Posts Tagged ‘RDP’

Restricting RDP access to Azure virtual machines

By default, every VM you’v e created within Azure has RDP (Remote Desktop Protocol) on port 3389 enabled. You can access you VM from anywhere in the world.

You can restrict RDP access on just that IP addresses you want, so you can limit the access. So for example, you can limit your company IP address and maybe you home address to access the specific VM in Azure.

To restrict access, I’ve created a NSG (Network Seciruty Group) with the following configuration:

1.) Create a new Inbound security rule with a priority of 4095 (every digit below the default of 65000 is fine!!)
2.) Configure the following rule:

Priority: 4096
Name: Deny-RDP-Access
Source: Service Tag
Source service tag: Internet
Source port ranges: *
Destination: VirtualNetwork
Destination port ranges: 3389
Protocol: TCP
Action: Deny

3.) Configure a second rule:

Priority: 4095
Name: Allow-RDP-Access
Source: IP Addressess
Source IP Addressess/CIDR ranges: YOUR IP ADDRESSESS
Source port ranges: *
Destination: Any
Destination port ranges: 3389
Protocol: TCP
Action: Allow

image

Now you can test your new configuration. RDP access is only allowed from your custom IP addressess!!

How to: Enable RDP during Task Sequence with SCCM 2012 R2

I quiet often receive the question how to enable Remote Desktop (RDP) access on a server during a task sequence in SCCM 2012 or 2012 R2. Because by default RDP is not enabled, it could be realy handy to enable RDP access to control your server remotely. There’re a whole bunch of tools to manage your server(s) remotely, but still RDP could be ncessary.

1.) Create a new package with the source location to your script directory.
2.) Create a new package with a program and use the following command:
Powershell.exe -ExecutionPolicy Unrestricted -NoProfile -File Enable-RDP.ps1
3.) The PowerShell script ‘Enable-RDP.ps1’ contains the following code. See in this post below.
4.) Insert the script in your task sequence

##
## Enable RDP
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0
##
## Enable Firewall Rule
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
##
## Enable RDP Authentication
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0

2015-11-27_09h03_02    2015-11-27_09h03_21    2015-11-27_09h34_03

How to: Remove “Connect to a remote PC” in RDS 2012 R2

When you deploy a Remote Desktop Services (RDS) environment and you’re going to use also RDS Web Access, the default website (RDWeb) contains some features that you’re maybe not going to use. For example “Connect to a remote PC”. This features gives the user te ability to connect to a remote computer using Remote Desktop Protocol (RDP).

I want to remove this option from my RDWeb website. This is a realy easy job in Windows RDS 2012 R2. Without hacking some files or running custom script, within a few seconds the option is gone!

1.) Open the Internet Information Services (IIS) Management Console
2.) Navigate to “Sites / Default Web Site / RDWeb / Pages” and select “Application Settings” in the right pane
3.) Navigate to “ShowDesktops” and change this value from true to false
4.) The new value is immediately live!
5.) As you can see, the option is gone now…

2015-10-19_15h42_13    2015-10-19_15h42_53    2015-10-19_15h43_25

2015-10-19_15h44_58    2015-10-19_15h45_51