How to prevent logging directly onto a Session Host in an RDS Farm

Asked May 26 '17 at 16:20

Active May 26 '17 at 19:46

Viewed 759 times

I've setup an RDS farm in Windows Server 2016.

When using Remote Desktop Connection if I type in my connection broker computer name or IP it works as expected and redirects me to a session host.

However I've found that I can connect to a session host directly (by typing in the session host computer name or IP, and I'm not using the admin switch).

How do I prevent users from being able to logon directly to a session host like this, I want to ensure that they go through the broker.

I think I'm missing something but not sure what it is!

Thank you for any assistance it is most appreciated :)

Edit: @longneck Yes, the user I'm using is only a member of Domain Users and Remote Desktop Users. (can't comment as my reputation must be over 50)

edited May 26 '17 at 19:46

Benny Blanco

asked May 26 '17 at 16:20

user417419

Have you tried with an account that is not an admin? – longneck May 26 '17 at 16:29
1

That is not the intended design of Remote Desktop Connection Broker. The broker is intended to re-connect users to existing sessions, and load balancing. Preventing connections at the network layer is the function of your firewall/router/VLAN. – Greg Askew May 26 '17 at 16:47

How to prevent logging directly onto a Session Host in an RDS Farm

0 Answers0