How to block Filetransfer through RDP (Port 3389)?
For security reasons I have to restrict/disable file transfer via RDP (port 3389) from and to Remote Machines (Windows 10). Is the file transfer tunneled through port 3389, or can I safely prevent a file transfer by blocking port 139/445 SMB? A GPO would be too uncertain for me at this point.
I assume you are asking how to block copy/paste files from local PC to remote desktop (Windows 10) through RDP window directly. If yes, please config the group policy in remote desktop server (Windows 10).
- Launch "gpedit.msc", the Local Group Policy Editor will open.
- Navigate to "Computer Configuration" > "Administrative Templates" > "Windows Components" > "Remote Desktop Services" > "Remote Desktop Session Host" > "Device and Resource Redirection".
- Set "Do not allow Clipboard redirection" to "Enabled", Set "Do not allow drive redirection" to "Enabled".
If you also want to block SMB share file transfer, block client access these ports of server (Windows 10).
- UDP 137
- UDP 138
- TCP 139
- TCP 445