• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

Block only incoming XP RDP sessions

Is there a way to block incoming XP RDP connections? We have some users who connect from home or elsewhere to PCs running HVAC controls in the off hours rather than drive in to see what the issue is. Most do have a post-XP OS but I want to keep XP out. I know I can set NLA authentication but that still allows XP SP3 in.

Any other way to do this? They don't always connect from the same PC so an IP filter would not work. I have done some reading on NAP, but that does not look so simple to implement.
0
LarryDAH
Asked:
LarryDAH
  • 4
  • 4
  • 2
2 Solutions
 
insidetechCommented:
This would be a workaround to the exclusion of the XP clients.
Change the RDP  default port number on the hosts and make the appropriate change for all the NON XP clients.
This way, only the "chosen" ones will connect.
0
 
LarryDAHAuthor Commented:
We have to provide access for these guys so they are the 'chosen' already, I cannot force them to upgrade their home PCs or stay of XP PCs they come across elsewhere that they want to remote in with so I am looking for a way to block XP from connecting by RDP.
0
 
SandeepSr System AdministratorCommented:
You mean to say they only should able to connect via RDP from Office? and not from Home??

If not then why not block all the RDP sessions for the said PC?

https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rdesktop_disable.mspx?mfr=true
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LarryDAHAuthor Commented:
No, they need to RDP from home to their work PC, but I want to block them if they still are running XP.
0
 
SandeepSr System AdministratorCommented:
Now I understood what you exactly want. But sorry to day I don't think such changes can be done to identify the requests are coming from which machine etc?
0
 
insidetechCommented:
I am curious, what is so bad about the XP that would cause you to deny the access?
As far as I know, once the RDP connection is complete the client PC is completly isolated from the host.
I take it that you can not trust the users to follow instructions by telling them to NOT use remote access if they have an XP, but you trust them to access the corporate PC with non XP computers?
0
 
LarryDAHAuthor Commented:
Well, I have to trust them to a certain extent, at work or at home, otherwise we would give them all pencils and legal pads to do their job. And I can tell them to not use XP to remote in but when it comes to an alert at 2 am and the choice is drive 30 miles into town or log in with XP to see why the temp in a storage area is 81 degrees and not 80 degrees, I am pretty sure they would just log in.

There are some exploits out there that use RDP and I have no way of knowing how  well patched these home PCs are, if AV is installed and up to date, etc.

If they couldn't use XP to remote in now that it has been dropped by MS then that puts the onus on them to update or replace their PC, not on me to hope that it is safe to connect.
0
 
insidetechCommented:
Take a look at http://www.splashtop.com

It is a fantastic product, it offers a better granularity of the user access and also you will have a log of the users access. Even though they do not have an option to block specific OS clients the security of the connection is far more strict and it may eliminate your security concern with the XP.
0
 
insidetechCommented:
Further with the Splashtop solution your remote workers would be able to safely remote in using their hand held devices so your overall response should be much better and your remote access would be truly OS independent.
0
 
LarryDAHAuthor Commented:
We are doing a demo of Spashtop and I like it so far...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now