Solved

Disable Remote Desktop connection in windows 8.1

Posted on 2014-12-03
5
445 Views
Last Modified: 2015-01-11
Dear All...
I need to find a way to prvent users on windows 8.1 to use remote desktop connection (mstsc,exe)
I need to be abe to connect to windows 8.1 laptops but the users can not do this from their laptops.

Is there any group policy, registry or tool anything that can do this
0
Comment
Question by:mostabdo
5 Comments
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40478319
You can use the following Group Policy to block users from running Remote Desktop Connection:
User (or Computer) Configuration
Policies
Windows Settings
Security Settings
Software Restriction Policies
  Security Levels
     Additional Rules
        New Hash Rule
          Browse for mstsc.exe and add it to the policy
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40478321
Sure! You can use Group Policy Restricted groups to control who can remote desktop into a computer. Here is a link that will get you started:

http://deployhappiness.com/managing-restricted-groups-with-group-policy/
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40478330
There are several, but the easiest is probably a simple firewall rule. Blocking outbound RDP connections is pretty straightforward, and of you use the built in firewall on Windows, can be done via group policy.

If you really want to lock down client machines and don't want them to even be able to launch RDC then a Software Restriction Policy or Applocker may be an option. But both are powerful and can have unintended consequences without careful planning and testing.

Of course, you can also simply not add them to any of the remote desktop groups and, while they can launch RDC, they would not have permissions to connect.

So there are a variety of options depending on the specifics of your environment and needed goals.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40479299
Blocking outbound port 3389 is not the same as blocking remote desktop connections, because the remote server could use a different listening port. You could block access to mstsc.exe using either ACLs (ntfs), or software restriction policies or applocker, all possible via GPO.

You could also block all outgoing traffic of mstsc.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40479450
Revisiting this, I wonder why I repeated so many of the comments that came in before - not my way, normally, sorry for that. I'd like to emphasize however that a real secure solution would need a clearer task definition, first.
Would you like to stop people (admins/non-admins?) from using mstsc or would you like to stop them connecting to remote desktop servers by any means (which would include alternate, maybe even portable rdp-clients)?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Creating a Vendor Admin user 23 54
SharePoint Explorer Folder Access 4 36
EXCHANGE, ACTIVE DIRECTORY 1 32
Changing passwords 3 21
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question