Drive sharing happens when connecting a windows machine via RDP using MSTC client. How to block that?

cancel
Showing results for 
Search instead for 
Did you mean: 

Drive sharing happens when connecting a windows machine via RDP using MSTC client. How to block that?

Not applicable

When connecting a windows machine via RDP using mstsc client, we have an option to share the local resources like printer, clipboard, etc. By this way we can able to share the local hard disk drives with the remote machine that we connect to. Upon connecting, our local drives are shown as the network drives on the remote computer. I noticed two app-ids are popping in the traffic logs during this transaction... ms-rdp and t.120..... Blocking either of the app-id is not letting me to even connect to the remote computer... Is there any way to block the resource sharing while just allowing the RDP alone?

1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

The Remote Desktop protocol is encrypted so granular control over specific functions within the session is not possible from the firewall.  You will need to utilize group policies on the server side machine to disallow drive mapping from the client.

View solution in original post

3 REPLIES 3

L4 Transporter

The Remote Desktop protocol is encrypted so granular control over specific functions within the session is not possible from the firewall.  You will need to utilize group policies on the server side machine to disallow drive mapping from the client.

View solution in original post

L4 Transporter

What kfindlen said is completely true.

Another way we have restricted resource sharing (for servers/workstations that are not necessarily members of the same domain) is to use Microsoft's "Remote Desktop Gateway" service.

http://technet.microsoft.com/en-us/library/dd560672.aspx

Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway (TS Gateway), is a role service in the Remote Desktop Services server role included with Windows Server® 2008 R2 that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers and virtual desktops with Remote Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and internal network resources.


Basically at the firewall you only allow RDP connections to the RDP gateway, and at the RDP gateway you can granularly control what resource sharing is allowed or disallowed.

Microsoft's RDP client natively supports the RDP gateway feature as well.

rd_gateway.jpg

Thank you for the post. Can we utilize the Remote Desktop Gateway service for RDP between end systems.  For example I am having two lab networks which needs RDP between each other. Each has about 250+ computers. Can we utilize the RDP Gateway service for this setup?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!