You can restrict Remote Desktop access to your server either with an IP address or range of IP addresses using windows firewall, following the instructions below.
Create Firewall Rule
To maintain your existing Remote Desktop connection to the server an Allow rule needs to be created first, and the IP restriction rules added. Once these have been created the rule will then be switched to block all IPs specified in your restriction rules.
- Connect to your server via RDP.
- Open Windows Firewall with Advanced Security.
- Click on Inbound Rules in the left pane.
- In the Actions menu click on New Rule.
- Select the Port radio button and click Next.
6. Select the Specific local ports radio button and enter 3389 into the box
7. Click Next
8. Leave the Allow the connection radio button on the Action screen selected and click Next
9. On the Profile screen leave Domain, Private and Public checked and click Next.
10. On the Name screen give your new rule a name such as “CUSTOM RDP BLOCK”.
11. Click Finish.
The new firewall rule has now been created and the IP restrictions need to be added.
Creating Your IP Restrictions
- Right click on the new firewall rule you just created above and click properties
- Click on scope tab.
- Under the Remote IP address section select the These IP addresses option.
- Click the Add .. button
- Select either This IP address or you can use a range.
- If range is selected Enter your range into the from and To boxes.
7. Add IP ranges to allow all the IPs required.
8. When all your IP addresses/ ranges are entered click the OK button.
Your IP Restriction rules are now in place to allow all IP addresses outside of the addresses / ranges that were added. The Firewall rule now needs to be switched from Allow to Block.
Switch Firewall Rule From Allow to Block
- Right Click on your Firewall rule and select properties.
- On the General tab under the Action switch the radio button from Allow the connection to Block the connection.
- Click OK.
If you are still connected to the server via Remote Desktop after switching the Firewall rule to Block the connection your rule is working correctly.