How to Block Remote Desktop Connection on Windows

How to Block Remote Desktop Connection on Windows? Step-by-Step Guide

/ Knowledgebase, Remote Desktop Protocol (RDP)

Blocking Remote Desktop Connection (RDP) can enhance your system’s security, especially if you don’t require remote access. In this guide, we’ll walk you through various methods of how to block Remote Desktop Connection on Windows systems, including Windows 10, Windows 11, and Windows Server editions.

Why Should You Block RDP?

Blocking RDP may be necessary for several reasons:

  • To prevent unauthorized access or brute-force attacks.
  • To comply with security policies that limit remote access.
  • To reduce exposure to malware or ransomware attacks.
  • If RDP is not required for your work environment, disabling it can improve security.

Methods How to Block Remote Desktop Connection

Here are the best methods to block RDP on your Windows computer or server:

1. Disable RDP Using System Settings

This method is the simplest way to disable RDP on individual computers.

Steps:

  • Press the bottom Win + I to open the Settings app.
  • Navigate to System > Remote Desktop.
  • Toggle the switch under Enable/On Remote Desktop to Off.
  • Confirm by clicking Confirm when prompted.

For Windows Server:

  1. Open Server Manager.
  2. Go to Local Server and locate the Remote Desktop option.
  3. Click the link that says Enabled and change it to Disabled.

2. Disable RDP Using Control Panel

For older Windows versions like Windows 7 or Windows Server 2012, disabling RDP via the Control Panel is effective.

Steps:

  1. Press bottom Win + R, type sysdm.cpl, and press Enter.
  2. Go to the Remote tab.
  3. Under Remote Desktop, select Don’t allow remote connections to this computer.
  4. Click Apply and then OK.

3. Block RDP Using Windows Firewall

Blocking RDP at the firewall level adds an extra layer of security and is suitable for both personal and enterprise environments.

Steps:

  1. Press bottom Win + R, type wf.msc, & press Enter.
  2. In the Windows Defender Firewall with Advanced Security window, select Inbound Rules in the left panel.
  3. Locate the rule named Remote Desktop (TCP-In) or Remote Desktop (UDP-In).
  4. Right-click each RDP rule, select Disable Rule, or choose Block the Connection in the properties window.

For additional security:

  • Create a custom firewall rule that blocks incoming traffic on TCP port 3389 (the default RDP port).

4. Disable RDP via Group Policy (For Enterprise Users)

This method is ideal for system administrators managing multiple machines in a domain environment.

Steps:

  1. Press bottom Win + R, type gpedit.msc, & press Enter.
  2. Navigate to:
    Desktop Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections
  3. Double-click allows users to connect remotely using RDP Services.
  4. Select Disabled, then click Apply and OK.

To enforce the policy immediately:

  • Run the command gpupdate /force in Command Prompt.

5. Disable RDP Using PowerShell

For automation or advanced users, PowerShell offers a powerful method to block RDP.

Steps:

  1. Open PowerShell as an administrator.
  2. Run the following command to disable RDP:
    Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 1
  3. To block RDP on the firewall as well, run:
    New-NetFirewallRule -Screen Name "Block RDP" -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Block

6. Change the RDP Port (Alternative Security Measure)

If disabling RDP is not an option, changing the default RDP port can help reduce attacks.

Steps:

  1. Press bottom Win + R, type regedit, & press Enter.
  2. Navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  3. Locate the PortNumber entry, right-click it, and choose Modify.
  4. Select Decimal and enter a new port number (e.g., 45211).
  5. Restart the computer to apply changes.

Note: After changing the RDP port, configure your firewall to allow connections only to the new port if necessary.

7. Disable RDP Services

For extreme security, disabling RDP services entirely can prevent accidental re-enablement.

Steps:

  1. Press bottom Win + R, type services.msc, & press Enter.
  2. Locate Remote Desktop Services in the list.
  3. Right-click the service, select Properties, and set Startup type to Disabled.
  4. Click Stop to end the current session immediately.

8. Use IP Restrictions to Limit RDP Access

Instead of completely blocking RDP, you can restrict RDP access to specific IP addresses.

Steps:

  1. Open Windows Firewall (wf.msc).
  2. Create a new inbound rule for Remote Desktop (TCP-In).
  3. In the Scope tab, specify the IP addresses allowed to connect.
  4. Click OK to apply the rule.

Conclusion

Blocking Remote Desktop Connection (RDP) is an effective way to enhance your system’s security, especially if remote access is not required. Whether you choose to disable RDP via settings, firewall rules, or PowerShell commands, implementing these steps will help protect your Windows computer or server from unauthorized access.

If you need selective RDP access, configuring IP restrictions or changing the default RDP port can also add a layer of security without disabling the feature entirely. By following these best practices, you can ensure your system remains secure and protected from cyber threats.

Related Posts

Scroll to Top