Binding the RDP listener to 127.0.0.1 only

windows remote-desktop rdp windows-terminal-services terminal-server

I'm trying to bind the remote desktop listener to 127.0.0.1 on Windows Server 2003 Enterprise.

I tried tscc.msc but it only lets you choose a certain physical adapter.

Also by quickly glancing over HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp I couldn't find any setting that seemed to do the trick.

Is this impossible after all?


Solution 1:

Why would you want to only have it listen on 127.0.0.1? That would make you take over your own session which would then lock the machine.

I'm not sure if you can bind RDP to listen on only IP. I would imagine that you can't. You best option will probably be using Windows firewall to prevent access to port 3389 on all IPs other than 127.0.0.1.

Solution 2:

Binding the RDP listeners to localhost can also be a cheap way to enable multiple concurrent sessions stemming from a single console session.

I'm guessing you want the localhost functionality, not strictly wanting 127.0.0.1. I'm also guessing that you don't want to expose the adapter to the network.

If you're still wanting to do this, I can think of the below method:

  1. Install a local loopback network adapter. (See here.)
  2. Configure the RDP Listener to bind only on the loopback network adapter. In Server2K8 and higher, this will be possible via the tsconfig.msc snap-in. I've never tried in Server2k3 but that should be a similar procedure. (I can go in more details about the configuring the registry if needed.)

From there, you'll be able to RDP to the loopback adapter using its link-local address.

Solution 3:

I was able to resolve my issue by doing the following: Start, Run, MMC

MMC: add Terminal Server Configuration

Enable RDP_TCP

Right on The RDP-TCP

Click on Properties

Click on the Network Adapter Tab

Bind the new Vmware Adapter

Solution 4:

binding to localhost is very common for several services under linux. so you can ssh to the box and forward ports to your ManagementClient.

The reason is simple: security.

I'm not using windows server, so I have no idea to configure this service. But blocking via windows firewall sound good.

EDIT:

Here is a link how this can be done: www-css.fnal.gov/csi/win-firewall/win-firewall.html

Related

TLabel and TGroupbox Captions Flicker on Resize
Same SSL for multiple domains
How to diagnose "Internet explorer cannot display the webpage"
Android HTML.fromHTML() with images?
Is there a robust, low-hassle solution for "port-knocking" based protection of SSH ports?
Raid rebuild performance impact
Should ServiceStack be the service layer in an MVC application or should it call the service layer?
What access right is required to rename a computer
Custom MKAnnotation callout bubble with button
e2fsck aborts: memory allocation failed
dkimproxy unable to read private key
Fetch Contacts in iOS 7