Disable Remote Desktop connection in windows 8.1

Dear All...
I need to find a way to prvent users on windows 8.1 to use remote desktop connection (mstsc,exe)
I need to be abe to connect to windows 8.1 laptops but the users can not do this from their laptops.

Is there any group policy, registry or tool anything that can do this
mostabdoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
You can use the following Group Policy to block users from running Remote Desktop Connection:
User (or Computer) Configuration
Policies
Windows Settings
Security Settings
Software Restriction Policies
  Security Levels
     Additional Rules
        New Hash Rule
          Browse for mstsc.exe and add it to the policy
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joseph MoodyBlogger and wearer of all hats.Commented:
Sure! You can use Group Policy Restricted groups to control who can remote desktop into a computer. Here is a link that will get you started:

http://deployhappiness.com/managing-restricted-groups-with-group-policy/
0
Cliff GaliherCommented:
There are several, but the easiest is probably a simple firewall rule. Blocking outbound RDP connections is pretty straightforward, and of you use the built in firewall on Windows, can be done via group policy.

If you really want to lock down client machines and don't want them to even be able to launch RDC then a Software Restriction Policy or Applocker may be an option. But both are powerful and can have unintended consequences without careful planning and testing.

Of course, you can also simply not add them to any of the remote desktop groups and, while they can launch RDC, they would not have permissions to connect.

So there are a variety of options depending on the specifics of your environment and needed goals.
0
McKnifeCommented:
Blocking outbound port 3389 is not the same as blocking remote desktop connections, because the remote server could use a different listening port. You could block access to mstsc.exe using either ACLs (ntfs), or software restriction policies or applocker, all possible via GPO.

You could also block all outgoing traffic of mstsc.
0
McKnifeCommented:
Revisiting this, I wonder why I repeated so many of the comments that came in before - not my way, normally, sorry for that. I'd like to emphasize however that a real secure solution would need a clearer task definition, first.
Would you like to stop people (admins/non-admins?) from using mstsc or would you like to stop them connecting to remote desktop servers by any means (which would include alternate, maybe even portable rdp-clients)?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 8

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.