Solved

Block only incoming XP RDP sessions

Posted on 2014-04-16
10
358 Views
Last Modified: 2014-05-02
Is there a way to block incoming XP RDP connections? We have some users who connect from home or elsewhere to PCs running HVAC controls in the off hours rather than drive in to see what the issue is. Most do have a post-XP OS but I want to keep XP out. I know I can set NLA authentication but that still allows XP SP3 in.

Any other way to do this? They don't always connect from the same PC so an IP filter would not work. I have done some reading on NAP, but that does not look so simple to implement.
0
Comment
Question by:LarryDAH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 6

Expert Comment

by:insidetech
ID: 40004245
This would be a workaround to the exclusion of the XP clients.
Change the RDP  default port number on the hosts and make the appropriate change for all the NON XP clients.
This way, only the "chosen" ones will connect.
0
 

Author Comment

by:LarryDAH
ID: 40004403
We have to provide access for these guys so they are the 'chosen' already, I cannot force them to upgrade their home PCs or stay of XP PCs they come across elsewhere that they want to remote in with so I am looking for a way to block XP from connecting by RDP.
0
 
LVL 12

Expert Comment

by:Sandeep
ID: 40004503
You mean to say they only should able to connect via RDP from Office? and not from Home??

If not then why not block all the RDP sessions for the said PC?

https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rdesktop_disable.mspx?mfr=true
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:LarryDAH
ID: 40004516
No, they need to RDP from home to their work PC, but I want to block them if they still are running XP.
0
 
LVL 12

Expert Comment

by:Sandeep
ID: 40004532
Now I understood what you exactly want. But sorry to day I don't think such changes can be done to identify the requests are coming from which machine etc?
0
 
LVL 6

Expert Comment

by:insidetech
ID: 40004536
I am curious, what is so bad about the XP that would cause you to deny the access?
As far as I know, once the RDP connection is complete the client PC is completly isolated from the host.
I take it that you can not trust the users to follow instructions by telling them to NOT use remote access if they have an XP, but you trust them to access the corporate PC with non XP computers?
0
 

Author Comment

by:LarryDAH
ID: 40004583
Well, I have to trust them to a certain extent, at work or at home, otherwise we would give them all pencils and legal pads to do their job. And I can tell them to not use XP to remote in but when it comes to an alert at 2 am and the choice is drive 30 miles into town or log in with XP to see why the temp in a storage area is 81 degrees and not 80 degrees, I am pretty sure they would just log in.

There are some exploits out there that use RDP and I have no way of knowing how  well patched these home PCs are, if AV is installed and up to date, etc.

If they couldn't use XP to remote in now that it has been dropped by MS then that puts the onus on them to update or replace their PC, not on me to hope that it is safe to connect.
0
 
LVL 6

Accepted Solution

by:
insidetech earned 500 total points
ID: 40004633
Take a look at http://www.splashtop.com

It is a fantastic product, it offers a better granularity of the user access and also you will have a log of the users access. Even though they do not have an option to block specific OS clients the security of the connection is far more strict and it may eliminate your security concern with the XP.
0
 
LVL 6

Assisted Solution

by:insidetech
insidetech earned 500 total points
ID: 40004643
Further with the Splashtop solution your remote workers would be able to safely remote in using their hand held devices so your overall response should be much better and your remote access would be truly OS independent.
0
 

Author Closing Comment

by:LarryDAH
ID: 40038175
We are doing a demo of Spashtop and I like it so far...
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote access software other than RDP 10 51
VIRTUAL NETWORKING 3 96
Autorun Remote Desktop - USB Stick 6 83
Mapping Local Resources to 2016 RDP Server 4 24
cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question