prevent users using remote desktop


Recommended Posts

Even if you blocked the exe from running, or blocked the port this will not actually stop anyone with half a brain ;)

Since they could just use vnc, or for that matter a java based remote desktop client, etc. Even if you block the ports, they could just use another one -- a required to be open port like 80 or 443, etc.

Once you have user that has some basic understanding of how this stuff works -- stopping them is like I stated before an uphill battle.

Sure you can block mstsc from running, that will stop them for about 2 minutes if your lucky ;) Maybe a day while change how they are accessing their remote machine ;)

Good Luck is about all I can tell you -- preventing someone with the correct skill set from creating a tunnel out of your network is near impossible.

One option would be to really, really lock down their computers with a GPO so that nothing is available to them except what is needed to do their jobs. SteadyState does a great job with this, but I've not tried it in a domain environment (if it will even run inside one).

EDIT: The point here is to stop them bringing in some other client from the web or a removable drive etc, after you have blocked mstsc. Obviously if they are local admins you may have trouble still ;)

And then you just boot a liveCD and remote to the machine that way.. So you have to lock down the machine from booting from removable media as well.

Your best bet when up against someone with the know how to tunnel is as already stated "policy" If you catch them at they get fired sort of thing.

What might slow them down some is if block the netblock their home isp is on. They would then have to have a different outside server to tunnel too, etc. Which could be a issue for some users to get around.

  BudMan said:
Your best bet when up against someone with the know how to tunnel is as already stated "policy" If you catch them at they get fired sort of thing.

Completely agree.

  BudMan said:
What might slow them down some is if block the netblock their home isp is on. They would then have to have a different outside server to tunnel too, etc. Which could be a issue for some users to get around.

This is a damn fine idea!

  BudMan said:
What might slow them down some is if block the netblock their home isp is on. They would then have to have a different outside server to tunnel too, etc. Which could be a issue for some users to get around.

How would one go about this?

I know the ISP of the home user :)

or even better, I know the home fixed IP :)

I would suggest you block his ISPs whole netblock, since he could just get a different IP from tomorrow, etc.. Doing it at the client is a bad idea -- since a boot of some liveCD removes anything you might have done there.. But sure if they are not as bright as we are making them out to be -- then just put a simple static route on his client to point that address or range to nevernever land.

But best to do it at the gateway. You said your using SBS2003, but only have the standard (no ISA) using just ICS I assume? Then you could just put the static route on that server. Now nobody is getting there ;)

  BudMan said:
But best to do it at the gateway. You said your using SBS2003, but only have the standard (no ISA) using just ICS I assume? Then you could just put the static route on that server. Now nobody is getting there ;)

I think its all done in routing and remote access?

Lets say the destination machine is 123.456.789.0

I create a static route:

Destination: 123.456.789.0

Network Mask: 255.255.255.255 (this correct?)

Gateway: <server IP> (if i want to redirect him back to sharepoint hompage??)

Thanks in advance..

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Get this massive 4TB WD_BLACK SN7100 SSD at a new all-time low price by Taras Buria Xbox owners recently received a new storage upgrade option, which allows them to equip the Xbox Series X|S with 4TB of extra space. That card, however, has an eye-watering price tag—nearly as much as the 1TB Xbox Series S. On the PC side, though, things are much better. Right now, if you need a 4TB SSD without selling a kidney, you can get the WD_BLACK SN7100 PCIe Gen4 SSD. It is now available on Amazon at a new all-time low price after a 16% discount (nearly half the cost of the new 4TB Xbox Storage Expansion Card). The SN7100 is a fast, reliable, and, more importantly, affordable Gen4 solid-state drive. Its speeds are rated up to 7,000MB/s sequential read and 6,700MB/s sequential write, while random input-output speeds are rated at 900K IOPS read and 1,350K IOPS write. These specs are not record-breaking, but they are fast enough for modern gaming (DirectStorage is supported), fast loading times in games and apps, and quick file transfer. The WD_BLACK SN7100 has a limited five-year warranty and endurance rating up to 2,400 TBW. You can monitor the health of your drive in the WD_Black Dashboard app on Windows. As for compatibility, you can use the SN7100 in any PC that accommodates M.2 2280 PCIe Gen4 drives, including PlayStation 5. It is compatible with PCIe Gen3 systems, but the maximum speeds will be limited. 4TB WD_BLACK SN7100 PCIe Gen4 Solid-State Drive - $249.99 | 16% off on Amazon US This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • Snagit 2025.2.0 by Razvan Serea Snagit is the most complete screen capture utility available. Showing someone exactly what you see on your screen is sometimes the quickest and clearest way to communicate. With Snagit, you can select anything on your screen – an area, image, article, Web page, or error message – and capture it. Then, save the screen capture to a file, send it to Snagit​'s editor to add professional effects, share it by e-mail, or drop it into PowerPoint®, Word®, or another favorite application. Capture and share images, text or video from your PC. Create beautiful presentations, flawless documentation and quickly save online content. The latest version of Snagit offers a totally new interface and workflow - making SnagIt easier for beginners to use, while still providing maximum convenience and flexibility for the screen capture experts. Snagit 2025.2.0 changelog: Edit Images from Camtasia Snagit can now be used to seamlessly edit images from Camtasia. Requires Camtasia version 2025.2.0 or later. In the Camtasia Media Bin, right-click an image and select the Edit in Snagit option. In Snagit, make your edits. When finished, click Send in the "Send changes to Camtasia" notification to replace the image on your Camtasia timeline. Step Capture Improved the Step Capture template to accommodate longer auto-populated step text. Annotations such as Callout or Arrow tool objects now anchor to and move with sections as sections are added to, reordered, or deleted from templates. Subscription Software Updated the Account dropdown to open automatically when new subscription related messages are present. Performance Improvements Improved the startup time for Snagit Capture application. Updates for IT Administrators Updated BouncyCastle.Cryptography package to address CVE-2024-29857 and CVE-2024-30172. Removed dependency on Xceed Zip. Updated LeadTools DLLs. Fixed an issue where Snagit might not recognize offline subscription activation. Fixed an issue where the video recording toolbar could be hidden from users when using Snagit in virtual environments or with remote desktop applications. Bug Fixes Fixed an issue where using Step Capture with the Share destination set to File in the Capture Window could result in data loss. Fixed a crash that could occur when capturing on some HDR monitors. Fixed an issue where the cursor object in a capture might include some of the background image in certain situations. Fixed an issue with the Box share destination to use the default browser for authentication. Fixed an issue where the Blur tool Color property could show when the blur or pixelate Type was selected. Fixed an issue where the privacy policy link in Snagit's installer might not open in the expected language. (PONRPD) Download: Snagit 64-bit | 419.0 MB (Shareware) Links: SnagIt Home Page | Release Notes Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Markdown's creator weighs in on rumored Apple Notes export feature by David Uzondu The rumor mill is churning as we draw closer to WWDC2025, and one of the interesting developments being discussed is a report from 9To5Mac that claimed Apple Notes in iOS 19 iOS 26, will finally get Markdown export capabilities. This caught the attention of many, including the person who actually invented Markdown. John Gruber, the creator of Markdown, shared his thoughts on this potential new feature on his weblog. For those who don't know, Markdown, which Gruber developed back in 2004 with significant input from Aaron Swartz (RIP!), is a lightweight markup language designed for creating formatted text using a plain text editor. Its main advantage is that it is easy to read and easy to write. When the news first broke, some interpretations suggested Apple Notes would gain full Markdown support, transforming it into an application where users could directly type and see Markdown syntax, much like how specialized editors like Obsidian operate. These tools are intended for users to work directly within the Markdown framework for all their note-taking. Gruber himself indicated that he does not believe Apple Notes should become a full-fledged "Markdown editor," even as an option. He stated that such a change would be a "huge mistake." His reasoning is rooted in his original vision for Markdown and his view of Apple Notes' purpose. He reiterated that he initially designed Markdown as a "text-to-HTML conversion tool for web writers" and for contexts requiring plain text file storage. He feels Apple Notes serves a different, valuable role with its current WYSIWYG (What You See Is What You Get) rich text editing. This interface, he argues, is excellent for quickly capturing thoughts, particularly on an iPhone, and aligns with the Macintosh philosophy of user-friendliness. He pointed out that creating a syntactically incorrect markdown is trivial, whereas a malformed note should not be possible with Apple Notes. Despite his reservations about a complete Markdown overhaul for the editing experience, Gruber finds the prospect of exporting notes in Markdown format very appealing. He wrote that this specific capability "sounds awesome." He pointed out, quite rightly, that Apple Notes' current export functions are rather limited, primarily offering PDF and Pages document formats. Adding Markdown export would provide a much more flexible way for users, especially those in the "niche" he identifies with, to move their content out of Notes and into other applications. Gruber did express curiosity about how Apple might handle images embedded in notes during a Markdown export, as image handling can be a tricky aspect of Markdown.
    • What? Every single app I've installed from the Microsoft Store comes from its intended developer and works perfectly fine. What apps do you install?
    • Microsoft Store is such a weird place filled with so much absolute garbage and with reputable apps that somehow come from questionable sources. Like, the app name is known, the images back it up but the publisher is just some weird name that's not mentioned for the apps we know.
  • Recent Achievements

    • Week One Done
      CHUNWEI earned a badge
      Week One Done
    • One Year In
      survivor303 earned a badge
      One Year In
    • Week One Done
      jbatch earned a badge
      Week One Done
    • First Post
      Yianis earned a badge
      First Post
    • Rookie
      GTRoberts went up a rank
      Rookie
  • Popular Contributors

    1. 1
      +primortal
      419
    2. 2
      +FloatingFatMan
      182
    3. 3
      snowy owl
      181
    4. 4
      ATLien_0
      176
    5. 5
      Xenon
      139
  • Tell a friend

    Love Neowin? Tell a friend!