first of all the system is Windows Server 2012 R2 Standard
Right now I can access Remote Desktop Connection from anywhere outside the network using the servers credentials, but id like to make it so only "HOME-PC\John" can access it and nobody else! So for example your on "HOME-PC" and you are logged in as "Smith", it should not allow you to connect to the server.
Any help is greatly appreciated!
The simplest way to do it is to modify inbound firewall rule that is responsible for RDP.
Modify rule so that only "HOME-PC\John" can pass trough firewall.
Another possibility is to create IP Sec rule.
In any case once "John" gets RDP session, "Smith" will be logged out.
would the first option also keep out lazy/lucky hackers?
also please elaborate on the second option, also if "Smith" will be logged out wouldent that mean he got entry? im trying to prevent that from happening for anyone/everyone except "John" thought Group Policies were the go to for this
Yes it should as long as your PC isn't already compromised.
IP Sec rule applies to end to end encryption, it takes a bit more than just setting up firewall rule.
See 2 links:
https://docs.microsoft.com/en-us/win...ire-encryption
https://docs.microsoft.com/en-us/win...by-using-ikev2
During remote session only one user may logged on, so if "John" connects to server while you're logged in then you're out to log in screen and before this happens you'll see a message, and that's how you know somebody is connecting.
At least that's how it works on Windows 10, on server you may be able to go other way around, example:
How can I enable multiple users login at a time in remote system? - Super User
https://docs.microsoft.com/en-us/win...ices/rds-roles
This all applies only to Remote Desktop that is part of Windows, not some other 3rd party remote desktop programs.
If you're afraid of hackers remoting into your computer none of the told so far will help.
Right now I don't know what kind of remote desktop service or program are we talking about?
Is it RDP, teamviewer, vnc, something else?
On target computer where you want to limit RDP to single person (that is local user), open up firewall advanced properties, locate "Remote desktop" inbound rule, double click it, and specify "local users" property to which this rule should apply.
That's it, next step is to test it.
- - - Updated - - -
btw. if your firewall is managed trough GPO, you should modify rule in GPO firewall instead.
however if it's managed within AD by network administrator then it could be easily overridden, ex. by another "allow" rule.
It doesn't matter from where they are connecting, because in order for them to connect they need to do so by specifying local Administrator account username/password.
Which one of the local accounts is used for RDP?
- - - Updated - - -
Unless I'm wrong on how RDP over internet or intranet works?
Quote
