Block only incoming XP RDP sessions
Is there a way to block incoming XP RDP connections? We have some users who connect from home or elsewhere to PCs running HVAC controls in the off hours rather than drive in to see what the issue is. Most do have a post-XP OS but I want to keep XP out. I know I can set NLA authentication but that still allows XP SP3 in.
Any other way to do this? They don't always connect from the same PC so an IP filter would not work. I have done some reading on NAP, but that does not look so simple to implement.
Any other way to do this? They don't always connect from the same PC so an IP filter would not work. I have done some reading on NAP, but that does not look so simple to implement.
ASKER
We have to provide access for these guys so they are the 'chosen' already, I cannot force them to upgrade their home PCs or stay of XP PCs they come across elsewhere that they want to remote in with so I am looking for a way to block XP from connecting by RDP.
You mean to say they only should able to connect via RDP from Office? and not from Home??
If not then why not block all the RDP sessions for the said PC?
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rdesktop_disable.mspx?mfr=true
If not then why not block all the RDP sessions for the said PC?
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rdesktop_disable.mspx?mfr=true
ASKER
No, they need to RDP from home to their work PC, but I want to block them if they still are running XP.
Now I understood what you exactly want. But sorry to day I don't think such changes can be done to identify the requests are coming from which machine etc?
I am curious, what is so bad about the XP that would cause you to deny the access?
As far as I know, once the RDP connection is complete the client PC is completly isolated from the host.
I take it that you can not trust the users to follow instructions by telling them to NOT use remote access if they have an XP, but you trust them to access the corporate PC with non XP computers?
As far as I know, once the RDP connection is complete the client PC is completly isolated from the host.
I take it that you can not trust the users to follow instructions by telling them to NOT use remote access if they have an XP, but you trust them to access the corporate PC with non XP computers?
ASKER
Well, I have to trust them to a certain extent, at work or at home, otherwise we would give them all pencils and legal pads to do their job. And I can tell them to not use XP to remote in but when it comes to an alert at 2 am and the choice is drive 30 miles into town or log in with XP to see why the temp in a storage area is 81 degrees and not 80 degrees, I am pretty sure they would just log in.
There are some exploits out there that use RDP and I have no way of knowing how well patched these home PCs are, if AV is installed and up to date, etc.
If they couldn't use XP to remote in now that it has been dropped by MS then that puts the onus on them to update or replace their PC, not on me to hope that it is safe to connect.
There are some exploits out there that use RDP and I have no way of knowing how well patched these home PCs are, if AV is installed and up to date, etc.
If they couldn't use XP to remote in now that it has been dropped by MS then that puts the onus on them to update or replace their PC, not on me to hope that it is safe to connect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are doing a demo of Spashtop and I like it so far...
Change the RDP default port number on the hosts and make the appropriate change for all the NON XP clients.
This way, only the "chosen" ones will connect.