2

I run some windows 2012 servers with my host, softlayer. Now they have a public and private network adapter. I want to disable RDP to the public IP. For server 2008, the steps are as follows:

http://knowledgelayer.softlayer.com/procedure/disabling-remote-desktop-your-public-network

I need to exactly the same thing in 2012, but for a start, tsconfig.msc is apparently removed. What can I do? Can Windows Firewall block RDP to the public IP? This has to exclude TMG etc.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
GurdeepS
  • 1,646
  • 5
  • 26
  • 33

3 Answers3

1

All of the old Terminal Services (TS) management tools are now done under Remote Desktop Management Server (RDMS). From what I can tell from my initial testing you can't really use this tool unless you actually install the RDMS role. I tried just adding the administrative tool for this service as an added feature but it doesn't show up in any of my normal locations, likely because the server itself was not installed. I could be wrong about this as I have not fully investigated but the point is moot.

You would really only want to use that tool for that purpose if you were actually running a multi-user RDP server. Even then you would only want to use it in rare cases where you have multiple NICs on the same network and you want to block it on one adapter but not all of them. Which even in that case there are likely better ways to do that.

I am guessing you are just trying to increase security by only allowing administrators to RDP in from private IPs on your network. In this case you should really just be using the firewall. At first this may seem confusing as you only want to block RDP connections on one network adapter and not on the other but yet the Windows firewall doesn't differentiate between different network adapters (just network profiles). However, if you consider that any IP addresses coming from your private network are going to be within a specified range then you should be able to setup a rule that only allows RDP from this specified range of IPs which would in turn block all RDP traffic from your public network adapter as you should never see an IP from the private IP range on that public network.

New Guy
  • 356
  • 2
  • 5
  • 13
1

You can do the same thing you did in 2008 in 2012 without the GUI. You just need to use WMI instead. I previously answered a very similar question here:

How to set the network interface for RDP in Windows Server 2012?

Community
  • 1
Ryan Bolger
  • 16,755
  • 4
  • 42
  • 64
-6

Check this link

http://winplat.net/post/2012/07/16/How-to-enable-Remote-Desktop-on-Windows-%E2%80%988%E2%80%99.aspx

I hope that help you in this case.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
amroesam
  • 1
  • 1
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. Also, this post does not answer the question. – Michael Hampton Dec 24 '12 at 20:08