Enable Remote Desktop in Windows firewall without ticking Public

2

I've just bought a home server with Windows Server 2012 R2 on it. When I first got it the following rules were set up in firewall inbound rules:

  • Remote Desktop - User Mode TCP in (Domain, Private) - Ticked.
  • Remote Desktop - User Mode TCP in (Public) - Not ticked.

So I could not remote to my home server from home PC (both connected to router).

I ticked "public" and was able to connect OK.

So, my PC is in the default WORKGROUP and my server is in the default WORKGROUP. (i.e. computer, properties, system). Is there anything else I need to do so that I can remote to server without ticking Public? Something in Network/sharing centre, etc.? Is there a risk with ticking "Public"?

Excelnoobster

Posted 2019-08-03T11:04:45.083

Reputation: 23

Answers

1

In Windows firewall, Public and Domain/Private refer to the two network profiles your computer can be in. A network profile describes what kind of network you're connected to. You can only be connected to one type of profile at a time.

Generally the Domain/Private profile is used when connected to a network you control and/or trust other devices on. The Public profile is for networks you don't trust, such as public WiFi hotpots. For this reason fewer services are enabled by default in the Windows firewall for the Public profile.

You can change the network profile by going to Network Connections in Control Panel.

Is there anything else I need to do so that I can remote to server without ticking Public?

You can put the computer in to the Domain/Private profile. Make sure the corresponding firewall rule is enabled.

Is there a risk with ticking "Public"?

Not if you trust the other devices on the network. However, if you do move the computer from network to network and anticipate connecting to untrusted networks, you should not enable services like Remote Desktop for the Public profile.

I say Reinstate Monica

Posted 2019-08-03T11:04:45.083

Reputation: 21 477

Thanks - still not 100% sure what you mean, Perhaps i need to understand what is meant by a "network". I have a pretty much standard router/firewall , 8 ethernet connections plus wifi. So is the router the "network hub", so to speak? Does it have a name? At the moment, the server (looking at network and sharing centre) under "view your active networks" only has one entry - "Unidentified network" and public network. On my win10, i have "network2" public network. Any ideas why are these different? – Excelnoobster – 2019-08-04T10:26:40.580

A network in this context is a group of computers that are connected to the same physical network. Your router forms the "border" of your network. They're different on the two computers, most likely because when you connected to to the network you answered differently the question Do you want other computers on this network to see this computer? Initially that's how a network gets classified as Public (answering No to that question) or Private (answering Yes). – I say Reinstate Monica – 2019-08-04T11:15:20.270

thank you, very helpful. i suspect its because i always use "public". ok, any ideas why one says unidentified, one says network2 , even though they are both public? – Excelnoobster – 2019-08-04T14:02:18.047

Windows uses a number of metrics to classify a network. This answer goes into some detail about how that works.

– I say Reinstate Monica – 2019-08-04T15:12:43.587

Asked: 2019-08-03T11:04:45.083

Viewed: 223 times

Active: 2019-08-03T14:30:26.740