how to prevent users from using remote desktop to connect ..

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

Know of a way to prevent users from using the mstsc.exe to
connect to their home PCs from work?
6 answers Last reply
More about prevent users remote desktop connect
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Block outbound TCP port 3389 in your firewall.

    Sinassah wrote:
    > Hi,
    >
    > Know of a way to prevent users from using the mstsc.exe to
    > connect to their home PCs from work?
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Sinassah wrote:
    > Know of a way to prevent users from using the mstsc.exe to
    > connect to their home PCs from work?

    Lanwench [MVP - Exchange] wrote:
    > Block outbound TCP port 3389 in your firewall.

    That will work only so long as they do not know how to change the port on
    their home machines.

    You could add it to the "do not allow to run" list in group policy, but they
    could still run it from command line.

    I guess you could add it via the HASH instead of by name as well..

    Truthfully, if your people are smart, they can get around just about
    anything you do to get to their home machine (which you don't control.)

    --
    <- Shenan ->
    --
    The information is provided "as is", with no guarantees of
    completeness, accuracy or timeliness, and without warranties of any
    kind, express or implied. In other words, read up before you take any
    advice - you are the one ultimately responsible for your actions.
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Shenan Stanley wrote:
    > Sinassah wrote:
    >> Know of a way to prevent users from using the mstsc.exe to
    >> connect to their home PCs from work?
    >
    > Lanwench [MVP - Exchange] wrote:
    >> Block outbound TCP port 3389 in your firewall.
    >
    > That will work only so long as they do not know how to change the
    > port on their home machines.

    Then allow only outbound 80 and 443? ;-)

    > You could add it to the "do not allow to run" list in group policy,
    > but they could still run it from command line.
    >
    > I guess you could add it via the HASH instead of by name as well..
    >
    > Truthfully, if your people are smart, they can get around just about
    > anything you do to get to their home machine (which you don't
    > control.)

    Proxy server/ISA would prevent this too, IIRC....
    >
    > --
    > <- Shenan ->
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Don't open any ports outbound in the firewall that aren't required. Proxy
    web requests on port 80.

    "Shenan Stanley" <news_helper@hushmail.com> wrote in message
    news:erFSMnSSEHA.3020@TK2MSFTNGP10.phx.gbl...
    > Sinassah wrote:
    >> Know of a way to prevent users from using the mstsc.exe to
    >> connect to their home PCs from work?
    >
    > Lanwench [MVP - Exchange] wrote:
    >> Block outbound TCP port 3389 in your firewall.
    >
    > That will work only so long as they do not know how to change the port on
    > their home machines.
    >
    > You could add it to the "do not allow to run" list in group policy, but
    > they
    > could still run it from command line.
    >
    > I guess you could add it via the HASH instead of by name as well..
    >
    > Truthfully, if your people are smart, they can get around just about
    > anything you do to get to their home machine (which you don't control.)
    >
    > --
    > <- Shenan ->
    > --
    > The information is provided "as is", with no guarantees of
    > completeness, accuracy or timeliness, and without warranties of any
    > kind, express or implied. In other words, read up before you take any
    > advice - you are the one ultimately responsible for your actions.
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    You can still tunnel... There is the HTTP-Tunnel service...


    Jeffrey Randow (Windows Networking & Smart Display MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

    On Thu, 3 Jun 2004 09:07:43 -0400, "Lanwench [MVP - Exchange]"
    <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote:

    >Shenan Stanley wrote:
    >> Sinassah wrote:
    >>> Know of a way to prevent users from using the mstsc.exe to
    >>> connect to their home PCs from work?
    >>
    >> Lanwench [MVP - Exchange] wrote:
    >>> Block outbound TCP port 3389 in your firewall.
    >>
    >> That will work only so long as they do not know how to change the
    >> port on their home machines.
    >
    >Then allow only outbound 80 and 443? ;-)
    >
    >> You could add it to the "do not allow to run" list in group policy,
    >> but they could still run it from command line.
    >>
    >> I guess you could add it via the HASH instead of by name as well..
    >>
    >> Truthfully, if your people are smart, they can get around just about
    >> anything you do to get to their home machine (which you don't
    >> control.)
    >
    >Proxy server/ISA would prevent this too, IIRC....
    >>
    >> --
    >> <- Shenan ->
    >
  6. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    <argle>


    Jeffrey Randow (MVP) wrote:
    > You can still tunnel... There is the HTTP-Tunnel service...
    >
    >
    > Jeffrey Randow (Windows Networking & Smart Display MVP)
    > jeffreyr-support@remotenetworktechnology.com
    >
    > Please post all responses to the newsgroups for the benefit
    > of all USENET users. Messages sent via email may or may not
    > be answered depending on time availability....
    >
    > Remote Networking Technology Support Site -
    > http://www.remotenetworktechnology.com
    > Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
    >
    > On Thu, 3 Jun 2004 09:07:43 -0400, "Lanwench [MVP - Exchange]"
    > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote:
    >
    >> Shenan Stanley wrote:
    >>> Sinassah wrote:
    >>>> Know of a way to prevent users from using the mstsc.exe to
    >>>> connect to their home PCs from work?
    >>>
    >>> Lanwench [MVP - Exchange] wrote:
    >>>> Block outbound TCP port 3389 in your firewall.
    >>>
    >>> That will work only so long as they do not know how to change the
    >>> port on their home machines.
    >>
    >> Then allow only outbound 80 and 443? ;-)
    >>
    >>> You could add it to the "do not allow to run" list in group policy,
    >>> but they could still run it from command line.
    >>>
    >>> I guess you could add it via the HASH instead of by name as well..
    >>>
    >>> Truthfully, if your people are smart, they can get around just about
    >>> anything you do to get to their home machine (which you don't
    >>> control.)
    >>
    >> Proxy server/ISA would prevent this too, IIRC....
    >>>
    >>> --
    >>> <- Shenan ->
Ask a new question

Read More

Remote Desktop Connection Microsoft Windows XP