Solved

Disable Remote Desktop connection in windows 8.1

Posted on 2014-12-03
5
464 Views
Last Modified: 2015-01-11
Dear All...
I need to find a way to prvent users on windows 8.1 to use remote desktop connection (mstsc,exe)
I need to be abe to connect to windows 8.1 laptops but the users can not do this from their laptops.

Is there any group policy, registry or tool anything that can do this
0
Comment
Question by:mostabdo
5 Comments
 
LVL 19

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40478319
You can use the following Group Policy to block users from running Remote Desktop Connection:
User (or Computer) Configuration
Policies
Windows Settings
Security Settings
Software Restriction Policies
  Security Levels
     Additional Rules
        New Hash Rule
          Browse for mstsc.exe and add it to the policy
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40478321
Sure! You can use Group Policy Restricted groups to control who can remote desktop into a computer. Here is a link that will get you started:

http://deployhappiness.com/managing-restricted-groups-with-group-policy/
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40478330
There are several, but the easiest is probably a simple firewall rule. Blocking outbound RDP connections is pretty straightforward, and of you use the built in firewall on Windows, can be done via group policy.

If you really want to lock down client machines and don't want them to even be able to launch RDC then a Software Restriction Policy or Applocker may be an option. But both are powerful and can have unintended consequences without careful planning and testing.

Of course, you can also simply not add them to any of the remote desktop groups and, while they can launch RDC, they would not have permissions to connect.

So there are a variety of options depending on the specifics of your environment and needed goals.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40479299
Blocking outbound port 3389 is not the same as blocking remote desktop connections, because the remote server could use a different listening port. You could block access to mstsc.exe using either ACLs (ntfs), or software restriction policies or applocker, all possible via GPO.

You could also block all outgoing traffic of mstsc.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40479450
Revisiting this, I wonder why I repeated so many of the comments that came in before - not my way, normally, sorry for that. I'd like to emphasize however that a real secure solution would need a clearer task definition, first.
Would you like to stop people (admins/non-admins?) from using mstsc or would you like to stop them connecting to remote desktop servers by any means (which would include alternate, maybe even portable rdp-clients)?
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
The goal of this Micro Tutorial is to help navigate beginning users with the app store on Windows 8. It will explain exciting features how to maximize your PC through these apps. This will be demonstrated using Windows 8 operating system.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question