Sign in with
Sign up | Sign in
Your question

Locking down Remote Desktop.

Last response: in Windows XP
Share
June 10, 2004 10:35:29 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I know there is a way to change the listening port for
the remote desktop but what I am wondering is there a
function or a registry setting to allow me to specify
what IP's are allowed to connect to the machines remote
desktop instead of which users are allowed?

More about : locking remote desktop

Anonymous
June 10, 2004 12:57:45 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

You can change the listening port on the RD host. Make sure you reboot the PC after making the
change..

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304

I know of no way to restrict access to a RD host by IP...Perhaps someone else does...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Anon" <Carmexman@hotmail.com> wrote in message news:1aae301c44eef$cbebe040$a501280a@phx.gbl...
>I know there is a way to change the listening port for
> the remote desktop but what I am wondering is there a
> function or a registry setting to allow me to specify
> what IP's are allowed to connect to the machines remote
> desktop instead of which users are allowed?
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
Anonymous
June 10, 2004 1:18:19 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Actually, I misspoke on the restrict by IP issue. With the new XP SP2 Windows Firewall a user can
specify access to remote users trying to connect via Remote Desktop to specific IP addresses, ie.
allow only certain IP addresses to access TCP Port 3389... Its possible other firewall/NAT/routers
may have that same functionality, ie. the ability to filter incoming IP addresses and block access
to certain ports...

Note that SP2 has not been officially released yet...and is still undergoing beta testing...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
news:o N48mLvTEHA.2716@tk2msftngp13.phx.gbl...
> You can change the listening port on the RD host. Make sure you reboot the PC after making the
> change..
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304
>
> I know of no way to restrict access to a RD host by IP...Perhaps someone else does...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no rights...
>
> "Anon" <Carmexman@hotmail.com> wrote in message news:1aae301c44eef$cbebe040$a501280a@phx.gbl...
>>I know there is a way to change the listening port for
>> the remote desktop but what I am wondering is there a
>> function or a registry setting to allow me to specify
>> what IP's are allowed to connect to the machines remote
>> desktop instead of which users are allowed?
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
Related resources
Anonymous
June 14, 2004 8:23:13 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

If you don't want to risk installing SP2-beta then Kerio Personal Firewall
will allow you to specify IP ranges. I use Kerio right now. Be warned - it
is VERY anal! You have to teach it everything. I originally thought this
would be a good thing but the fact of the matter is that no one has enough
time to research every IP address that your computer connects to. So I now
just say "allow connection" without much consideration as to whether or not
it's a good idea.

Thanks,
Jack


"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
news:eNNzIXvTEHA.1472@TK2MSFTNGP12.phx.gbl...
> Actually, I misspoke on the restrict by IP issue. With the new XP SP2
Windows Firewall a user can
> specify access to remote users trying to connect via Remote Desktop to
specific IP addresses, ie.
> allow only certain IP addresses to access TCP Port 3389... Its possible
other firewall/NAT/routers
> may have that same functionality, ie. the ability to filter incoming IP
addresses and block access
> to certain ports...
>
> Note that SP2 has not been officially released yet...and is still
undergoing beta testing...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
rights...
>
> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
> news:o N48mLvTEHA.2716@tk2msftngp13.phx.gbl...
> > You can change the listening port on the RD host. Make sure you reboot
the PC after making the
> > change..
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304
> >
> > I know of no way to restrict access to a RD host by IP...Perhaps someone
else does...
> >
> > --
> > Al Jarvi (MS-MVP Windows Networking)
> >
> > Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
> > The MS-MVP Program - http://mvp.support.microsoft.com
> > This posting is provided "AS IS" with no warranties, and confers no
rights...
> >
> > "Anon" <Carmexman@hotmail.com> wrote in message
news:1aae301c44eef$cbebe040$a501280a@phx.gbl...
> >>I know there is a way to change the listening port for
> >> the remote desktop but what I am wondering is there a
> >> function or a registry setting to allow me to specify
> >> what IP's are allowed to connect to the machines remote
> >> desktop instead of which users are allowed?
> >>
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
>
Anonymous
June 14, 2004 11:37:56 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Not trivial, but you can also use IPSEC filters to limit access by IP
address...

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Thu, 10 Jun 2004 09:18:19 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:

>Actually, I misspoke on the restrict by IP issue. With the new XP SP2 Windows Firewall a user can
>specify access to remote users trying to connect via Remote Desktop to specific IP addresses, ie.
>allow only certain IP addresses to access TCP Port 3389... Its possible other firewall/NAT/routers
>may have that same functionality, ie. the ability to filter incoming IP addresses and block access
>to certain ports...
>
>Note that SP2 has not been officially released yet...and is still undergoing beta testing...
!