Restrict RDP Access by IP Address with Windows Firewall

You can restrict Remote Desktop access to your server either with an IP address or range of IP addresses using windows firewall, following the instructions below.

Create Firewall Rule

To maintain your existing Remote Desktop connection to the server an Allow rule needs to be created first, and the IP restriction rules added. Once these have been created the rule will then be switched to block all IPs specified in your restriction rules.

  1. Connect to your server via RDP.
  2. Open Windows Firewall with Advanced Security.
  3. Click on Inbound Rules in the left pane.
  4. In the Actions menu click on New Rule.
  5. Select the Port radio button and click Next.

Firewall1

6. Select the Specific local ports radio button and enter 3389 into the box

Firewall27. Click Next
8. Leave the Allow the connection radio button on the Action screen selected and click Next
9. On the Profile screen leave Domain, Private and Public checked and click Next.
10. On the Name screen give your new rule a name such as “CUSTOM RDP BLOCK”.
11. Click Finish.

The new firewall rule has now been created and the IP restrictions need to be added.

Creating Your IP Restrictions

  1. Right click on the new firewall rule you just created above and click properties
  2. Click on scope tab.
  3. Under the Remote IP address section select the These IP addresses option.
  4. Click the Add .. button
  5. Select either This IP address or you can use a range.
  6. If range is selected Enter your range into the from and To boxes.

ipaddress range

7. Add IP ranges to allow all the IPs required.

ipaddress scope

8. When all your IP addresses/ ranges are entered click the OK button.

Your IP Restriction rules are now in place to allow all IP addresses outside of the addresses / ranges that were added. The Firewall rule now needs to be switched from Allow to Block.

Switch Firewall Rule From Allow to Block

  1. Right Click on your Firewall rule and select properties.
  2. On the General tab under the Action switch the radio button from Allow the connection to Block the connection.
  3. Click OK.

If you are still connected to the server via Remote Desktop after switching the Firewall rule to Block the connection your rule is working correctly.

 

8 thoughts on “Restrict RDP Access by IP Address with Windows Firewall

  1. Accidentally deleted the remote IP addresses added. When applied for “Any IP address” option and switched back to the manual entries all went deleted. Is there any scope to retrieve the whole list???

        1. One thing I do is stick the IP’s in a notepad document then you have a reference to fall back to just encase some thing like this happens again.

  2. Works like a charm. it worked for both windows 2008 and 2016 servers. Thank you very much for your great help.

    1. Thanks for the comment, glad i could help… This works on anything that has the advanced windows firewall feature which is Windows 2008 r2 and above.

      Hemp

  3. Hemp, I’m guessing the same thing will work for the Windows FTP Server – but would I need to specify any ports other than 21?

    Thanks… Bruce

Leave a Reply

Your email address will not be published. Required fields are marked *