Sign in with
Sign up | Sign in
Your question

how to prevent users from using remote desktop to connect ..

Last response: in Windows XP
Share
Anonymous
June 3, 2004 12:18:53 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

Know of a way to prevent users from using the mstsc.exe to
connect to their home PCs from work?
Anonymous
June 3, 2004 3:35:55 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Block outbound TCP port 3389 in your firewall.

Sinassah wrote:
> Hi,
>
> Know of a way to prevent users from using the mstsc.exe to
> connect to their home PCs from work?
Anonymous
June 3, 2004 4:15:30 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Sinassah wrote:
> Know of a way to prevent users from using the mstsc.exe to
> connect to their home PCs from work?

Lanwench [MVP - Exchange] wrote:
> Block outbound TCP port 3389 in your firewall.

That will work only so long as they do not know how to change the port on
their home machines.

You could add it to the "do not allow to run" list in group policy, but they
could still run it from command line.

I guess you could add it via the HASH instead of by name as well..

Truthfully, if your people are smart, they can get around just about
anything you do to get to their home machine (which you don't control.)

--
<- Shenan ->
--
The information is provided "as is", with no guarantees of
completeness, accuracy or timeliness, and without warranties of any
kind, express or implied. In other words, read up before you take any
advice - you are the one ultimately responsible for your actions.
Related resources
Anonymous
June 3, 2004 1:07:43 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Shenan Stanley wrote:
> Sinassah wrote:
>> Know of a way to prevent users from using the mstsc.exe to
>> connect to their home PCs from work?
>
> Lanwench [MVP - Exchange] wrote:
>> Block outbound TCP port 3389 in your firewall.
>
> That will work only so long as they do not know how to change the
> port on their home machines.

Then allow only outbound 80 and 443? ;-)

> You could add it to the "do not allow to run" list in group policy,
> but they could still run it from command line.
>
> I guess you could add it via the HASH instead of by name as well..
>
> Truthfully, if your people are smart, they can get around just about
> anything you do to get to their home machine (which you don't
> control.)

Proxy server/ISA would prevent this too, IIRC....
>
> --
> <- Shenan ->
Anonymous
June 4, 2004 12:26:45 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Don't open any ports outbound in the firewall that aren't required. Proxy
web requests on port 80.

"Shenan Stanley" <news_helper@hushmail.com> wrote in message
news:erFSMnSSEHA.3020@TK2MSFTNGP10.phx.gbl...
> Sinassah wrote:
>> Know of a way to prevent users from using the mstsc.exe to
>> connect to their home PCs from work?
>
> Lanwench [MVP - Exchange] wrote:
>> Block outbound TCP port 3389 in your firewall.
>
> That will work only so long as they do not know how to change the port on
> their home machines.
>
> You could add it to the "do not allow to run" list in group policy, but
> they
> could still run it from command line.
>
> I guess you could add it via the HASH instead of by name as well..
>
> Truthfully, if your people are smart, they can get around just about
> anything you do to get to their home machine (which you don't control.)
>
> --
> <- Shenan ->
> --
> The information is provided "as is", with no guarantees of
> completeness, accuracy or timeliness, and without warranties of any
> kind, express or implied. In other words, read up before you take any
> advice - you are the one ultimately responsible for your actions.
>
>
Anonymous
June 5, 2004 1:27:33 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

You can still tunnel... There is the HTTP-Tunnel service...


Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Thu, 3 Jun 2004 09:07:43 -0400, "Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote:

>Shenan Stanley wrote:
>> Sinassah wrote:
>>> Know of a way to prevent users from using the mstsc.exe to
>>> connect to their home PCs from work?
>>
>> Lanwench [MVP - Exchange] wrote:
>>> Block outbound TCP port 3389 in your firewall.
>>
>> That will work only so long as they do not know how to change the
>> port on their home machines.
>
>Then allow only outbound 80 and 443? ;-)
>
>> You could add it to the "do not allow to run" list in group policy,
>> but they could still run it from command line.
>>
>> I guess you could add it via the HASH instead of by name as well..
>>
>> Truthfully, if your people are smart, they can get around just about
>> anything you do to get to their home machine (which you don't
>> control.)
>
>Proxy server/ISA would prevent this too, IIRC....
>>
>> --
>> <- Shenan ->
>
Anonymous
June 5, 2004 1:57:10 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

<argle>


Jeffrey Randow (MVP) wrote:
> You can still tunnel... There is the HTTP-Tunnel service...
>
>
> Jeffrey Randow (Windows Networking & Smart Display MVP)
> jeffreyr-support@remotenetworktechnology.com
>
> Please post all responses to the newsgroups for the benefit
> of all USENET users. Messages sent via email may or may not
> be answered depending on time availability....
>
> Remote Networking Technology Support Site -
> http://www.remotenetworktechnology.com
> Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
>
> On Thu, 3 Jun 2004 09:07:43 -0400, "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote:
>
>> Shenan Stanley wrote:
>>> Sinassah wrote:
>>>> Know of a way to prevent users from using the mstsc.exe to
>>>> connect to their home PCs from work?
>>>
>>> Lanwench [MVP - Exchange] wrote:
>>>> Block outbound TCP port 3389 in your firewall.
>>>
>>> That will work only so long as they do not know how to change the
>>> port on their home machines.
>>
>> Then allow only outbound 80 and 443? ;-)
>>
>>> You could add it to the "do not allow to run" list in group policy,
>>> but they could still run it from command line.
>>>
>>> I guess you could add it via the HASH instead of by name as well..
>>>
>>> Truthfully, if your people are smart, they can get around just about
>>> anything you do to get to their home machine (which you don't
>>> control.)
>>
>> Proxy server/ISA would prevent this too, IIRC....
>>>
>>> --
>>> <- Shenan ->
!