Originally Posted by TJJEEP
With a limited budget and the scenario you posted I would do this one of two ways. It is not ideal but will get the job done.
A) Three servers. 1- Domain controller, 1- RDP server, 1-RDP Gateway. Everyone who has to connect inside and outside of the network needs their own account on the domain. Through NTFS permissions you can restrict access to resources like file shares and other computers.
B) Two servers. 1- Domain Controller, 1-RDP Server, VPN Access
What do you have for VPN? Does your VPN appliance support RADIUS authentication?
RDP gateway is just a role that Windows server can do. Windows servers have roles and features.
If you want to start restricting access to resources it's time for a domain and a domain will be needed if your company grows. You will use NTFS permission and group policies to restrict access to resources. This is throwing security out the window having three separate companies access the same resources but I doubt your budget allows for anything else.
When I do the VPN I can direct it to one IP address. That will take care of the domain problem. if they can only access the server, I can control access through server permissions.
The router has RADIUS on it. I dont know what it is or how to set it up, but I can call tech support. My disk station has the ability to do a RADIUS server. It said it had something to do with wireless access????
I thought Windows server controls the domain by the users log in on the windows machine??