Windows 2008 R2 Server with 2 ip address, how to only enable RDP to one address

Question

As the title says we have a Windows 2008 R2 Server with 2 IP address. Currently, we can connect via RDP to both IP addresses, however, we want to block/disable RDP connections that attempt to connect to one of the addresses.

I've spent quite a while on Google and tried a few things in the Firewall and RDP Admin but can't work it out.

Any help appreciated.

Answer 1

If you have the IP addresses on different NIC's, you can bind the RDP listener to a specific NIC. If you have the IP addresses bound to the same NIC, you can set the firewall rules that should be able to accomplish what you want to get done.

1. Open the Windows Firewall MMC (wf.msc)
2. Select the Inbound Rules section
3. Get the properties of the Remote Desktop (TCP-In) rule
4. On the Scope tab, choose the option to select specific IP's in the "Local IP Address" secion.
5. Add the IP address that you want to allow RDP connections to connect to.

Obviously need to ensure the firewall is turned on and enabled and the rule applies to all profiles (or at least the profile that this would apply to).

Answer 2

See screenshot below. Basically, select the Adapter you want to use in Remote Desktop Session Host Configuration tool.

Answer 3

An alternative method for solving the problem, or in the case that your interfaces are separated into locations... ie (public and private)

You can follow the instructions of Rex:

• Open the Windows Firewall MMC (wf.msc)
• Select the Inbound Rules section
• Get the properties of the Remote Desktop (TCP-In) rule however, here, instead
• Click on the Advanced Tab
• Select the Networks you would like this rule to apply to, ie Private

This will make sure the rule is only applied to say your internal interface, rather than the external.

I am unsure as to whether this will null the rule out for the external interface, which may require the creation of a rule to explicity disallow connections to RDP