0

I have added an inbound rule for port 3389 to allow rdp access only for certain remote ip's. Even after doing so, i am able to rd my server from an ip that is not added in the rule. Please guide me why is this happening.?

shiva
  • 33
  • 1
  • 2
  • 7
  • please help me out if i am missing something. – shiva Nov 06 '13 at 10:51
  • More detail needed. Where did you create this rule, in the Windows firewall? If so, what network profile does the server use? What network profile is the rule for? – joeqwerty Nov 06 '13 at 15:00

2 Answers2

2

You created a new rule which opened port 3389 for specific IP addresses, which is what you want, however you ignored the existing rules for RDP which were enabled when you enabled RDP in the GUI.

You have two options:

A: Keep your own rule and disable the built-in rules, in PowerShell:

Disable-NetFirewallRule -Name RemoteDesktop-UserMode-In-TCP
Disable-NetFirewallRule -Name RemoteDesktop-UserMode-In-UDP

B: Don't use your own rule, but restrict the built-in rules, again in PowerShell:

Set-NetFirewallRule -Name RemoteDesktop-UserMode-In-TCP -RemoteAddress "192.168.1.0/24","192.168.2.55"
Set-NetFirewallRule -Name RemoteDesktop-UserMode-In-UDP -RemoteAddress "192.168.1.0/24","192.168.2.55"

Both options should allow the specified addresses to do RDP, but block all others. I personally prefer the second option. The built-in rules are there for you to use, don't create your own rules unless you really have to.

Peter Hahndorf
  • 14,058
  • 3
  • 41
  • 58
  • sorry to confuse you all. I modified the built in rules it selves. I have specified certain list of ip's . But apart from these ip's i was able to to rdp from other ip's as well. I have added these rules under scope tab of inbound firewall rule – shiva Nov 07 '13 at 07:40
  • how can i ensure that only certain ip's have access to rdp and block other ip's. – shiva Nov 07 '13 at 08:06
0

Under Control Panel -> System Security -> System, click on Remote Settings and make sure the "Dont allow connections to this computer" is not ticked

Phil
  • 3,168
  • 1
  • 22
  • 29
  • How does this relate to the question? Shiva wants to limit RDP to certain IPs, which is something you can't not do in the system control panel. – Peter Hahndorf Nov 06 '13 at 12:43