Locking down Remote Desktop.

[Anon]

I know there is a way to change the listening port for
the remote desktop but what I am wondering is there a
function or a registry setting to allow me to specify
what IP's are allowed to connect to the machines remote
desktop instead of which users are allowed?

 

[Sooner Al]

You can change the listening port on the RD host. Make sure you reboot the PC after making the
change..

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304

I know of no way to restrict access to a RD host by IP...Perhaps someone else does...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

 

[Sooner Al]

Actually, I misspoke on the restrict by IP issue. With the new XP SP2 Windows Firewall a user can
specify access to remote users trying to connect via Remote Desktop to specific IP addresses, ie.
allow only certain IP addresses to access TCP Port 3389... Its possible other firewall/NAT/routers
may have that same functionality, ie. the ability to filter incoming IP addresses and block access
to certain ports...

Note that SP2 has not been officially released yet...and is still undergoing beta testing...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

 

[Daniel Kelly \(AKA Jack\)]

If you don't want to risk installing SP2-beta then Kerio Personal Firewall
will allow you to specify IP ranges. I use Kerio right now. Be warned - it
is VERY anal! You have to teach it everything. I originally thought this
would be a good thing but the fact of the matter is that no one has enough
time to research every IP address that your computer connects to. So I now
just say "allow connection" without much consideration as to whether or not
it's a good idea.

Thanks,
Jack

 

[Jeffrey Randow (MVP)]

Not trivial, but you can also use IPSEC filters to limit access by IP
address...

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone