Solved

Disable Remote Desktop connection in windows 8.1

Posted on 2014-12-03
5
429 Views
Last Modified: 2015-01-11
Dear All...
I need to find a way to prvent users on windows 8.1 to use remote desktop connection (mstsc,exe)
I need to be abe to connect to windows 8.1 laptops but the users can not do this from their laptops.

Is there any group policy, registry or tool anything that can do this
0
Comment
Question by:mostabdo
5 Comments
 
LVL 18

Accepted Solution

by:
Peter Hutchison earned 500 total points
ID: 40478319
You can use the following Group Policy to block users from running Remote Desktop Connection:
User (or Computer) Configuration
Policies
Windows Settings
Security Settings
Software Restriction Policies
  Security Levels
     Additional Rules
        New Hash Rule
          Browse for mstsc.exe and add it to the policy
0
 
LVL 21

Expert Comment

by:Joseph Moody
ID: 40478321
Sure! You can use Group Policy Restricted groups to control who can remote desktop into a computer. Here is a link that will get you started:

http://deployhappiness.com/managing-restricted-groups-with-group-policy/
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40478330
There are several, but the easiest is probably a simple firewall rule. Blocking outbound RDP connections is pretty straightforward, and of you use the built in firewall on Windows, can be done via group policy.

If you really want to lock down client machines and don't want them to even be able to launch RDC then a Software Restriction Policy or Applocker may be an option. But both are powerful and can have unintended consequences without careful planning and testing.

Of course, you can also simply not add them to any of the remote desktop groups and, while they can launch RDC, they would not have permissions to connect.

So there are a variety of options depending on the specifics of your environment and needed goals.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40479299
Blocking outbound port 3389 is not the same as blocking remote desktop connections, because the remote server could use a different listening port. You could block access to mstsc.exe using either ACLs (ntfs), or software restriction policies or applocker, all possible via GPO.

You could also block all outgoing traffic of mstsc.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40479450
Revisiting this, I wonder why I repeated so many of the comments that came in before - not my way, normally, sorry for that. I'd like to emphasize however that a real secure solution would need a clearer task definition, first.
Would you like to stop people (admins/non-admins?) from using mstsc or would you like to stop them connecting to remote desktop servers by any means (which would include alternate, maybe even portable rdp-clients)?
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now