Locking down Remote Desktop.

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I know there is a way to change the listening port for
the remote desktop but what I am wondering is there a
function or a registry setting to allow me to specify
what IP's are allowed to connect to the machines remote
desktop instead of which users are allowed?
4 answers Last reply
More about locking remote desktop
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    You can change the listening port on the RD host. Make sure you reboot the PC after making the
    change..

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304

    I know of no way to restrict access to a RD host by IP...Perhaps someone else does...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Anon" <Carmexman@hotmail.com> wrote in message news:1aae301c44eef$cbebe040$a501280a@phx.gbl...
    >I know there is a way to change the listening port for
    > the remote desktop but what I am wondering is there a
    > function or a registry setting to allow me to specify
    > what IP's are allowed to connect to the machines remote
    > desktop instead of which users are allowed?
    >


    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Actually, I misspoke on the restrict by IP issue. With the new XP SP2 Windows Firewall a user can
    specify access to remote users trying to connect via Remote Desktop to specific IP addresses, ie.
    allow only certain IP addresses to access TCP Port 3389... Its possible other firewall/NAT/routers
    may have that same functionality, ie. the ability to filter incoming IP addresses and block access
    to certain ports...

    Note that SP2 has not been officially released yet...and is still undergoing beta testing...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
    news:ON48mLvTEHA.2716@tk2msftngp13.phx.gbl...
    > You can change the listening port on the RD host. Make sure you reboot the PC after making the
    > change..
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304
    >
    > I know of no way to restrict access to a RD host by IP...Perhaps someone else does...
    >
    > --
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no rights...
    >
    > "Anon" <Carmexman@hotmail.com> wrote in message news:1aae301c44eef$cbebe040$a501280a@phx.gbl...
    >>I know there is a way to change the listening port for
    >> the remote desktop but what I am wondering is there a
    >> function or a registry setting to allow me to specify
    >> what IP's are allowed to connect to the machines remote
    >> desktop instead of which users are allowed?
    >>
    >
    >
    > ---
    > Outgoing mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004


    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    If you don't want to risk installing SP2-beta then Kerio Personal Firewall
    will allow you to specify IP ranges. I use Kerio right now. Be warned - it
    is VERY anal! You have to teach it everything. I originally thought this
    would be a good thing but the fact of the matter is that no one has enough
    time to research every IP address that your computer connects to. So I now
    just say "allow connection" without much consideration as to whether or not
    it's a good idea.

    Thanks,
    Jack


    "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
    news:eNNzIXvTEHA.1472@TK2MSFTNGP12.phx.gbl...
    > Actually, I misspoke on the restrict by IP issue. With the new XP SP2
    Windows Firewall a user can
    > specify access to remote users trying to connect via Remote Desktop to
    specific IP addresses, ie.
    > allow only certain IP addresses to access TCP Port 3389... Its possible
    other firewall/NAT/routers
    > may have that same functionality, ie. the ability to filter incoming IP
    addresses and block access
    > to certain ports...
    >
    > Note that SP2 has not been officially released yet...and is still
    undergoing beta testing...
    >
    > --
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual
    benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no
    rights...
    >
    > "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
    > news:ON48mLvTEHA.2716@tk2msftngp13.phx.gbl...
    > > You can change the listening port on the RD host. Make sure you reboot
    the PC after making the
    > > change..
    > >
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304
    > >
    > > I know of no way to restrict access to a RD host by IP...Perhaps someone
    else does...
    > >
    > > --
    > > Al Jarvi (MS-MVP Windows Networking)
    > >
    > > Please post *ALL* questions and replies to the news group for the mutual
    benefit of all of us...
    > > The MS-MVP Program - http://mvp.support.microsoft.com
    > > This posting is provided "AS IS" with no warranties, and confers no
    rights...
    > >
    > > "Anon" <Carmexman@hotmail.com> wrote in message
    news:1aae301c44eef$cbebe040$a501280a@phx.gbl...
    > >>I know there is a way to change the listening port for
    > >> the remote desktop but what I am wondering is there a
    > >> function or a registry setting to allow me to specify
    > >> what IP's are allowed to connect to the machines remote
    > >> desktop instead of which users are allowed?
    > >>
    > >
    > >
    > > ---
    > > Outgoing mail is certified Virus Free.
    > > Checked by AVG anti-virus system (http://www.grisoft.com).
    > > Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
    >
    >
    > ---
    > Outgoing mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
    >
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Not trivial, but you can also use IPSEC filters to limit access by IP
    address...

    Jeffrey Randow (Windows Networking & Smart Display MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

    On Thu, 10 Jun 2004 09:18:19 -0500, "Sooner Al"
    <SoonerAl@somewhere.net.invalid> wrote:

    >Actually, I misspoke on the restrict by IP issue. With the new XP SP2 Windows Firewall a user can
    >specify access to remote users trying to connect via Remote Desktop to specific IP addresses, ie.
    >allow only certain IP addresses to access TCP Port 3389... Its possible other firewall/NAT/routers
    >may have that same functionality, ie. the ability to filter incoming IP addresses and block access
    >to certain ports...
    >
    >Note that SP2 has not been officially released yet...and is still undergoing beta testing...
Ask a new question

Read More

Remote Desktop Microsoft Windows XP