-1

How can one verify if someone is connecting to their workstations (laptops) via RDP ? what policies govern such access? Can such policies be overruled by a local admin of a workstation?? if yes, how can one prevent this?

MadHatter
  • 79,770
  • 20
  • 184
  • 232
sunny babau
  • 1
  • 1
  • Does RDP via Chrome remote desktop, Loge me in, Team viewer etc., would be detected via the group policies? would the listed use same protocols to RDP to a workstation? as a local admin to their workstations can one disable a local group policy, such that network monitoring would not detect these?? – sunny babau May 24 '18 at 13:29

2 Answers2

1

  1. Disable remote desktop using Group Policy (Computer Configuration, Administrative templates, Windows components, Remote desktop Services, Remote desktop session host, Connections: Allow users to connect remotely using Remote Desktop Services = Disable)

  2. Block the RDP connections on Windows Firewall (Computer Configuration, Policies, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile: Windows Firewall: Allow inbound Remote Desktop exceptions = Disable).

  3. Don't give administrative access to your users (at least unless you can trust that they obey your policies).

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
1

You can use Windows Resource Monitor to verify if someone is connecting to your Windows workstation via RDP. The connection will show up with Local Port 3389 in the TCP Connections table of the Network tab and the remote machine will be identified by the IP address shown in the Remote Address column of the table.

smr
  • 11
  • 3
  • This only works on local machine for the current state. Therefore, it's not really useful if you need to monitor all the laptops all time. Some kind of alert would be better. – Esa Jokinen May 24 '18 at 07:56
  • Yeah, that's right. I think I mis-understood the question, looking at it from the users's rather than the administrator's point of view. – smr May 24 '18 at 08:00
  • True. This is Server Fault; Q/A site for professional sysadmins. – Esa Jokinen May 24 '18 at 08:01
  • On a workstation, this is even simpler: if someone else connects to your machine, you get kicked out. :-) – Harry Johnston May 24 '18 at 21:23