防火牆規則 - 網域設定與本機設定的注意事項
加入網域後的伺服器,會套用 GPO 的原則,當然也包括防火牆的規則,但是這邊有個小細節要分享
如果我要設定讓 3389 只能允許網域中的使用者連接,於 GPO 設定該規則後,就結束了 ?
我一開始是這麼想的,但實際上發現,在防火牆規則中,會多開出一條規則,而我的操作步驟如下:
1、設定 GPO ,新增一條防火牆規則
2、在本機開啟遠端桌面連線設定
如果是按照上述的操作步驟,那麼接下來被套用 GPO 的伺服器上,會看到如下圖的防火牆規則
很不幸的, Windows 防火牆規則不同於一般的硬體式防火牆邏輯(由上而下的比對邏輯,ex: 最後一筆如有限制 3389 使用,則會採取限制行動)。根據我的測試,Windows 會採取全部承認的機制,即允許 3389 通過設定檔為 「網域」、「全部」的,這樣一來就糟了,如果伺服器有開啟對外的 IP 連線,那使用 Internet 即可連上伺服器,實在是太危險了。
所以請切記,在開啟遠端桌面連線後,務必修正防火牆設定,即便你有設定 GPO
留言與評論
Nikolaus Service Köln machen http://www.nikolausservice.com
weihnachtsGood site! I truly love how it is simple on my eyes and the data are well written. I am wondering how I might be notified whenever a new post has been made. I have subscribed to your RSS which must do the trick! Have a great day!
SEOwww.quickieseo.com
SEO DoncasterWould you be fascinated by exchanging links?
SEO CompanyI was just searching for this info for a while. After 6 hours of continuous Googleing, finally I got it in your web site. I wonder what is the lack of Google strategy that do not rank this type of informative web sites in top of the list. Normally the top sites are full of garbage.
Hi BloggersDefinitely, what a fantastic blog and educative posts, I will bookmark your site.Best Regards!
Hi BloggersWonderful goods from you, man. I have understand your stuff previous to and you're just extremely wonderful.
antiquesWonderful goods from you, man. I've understand your stuff previous to and you're just too magnificent.
antiqueWonderful goods from you, man. I have understand your stuff previous to and you are just too excellent.
war commanderMagnificent goods from you, man. I have understand your stuff previous to and you are just too fantastic.
war commanderMagnificent goods from you, man. I have understand your stuff previous to and you are just extremely magnificent.
yu-gi-oh vrains episode 60Great goods from you, man. I've understand your stuff previous to and you are just extremely wonderful.
yugioh cards starter deck本篇文章的留言功能已關閉!