Re: Preventing RDT connection from outside

---

• From: "Julian M Dragut" <julian@xxxxxxxxxxxxxxxxxx>
• Date: Tue, 6 Mar 2007 21:41:49 -0500

---

Moreover, you can change the RDP to listen no a non typical TCP port.

--
Julian M Dragut
www.networkmanager.org
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OR1UGnBYHHA.1240@xxxxxxxxxxxxxxxxxxxxxxx

Tcp 3389 available or not controls basic access.

If you take a look at the accounts in the Administrators group
and take control of them all (change passwords on _all_ of
them, but watch out for services and scheduled tasks that may
run as one of them). There are more ways than just RDC login
that can be used to impact a system if it exposes the needed
ports on the network.

In the Administrative Tools there is a Terminal Services Config
utility (you may need to install the adminpak). Once within it
on the connections tab (I think) you will see listed at the right
the RDP connectoid. If you right click on this and select properties
then in the prop dialog there is a security/permissions tab which
will probably show Administrators and Terminal Service Users.
You are wanting to remove Administrators and replace it with
a custom group that includes the accounts that should be allowed
the level granted to Administrators.

Roger
"???" <Max.Mokeyev@xxxxxxxxx> wrote in message
news:1173117069.676363.126810@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Our SysAdmin flew off the handle and we are in the proccess of
securing our stuff. I know he uses Remote Desktop to administer the
server remotely. How do I prevent access to RDT from outside of the
local network? (I still want to be able to access it from within to
administer the server here).

Thank you.

.

---

• References:
  • Preventing RDT connection from outside
    • From: Мах
  • Re: Preventing RDT connection from outside
    • From: Roger Abell [MVP]

• Prev by Date: Re: Where is Local Group Assignment Stored?
• Next by Date: Re: Installing Enterprise Root CA
• Previous by thread: Re: Preventing RDT connection from outside
• Next by thread: Where is Local Group Assignment Stored?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Membership in Admin groups resets Send As permissions - Blackberry ... those protected groups having Send As rights. ... Why would Microsoft put a change this drastic ... it so that Administrators CANNOT use Blackberry's. ... Also, this basically forces any admin to have 2 accounts, otherwise they ... (microsoft.public.exchange.admin) Re: Membership in Admin groups resets Send As permissions - Blackberry ... those protected groups having Send As rights. ... Why would Microsoft put a change this drastic ... it so that Administrators CANNOT use Blackberry's. ... Also, this basically forces any admin to have 2 accounts, otherwise they ... (microsoft.public.exchange.admin) Re: Adding a password to a reminder? ... Outlook 2002, XP ProSP2. ... You need to set up multiple user accounts - but this is really no big deal, ... and set the NTFS security appropriately so that administrators & system have ... as profiles sometimes get corrupted and I ... (microsoft.public.outlook) Re: Setting Permissions for Hard Drive ... "Security" tab. ... user accounts on the computer. ... disable simple file sharing in order to have access to the ... Give Full Control permissions to the Administrators group as ... (microsoft.public.windowsxp.configuration_manage) Re: Administrators cannot access System Folders ... would be multiple accounts on the computer. ... Registry scan doesn't reveal any blatent issues. ... Check the file and folder permissions on a folder they cannot access. ... group) and that administrators have access to the folders in question ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)