Block remote desktop

Posted on 2010-01-05
Last Modified: 2013-11-30

Is there a way we can block the remote desktop application through group policy?

I dont want to block connections to computer just users being able to use rdp ...

Question by:stairpotato
    LVL 13

    Accepted Solution

    There is.

    For your group policy, go to:

    User Configuration --> Administrative Templates -> System --> Don't run specified windows applications.

    Enable this and add mstsc.exe
    LVL 5

    Expert Comment

    go start administrative tools and open terminal service configuration and click connection from right side click RDC-Tcp and propertoes  then choose Remote Control and hack (Do not allow remote control).
    LVL 4

    Expert Comment

    LVL 3

    Assisted Solution

    Hi Stairpotato

    Go with Springy's answer. The other two options will not help you as they relate directly to blocking remote desktop to the machine itself, something which you explained you still wanted enabled.
    By blocking the application itself you will stop the user's ability to run the Terminal Services application, whilst still allowing administrators to access any of the machines themselves.
    Depending on how used to Group Policies you are, I would first of all though, create a new Organisation Unit. Then right click on this, select Properties, and edit the Default Group Policy

    "User Configuration --> Administrative Templates -> System --> Don't run specified windows applications.

    Enable this and add mstsc.exe"

    Then move a couiple of machines into the new Organisational Unit and restart them, this way you can test the changes before making the change to all machines in the default OU, or you can move all the machines you want to protect into the new Group.

    LVL 10

    Expert Comment

    To use the computer's local group policy to disable Remote Desktop: Click Start, click Run, type gpedit.msc, and then click OK. In the Group Policy editor, click to expand Computer Configuration, click to expand Administrative Templates, click to expand Windows Components, and then click to expand Terminal Services. Double-click the Allow users to connect remotely using Terminal Services policy. Set the policy to Enabled, and then click OK.
    You can also use the following procedure to disable Remote Desktop; however, if you use the preceding procedure, the following configuration is overridden: Right-click My Computer and click Properties. Click the Remote tab. In the Remote Desktop section, click to clear Allow users to connect remotely to this computer, and then click OK.
    NOTE: Remote Desktop is disabled by default on Windows XP Professional.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free book by J.Peter Bruzzese, Microsoft MVP

    Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
    Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    This video discusses moving either the default database or any database to a new volume.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now