Needed a remote user to be able to access a server (with admin rights) but nothing else on the LAN. Without getting into detail, the option for using VLANs (tagged or otherwise) wasn’t available, so needed a simple solution. Using the existing Draytek router I created a ‘remote dial-in user’ account and gave the connection a specific internal IP address. Then in the firewall rules on the router I configured two entries on it so that this specific address could only access the one internal address, all others were blocked as per this Draytek KB article.
Add domain account as local administrator on remote computer
To add a domain account to the local Administrators group on a machine that is domain joined, but is remote from the...