How do you limit Remote Desktop Connection access to one outside user?

Page 1 of 2 12 LastLast

  1. Posts : 65
    WINDOWS 10
       #1

    How do you limit Remote Desktop Connection access to one outside user?


    first of all the system is Windows Server 2012 R2 Standard

    Right now I can access Remote Desktop Connection from anywhere outside the network using the servers credentials, but id like to make it so only "HOME-PC\John" can access it and nobody else! So for example your on "HOME-PC" and you are logged in as "Smith", it should not allow you to connect to the server.

    Any help is greatly appreciated!
      My Computer

  2. zebal's Avatar
    Posts : 908
    Windows 10 Pro x64 20H2 (Build: 19042.867)
       #2

    The simplest way to do it is to modify inbound firewall rule that is responsible for RDP.
    Modify rule so that only "HOME-PC\John" can pass trough firewall.

    Another possibility is to create IP Sec rule.
    In any case once "John" gets RDP session, "Smith" will be logged out.
      My Computer


  3. Posts : 65
    WINDOWS 10
    Thread Starter
       #3

    zebal said:
    The simplest way to do it is to modify inbound firewall rule that is responsible for RDP.
    Modify rule so that only "HOME-PC\John" can pass trough firewall.

    Another possibility is to create IP Sec rule.
    In any case once "John" gets RDP session, "Smith" will be logged out.
    would the first option also keep out lazy/lucky hackers?

    also please elaborate on the second option, also if "Smith" will be logged out wouldent that mean he got entry? im trying to prevent that from happening for anyone/everyone except "John" thought Group Policies were the go to for this
      My Computer

  4. zebal's Avatar
    Posts : 908
    Windows 10 Pro x64 20H2 (Build: 19042.867)
       #4

    ReallyFrustratd said:
    would the first option also keep out lazy/lucky hackers?
    Yes it should as long as your PC isn't already compromised.

    ReallyFrustratd said:
    also please elaborate on the second option
    IP Sec rule applies to end to end encryption, it takes a bit more than just setting up firewall rule.
    See 2 links:
    https://docs.microsoft.com/en-us/win...ire-encryption
    https://docs.microsoft.com/en-us/win...by-using-ikev2

    ReallyFrustratd said:
    also if "Smith" will be logged out wouldent that mean he got entry? im trying to prevent that from happening for anyone/everyone except "John" thought Group Policies were the go to for this
    During remote session only one user may logged on, so if "John" connects to server while you're logged in then you're out to log in screen and before this happens you'll see a message, and that's how you know somebody is connecting.

    At least that's how it works on Windows 10, on server you may be able to go other way around, example:
    How can I enable multiple users login at a time in remote system? - Super User
    https://docs.microsoft.com/en-us/win...ices/rds-roles

    This all applies only to Remote Desktop that is part of Windows, not some other 3rd party remote desktop programs.
    If you're afraid of hackers remoting into your computer none of the told so far will help.
      My Computer


  5. Posts : 65
    WINDOWS 10
    Thread Starter
       #5

    zebal said:
    Yes it should as long as your PC isn't already compromised.


    IP Sec rule applies to end to end encryption, it takes a bit more than just setting up firewall rule.
    See 2 links:
    https://docs.microsoft.com/en-us/win...ire-encryption
    https://docs.microsoft.com/en-us/win...by-using-ikev2



    During remote session only one user may logged on, so if "John" connects to server while you're logged in then you're out to log in screen and before this happens you'll see a message, and that's how you know somebody is connecting.

    At least that's how it works on Windows 10, on server you may be able to go other way around, example:
    How can I enable multiple users login at a time in remote system? - Super User
    https://docs.microsoft.com/en-us/win...ices/rds-roles

    This all applies only to Remote Desktop that is part of Windows, not some other 3rd party remote desktop programs.
    If you're afraid of hackers remoting into your computer none of the told so far will help.
    yeah im pretty paranoid about it, but at this point id settle for limiting RDC access to one specific user and nobody else
      My Computer

  6. zebal's Avatar
    Posts : 908
    Windows 10 Pro x64 20H2 (Build: 19042.867)
       #6

    Right now I don't know what kind of remote desktop service or program are we talking about?
    Is it RDP, teamviewer, vnc, something else?
      My Computer


  7. Posts : 65
    WINDOWS 10
    Thread Starter
       #7

    zebal said:
    Right now I don't know what kind of remote desktop service or program are we talking about?
    Is it RDP, teamviewer, vnc, something else?
    its the one built in windows, literally called Remote Desktop ConnectionHow do you limit Remote Desktop Connection access to one outside user?-rdp.png
      My Computer

  8. zebal's Avatar
    Posts : 908
    Windows 10 Pro x64 20H2 (Build: 19042.867)
       #8

    On target computer where you want to limit RDP to single person (that is local user), open up firewall advanced properties, locate "Remote desktop" inbound rule, double click it, and specify "local users" property to which this rule should apply.

    That's it, next step is to test it.

    - - - Updated - - -

    btw. if your firewall is managed trough GPO, you should modify rule in GPO firewall instead.
    however if it's managed within AD by network administrator then it could be easily overridden, ex. by another "allow" rule.
      My Computer


  9. Posts : 65
    WINDOWS 10
    Thread Starter
       #9

    zebal said:
    On target computer where you want to limit RDP to single person (that is local user), open up firewall advanced properties, locate "Remote desktop" inbound rule, double click it, and specify "local users" property to which this rule should apply.

    That's it, next step is to test it.

    - - - Updated - - -

    btw. if your firewall is managed trough GPO, you should modify rule in GPO firewall instead.
    however if it's managed within AD by network administrator then it could be easily overridden, ex. by another "allow" rule.
    but the user is external, as in not local network, or am I overthinking the term Local?
      My Computer

  10. zebal's Avatar
    Posts : 908
    Windows 10 Pro x64 20H2 (Build: 19042.867)
       #10

    It doesn't matter from where they are connecting, because in order for them to connect they need to do so by specifying local Administrator account username/password.

    Which one of the local accounts is used for RDP?

    - - - Updated - - -

    Unless I'm wrong on how RDP over internet or intranet works?
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:52.
Find Us




Windows 10 Forums