?
Solved

Disable Remote Desktop connection in windows 8.1

Posted on 2014-12-03
5
Medium Priority
?
517 Views
Last Modified: 2015-01-11
Dear All...
I need to find a way to prvent users on windows 8.1 to use remote desktop connection (mstsc,exe)
I need to be abe to connect to windows 8.1 laptops but the users can not do this from their laptops.

Is there any group policy, registry or tool anything that can do this
0
Comment
Question by:mostabdo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 20

Accepted Solution

by:
Peter Hutchison earned 2000 total points
ID: 40478319
You can use the following Group Policy to block users from running Remote Desktop Connection:
User (or Computer) Configuration
Policies
Windows Settings
Security Settings
Software Restriction Policies
  Security Levels
     Additional Rules
        New Hash Rule
          Browse for mstsc.exe and add it to the policy
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40478321
Sure! You can use Group Policy Restricted groups to control who can remote desktop into a computer. Here is a link that will get you started:

http://deployhappiness.com/managing-restricted-groups-with-group-policy/
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40478330
There are several, but the easiest is probably a simple firewall rule. Blocking outbound RDP connections is pretty straightforward, and of you use the built in firewall on Windows, can be done via group policy.

If you really want to lock down client machines and don't want them to even be able to launch RDC then a Software Restriction Policy or Applocker may be an option. But both are powerful and can have unintended consequences without careful planning and testing.

Of course, you can also simply not add them to any of the remote desktop groups and, while they can launch RDC, they would not have permissions to connect.

So there are a variety of options depending on the specifics of your environment and needed goals.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40479299
Blocking outbound port 3389 is not the same as blocking remote desktop connections, because the remote server could use a different listening port. You could block access to mstsc.exe using either ACLs (ntfs), or software restriction policies or applocker, all possible via GPO.

You could also block all outgoing traffic of mstsc.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40479450
Revisiting this, I wonder why I repeated so many of the comments that came in before - not my way, normally, sorry for that. I'd like to emphasize however that a real secure solution would need a clearer task definition, first.
Would you like to stop people (admins/non-admins?) from using mstsc or would you like to stop them connecting to remote desktop servers by any means (which would include alternate, maybe even portable rdp-clients)?
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question