Block remote desktop


Is there a way we can block the remote desktop application through group policy?

I dont want to block connections to computer just users being able to use rdp ...

Who is Participating?
There is.

For your group policy, go to:

User Configuration --> Administrative Templates -> System --> Don't run specified windows applications.

Enable this and add mstsc.exe
go start administrative tools and open terminal service configuration and click connection from right side click RDC-Tcp and propertoes  then choose Remote Control and hack (Do not allow remote control).
Hi Stairpotato

Go with Springy's answer. The other two options will not help you as they relate directly to blocking remote desktop to the machine itself, something which you explained you still wanted enabled.
By blocking the application itself you will stop the user's ability to run the Terminal Services application, whilst still allowing administrators to access any of the machines themselves.
Depending on how used to Group Policies you are, I would first of all though, create a new Organisation Unit. Then right click on this, select Properties, and edit the Default Group Policy

"User Configuration --> Administrative Templates -> System --> Don't run specified windows applications.

Enable this and add mstsc.exe"

Then move a couiple of machines into the new Organisational Unit and restart them, this way you can test the changes before making the change to all machines in the default OU, or you can move all the machines you want to protect into the new Group.

To use the computer's local group policy to disable Remote Desktop: Click Start, click Run, type gpedit.msc, and then click OK. In the Group Policy editor, click to expand Computer Configuration, click to expand Administrative Templates, click to expand Windows Components, and then click to expand Terminal Services. Double-click the Allow users to connect remotely using Terminal Services policy. Set the policy to Enabled, and then click OK.
You can also use the following procedure to disable Remote Desktop; however, if you use the preceding procedure, the following configuration is overridden: Right-click My Computer and click Properties. Click the Remote tab. In the Remote Desktop section, click to clear Allow users to connect remotely to this computer, and then click OK.
NOTE: Remote Desktop is disabled by default on Windows XP Professional.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.