?
Solved

Block only incoming XP RDP sessions

Posted on 2014-04-16
10
Medium Priority
?
362 Views
Last Modified: 2014-05-02
Is there a way to block incoming XP RDP connections? We have some users who connect from home or elsewhere to PCs running HVAC controls in the off hours rather than drive in to see what the issue is. Most do have a post-XP OS but I want to keep XP out. I know I can set NLA authentication but that still allows XP SP3 in.

Any other way to do this? They don't always connect from the same PC so an IP filter would not work. I have done some reading on NAP, but that does not look so simple to implement.
0
Comment
Question by:LarryDAH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 6

Expert Comment

by:insidetech
ID: 40004245
This would be a workaround to the exclusion of the XP clients.
Change the RDP  default port number on the hosts and make the appropriate change for all the NON XP clients.
This way, only the "chosen" ones will connect.
0
 

Author Comment

by:LarryDAH
ID: 40004403
We have to provide access for these guys so they are the 'chosen' already, I cannot force them to upgrade their home PCs or stay of XP PCs they come across elsewhere that they want to remote in with so I am looking for a way to block XP from connecting by RDP.
0
 
LVL 12

Expert Comment

by:Sandeep
ID: 40004503
You mean to say they only should able to connect via RDP from Office? and not from Home??

If not then why not block all the RDP sessions for the said PC?

https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rdesktop_disable.mspx?mfr=true
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:LarryDAH
ID: 40004516
No, they need to RDP from home to their work PC, but I want to block them if they still are running XP.
0
 
LVL 12

Expert Comment

by:Sandeep
ID: 40004532
Now I understood what you exactly want. But sorry to day I don't think such changes can be done to identify the requests are coming from which machine etc?
0
 
LVL 6

Expert Comment

by:insidetech
ID: 40004536
I am curious, what is so bad about the XP that would cause you to deny the access?
As far as I know, once the RDP connection is complete the client PC is completly isolated from the host.
I take it that you can not trust the users to follow instructions by telling them to NOT use remote access if they have an XP, but you trust them to access the corporate PC with non XP computers?
0
 

Author Comment

by:LarryDAH
ID: 40004583
Well, I have to trust them to a certain extent, at work or at home, otherwise we would give them all pencils and legal pads to do their job. And I can tell them to not use XP to remote in but when it comes to an alert at 2 am and the choice is drive 30 miles into town or log in with XP to see why the temp in a storage area is 81 degrees and not 80 degrees, I am pretty sure they would just log in.

There are some exploits out there that use RDP and I have no way of knowing how  well patched these home PCs are, if AV is installed and up to date, etc.

If they couldn't use XP to remote in now that it has been dropped by MS then that puts the onus on them to update or replace their PC, not on me to hope that it is safe to connect.
0
 
LVL 6

Accepted Solution

by:
insidetech earned 2000 total points
ID: 40004633
Take a look at http://www.splashtop.com

It is a fantastic product, it offers a better granularity of the user access and also you will have a log of the users access. Even though they do not have an option to block specific OS clients the security of the connection is far more strict and it may eliminate your security concern with the XP.
0
 
LVL 6

Assisted Solution

by:insidetech
insidetech earned 2000 total points
ID: 40004643
Further with the Splashtop solution your remote workers would be able to safely remote in using their hand held devices so your overall response should be much better and your remote access would be truly OS independent.
0
 

Author Closing Comment

by:LarryDAH
ID: 40038175
We are doing a demo of Spashtop and I like it so far...
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question