I have a network connectable by VPN, and want to limit most users to only be able to access certain hosts, indirectly.
It consists of several Windows hosts that will be connected by RDP. I'm more of a general guy and don't have so much knowledge about Windows Server and Terminal Services to be honest.
My goal is that the user will be able to RDP to one single machine, and from there be allowed to RDP to the the other internal servers / computers. I intend to do this by making a separate VLAN for this machine and make access rules in the firewall. The connecting users will only be able to access this VLAN, and must use this machine to access the other computers by RDP exclusively.
I have planned to implement a new server that will run admin tasks such as WSUS and backup.
This might be a dumb question, but do I have to use a blank separate computer for this task, or is it a good idea to do this on the new server? I guess make a blank desktop for each user that logs in via RDP to this server without any rights on the machine other than to use RDP, from where they can make a forward RDP connection to their desired server.
Thanks in advance for any input..
