When connecting a windows machine via RDP using mstsc client, we have an option to share the local resources like printer, clipboard, etc. By this way we can able to share the local hard disk drives with the remote machine that we connect to. Upon connecting, our local drives are shown as the network drives on the remote computer. I noticed two app-ids are popping in the traffic logs during this transaction... ms-rdp and t.120..... Blocking either of the app-id is not letting me to even connect to the remote computer... Is there any way to block the resource sharing while just allowing the RDP alone?
... View more