Leite, Oct 3, 2006
    #4
  5. If this machine doesn't need to be used to access the Internet, you could
    simply disable the default gateway on the NIC and then poof......no traffic
    beyond the local LAN.

    Jeff Middleton SBS-MVP




     
    Jeff Middleton [SBS-MVP], Oct 30, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.