How can I disable incoming remote desktop connections while I run an "outgoing" remote desktop session?

4

1

The setup: I have an office PC running Windows XP. However, I usually have to work at (i.e., be physically present at) various labs, where there are lab PCs. In order to still have all my programs and scripts available, I open a remote desktop connection from the lab PC to the office PC.

The problem: The lab PCs are shared between many users, and sometimes co-workers open a remote desktop session to them. If I am running a full-screen remote session from the lab PC to my office PC at that moment, then the co-worker unkowingly lands on the desktop of my Office PC, and hilarity ensues.

The temporary work-around: I tend to disable incoming remote connections while I am at the lab PCs. (Right click on "Workspace", choose the "Remote" tab, unclick the "Allow incoming Remote connections" checkbox). However, I also tend to forget to re-enable them, which makes my co-workers unhappy.

Is there any better solution? A permament setting that disallows "forwarding" of the remote desktop session? Or a script, maybe, that disables incoming remote desktop connections while the outgoing connection is active?

Martin J.H.

Posted 2013-10-04T09:05:38.830

Reputation: 440

In one line.. you want to restrict a single person access to the remote desktop at a single time. Is that correct ? – Pradip – 2013-10-04T09:30:43.977

@Pradip: I am not sure I understand your question. In one line: On the shared machine (in the lab) that I am sitting in front of, I want to disable "incoming" RDP connections for as long as I have an "outgoing" RDP connection (to my personal work PC) active. – Martin J.H. – 2013-10-04T12:26:42.303

Answers

2

If you want to enable and disable "Remote desktop" in a script you can use the following:

To disable:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f

To enable:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

If you use it in a batch file like this it works:
This will prevent anyone from connecting to your Office-pc on which you started "Remote Desktop" to a Lab-pc)

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
start /wait mstsc.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

You could also specify to which host you want to connect starting mstsc.exe.

However, you do need to run this as administrator. (Right-click and Run as administrator)

If you want to disable new connection to the machine you're taking over (the Lab-pc's) you need to add some of these commands to the taskmanager to execute on remote logon and logoff. But as I understood it you want to disable it on your Office-Pc while connecting to the Lab-pc for which you can use this batch file.

Rik

Posted 2013-10-04T09:05:38.830

Reputation: 11 800

Thanks, it works! I want to connect from the lab PC to my office PC, but fortunately I have administrator rights on all Lab PCs. The script runs great, I don't even need to Run as administrator. (We really should review our IT security policies...) Thanks! – Martin J.H. – 2013-10-04T12:41:51.387

Aaa, yes. It's XP. There, if you have administrator rights, you don't have to Run as administrator. That's only with Windows Vista and higher. – Rik – 2013-10-04T13:58:54.580

Asked: 2013-10-04T09:05:38.830

Viewed: 893 times

Active: 2013-10-04T15:04:34.180