Disable Windows Remote Desktop (RDP) on the Public Network (Windows 2003-2008)

Overview

Devices running on Windows systems offer a Remote Desktop (RDP) application which allows users to connect to systems remotely. By default, Windows 2003 and 2008 systems allow for RDP connections to occur on both public and private networks. With public network remote access enabled, systems are vulnerable, as they can be reached by anyone with access to the public network. Disabling RDP access from the public network ensures only those with access to the private network may reach systems using RDP. Follow the steps below to disable RDP on the public network.

Disable RDP on the Public Network

  1. Access the Private Network over VPN.
  2. Log into the server's Private IP Address through RDP.
  3. Click the Start button.
  4. Type tsconfig.msc in the Search box and press Enter to launch the Remote Desktop Session Host Configuration window.
  5. Double click RDP-Tcp in the Connections section to open the RDP-Tcp Properties windows.
  6. Select the Network Adapter tab.
  7. Change the Network adapter drop down list to display the private network interface of the device.
    Note: By default, the Network Adapter is set to All network adapters configured with this protocol, which includes adapters on both the public and private networks. The private network interface is generally indicated with the word "Private" or with "adapter #0".
  8. Click the OK button to update the Network Adapter.
  9. Reboot the device to launch the device with the updated setting.
  10. Attempt to connect to the device on the public network through RDP to ensure the changes to the device were successful.

    If the connection...Then...
    Cannot be madeChanges made to RDP accessibility were successful. No further action is required.
    Can be madeChanges made to the RDP accessibility were not successful. Repeat the steps above to retry RDP access over the public network. If issues persist, please contact Support.

What Happens Next

After successfully disabling RDP accessibility over the public network, users will be unable to access the device through RDP when not connecting over the private network. This action may be reversed at any time by repeating the steps above and returning the Network adapter drop down list to display All network adapters configured with this protocol.