Disable Remote Desktop connection in windows 8.1
Dear All...
I need to find a way to prvent users on windows 8.1 to use remote desktop connection (mstsc,exe)
I need to be abe to connect to windows 8.1 laptops but the users can not do this from their laptops.
Is there any group policy, registry or tool anything that can do this
I need to find a way to prvent users on windows 8.1 to use remote desktop connection (mstsc,exe)
I need to be abe to connect to windows 8.1 laptops but the users can not do this from their laptops.
Is there any group policy, registry or tool anything that can do this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There are several, but the easiest is probably a simple firewall rule. Blocking outbound RDP connections is pretty straightforward, and of you use the built in firewall on Windows, can be done via group policy.
If you really want to lock down client machines and don't want them to even be able to launch RDC then a Software Restriction Policy or Applocker may be an option. But both are powerful and can have unintended consequences without careful planning and testing.
Of course, you can also simply not add them to any of the remote desktop groups and, while they can launch RDC, they would not have permissions to connect.
So there are a variety of options depending on the specifics of your environment and needed goals.
If you really want to lock down client machines and don't want them to even be able to launch RDC then a Software Restriction Policy or Applocker may be an option. But both are powerful and can have unintended consequences without careful planning and testing.
Of course, you can also simply not add them to any of the remote desktop groups and, while they can launch RDC, they would not have permissions to connect.
So there are a variety of options depending on the specifics of your environment and needed goals.
Blocking outbound port 3389 is not the same as blocking remote desktop connections, because the remote server could use a different listening port. You could block access to mstsc.exe using either ACLs (ntfs), or software restriction policies or applocker, all possible via GPO.
You could also block all outgoing traffic of mstsc.
You could also block all outgoing traffic of mstsc.
Revisiting this, I wonder why I repeated so many of the comments that came in before - not my way, normally, sorry for that. I'd like to emphasize however that a real secure solution would need a clearer task definition, first.
Would you like to stop people (admins/non-admins?) from using mstsc or would you like to stop them connecting to remote desktop servers by any means (which would include alternate, maybe even portable rdp-clients)?
Would you like to stop people (admins/non-admins?) from using mstsc or would you like to stop them connecting to remote desktop servers by any means (which would include alternate, maybe even portable rdp-clients)?
http://deployhappiness.com/managing-restricted-groups-with-group-policy/