0
0
Is it possible to block, with Windows settings only (no firewall), Remote Desktop connections coming outside our network and allow connections only for PCs in private LAN?
Samuel Benares
Posted 2013-09-13T14:45:59.757
Reputation: 1
Block remote desktop connection outside network
Answers
1
If you're enforcing network level authentication (only) for RDP, you can leave the port open and the user will not be able to establish a session without authenticating first.
brandonscript
Posted 2013-09-13T14:45:59.757
Reputation: 536
It might be a correct answer, but you're not really explaining how the OP should use Network Level Authentication. I would recommend you to elaborate. – Doktoro Reichard – 2013-09-13T21:10:15.877
I don't think there's any built-in way to do that specifically, as the Windows firewall was designed for that purpose. Why can't you use the firewall? – trpt4him – 2013-09-13T14:58:27.987
RDP's security is user-centric, not connection-centric, so any pc that can contact the workstation can establish an RDP connection. it may not allow the user to login, but it will connect. as such, if you want to prevent externals from accessing your system at all, you need to use networking tools like firewalls. Note that if you have a Firewall/NAT router, RDP is most likely already blocked for outsiders, unless you have allowed connections to tcp\3389 through your firewall and nat. – Frank Thomas – 2013-09-13T15:07:53.927
RDP port is configurable, so blocking 3389 will only block the default port – Keltari – 2013-09-13T16:40:14.030
You could set, using group policy, the list of allowed uses to only domain computers. That would, assuming you have no laptops outside the local network, effectively prevent outside devices from authenticating. Exceptions could, of course, be made for designated users or PC's. – Usta – 2013-09-13T21:15:20.067