05-23-2013 10:22 PM
When connecting a windows machine via RDP using mstsc client, we have an option to share the local resources like printer, clipboard, etc. By this way we can able to share the local hard disk drives with the remote machine that we connect to. Upon connecting, our local drives are shown as the network drives on the remote computer. I noticed two app-ids are popping in the traffic logs during this transaction... ms-rdp and t.120..... Blocking either of the app-id is not letting me to even connect to the remote computer... Is there any way to block the resource sharing while just allowing the RDP alone?
05-23-2013 10:38 PM
The Remote Desktop protocol is encrypted so granular control over specific functions within the session is not possible from the firewall. You will need to utilize group policies on the server side machine to disallow drive mapping from the client.
05-23-2013 10:38 PM
The Remote Desktop protocol is encrypted so granular control over specific functions within the session is not possible from the firewall. You will need to utilize group policies on the server side machine to disallow drive mapping from the client.
05-24-2013 06:13 AM
What kfindlen said is completely true.
Another way we have restricted resource sharing (for servers/workstations that are not necessarily members of the same domain) is to use Microsoft's "Remote Desktop Gateway" service.
http://technet.microsoft.com/en-us/library/dd560672.aspx
Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway (TS Gateway), is a role service in the Remote Desktop Services server role included with Windows Server® 2008 R2 that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers and virtual desktops with Remote Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and internal network resources.
Basically at the firewall you only allow RDP connections to the RDP gateway, and at the RDP gateway you can granularly control what resource sharing is allowed or disallowed.
Microsoft's RDP client natively supports the RDP gateway feature as well.
05-28-2013 01:31 AM
Thank you for the post. Can we utilize the Remote Desktop Gateway service for RDP between end systems. For example I am having two lab networks which needs RDP between each other. Each has about 250+ computers. Can we utilize the RDP Gateway service for this setup?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
