Windows Remote Desktop
NOTE: The article below was originally written to address disabling remote desktop connectivity on Windows 10 systems. All of the information we have provided is also compatible with Windows 11. If you need to turn off remote desktop on systems running either operating system, these instructions will work for you.
The number of individuals requiring remote access to work or personal computers has dramatically increased in the past two years. The effects of the COVID-19 pandemic have contributed to the move toward working remotely that was already gaining traction throughout society. Consequently, many more users are faced with setting up and managing connections between local and remotely located machines.
It can be challenging for inexperienced users to configure remote access tools without the help of a system administrator. Fortunately, many home and traveling users are working with computers running the Windows 10 operating system. This might be a personal machine or a company-issued laptop.
This means they can easily take advantage of the Windows Remote Desktop feature to establish a connection between a computer at home and one located in the office. We suggest you check out our how to setup Remote Desktop in Windows 10 article if you need instructions on how to implement remote access from your machine.
An equally important activity that may be necessary to perform for a variety of reasons is the ability to turn off Remote Desktop in Windows 10.
How to stop remote access to my computer in Windows 10/11
Now we will show you how to turn off remote access on Windows 10 systems by following these simple instructions:
- 1. Type remote settings in the Cortana search box.
- 2. Choose Allow remote access to your computer to open Control Panel’s Remote System Properties dialog pane.
- 3. Check the Don’t Allow Remote Connections to this Computer to disable Remote Desktop in Windows 10.
You can also disable Remote Desktop manually by editing the Windows registry. We suggest you should only proceed with editing the registry if you are an experienced user and know what you are doing. Mistakes with the reg command can have serious consequences for your system.
Use these steps to edit the Windows registry and disable Remote Desktop connections:
- 1. Open the Windows run app and type REGEDIT to launch the registry editing tool.
- 2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server.
- 3. Select fDenyTSConnections.
- 4. Change the Data Value from 0 to 1 and select OK.
Users not comfortable with using the reg command or modifying the registry should use the first method described above. It’s much simpler and is all you need in Windows 10 to disable remote access.
The risks of running Windows Remote Desktop
While running Windows Remote Desktop offers an efficient method of establishing connections to physically distant computers, it does present some security risks that need to be understood by users taking advantage of this Windows service. The same functionality that allows you to access that computer at work opens the door to uninvited guests who may not have your best interests at heart.
Following are some of the potential dangers of the Remote Desktop Protocol [RDP]:
- • Brute-force attacks can be launched that attempt to gain access by guessing authentication credentials. Once access has been obtained, malware can be planted or further attacks conducted from the compromised platform.
- • Man-in-the-middle attacks that intercept all communication between a client and servers on a TCP network are also a common way to hack RDP sessions.
- • Credential harvesting where RDP logins and passwords are stolen and sold on the dark web.
- • Malicious PowerShell scripts can be introduced to your system. Hackers can cause a lot of damage to your computer and attached components using the features available in PowerShell.
- • Attacks taking advantage of the fact that RDP connections normally use port 3389 instead of alternate ports. Hackers can target this port to carry out additional on-path attacks.
How to protect your computer from hackers by turning off Remote Desktop access
The reason you need to know how to disable remote access in Windows 10 is to protect your computer from hackers and malicious unauthorized intruders. We have shown you how to do this with a simple procedure, but if you need remote access to do your job or get important information, you can’t just totally disable RDP.
Following are two tips for making your Windows 10 system more secure and minimizing the security risks of enabling Remote Desktop.
• Disable Remote Desktop on your Windows 10 system when you don’t need to have the service running. When not actively using RDP to connect to a remote machine, keep it disabled. Get into the habit of turning it on when needed and off when finished every time you use it.
• Use strong passwords for your connection credentials. One of the most exploited security vulnerabilities is weak passwords that let hackers gain access to your system and network. Stop using your dog’s name and make it difficult to guess your password. At least eight characters with a mix of upper and lower case letters, numbers, and special characters is the minimum you should be using to protect your RDP sessions. Longer passwords are always better and harder to crack by motivated hackers.
It’s really easy to disable Remote Desktop in Windows 10 as we have shown you. Since disabling the service is also the best way to minimize the risk of exposing Remote Desktop services to hackers, we hope you use this simple process to improve security.
The MS-ISAC observes specific malware variants consistently reaching The Top 10 Malware list. These specific malware variants have traits allowing them to be highly effective against State, Local, Tribal, and Territorial [SLTT] government networks, consistently infecting more systems than other types of malware. An examination of the characteristics of these malware variants revealed that they often abuse legitimate tools or parts of applications on a system or network. One such legitimate tool is Remote Desktop Protocol [RPD].
Understanding the Threat Surface
RDP is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389. It provides network access for a remote user over an encrypted channel. Network administrators use RDP to diagnose issues, login to servers, and perform other remote actions. Remote employees use RDP to log into the organization’s network to access email and files.
Cyber threat actors [CTAs] use misconfigured RDP ports that are open to the Internet to gain network access. They are then in a position to potentially move laterally throughout a network, escalate privileges, access and exfiltrate sensitive information, harvest credentials, or deploy a wide variety of malware. This popular attack vector allows CTAs to maintain a low profile, as they are utilizing a legitimate network service that provides them with the same functionality as any other remote user. CTAs use tools, such as the Shodan search engine, to scan the Internet for open RDP ports and then use brute force password techniques to access vulnerable networks. Compromised RDP credentials are also widely available for sale on dark web marketplaces.
Recommendations
After evaluating your environment and conducting appropriate testing, use Group Policy to disable RDP. If RDP is needed for legitimate work functions, the MS-ISAC recommends following the below recommendations:
- Place any system with an open RDP port [3389] behind a firewall and require users to VPN in through the firewall.
- Enable strong passwords, multi-factor authentication, and account lockout policies to defend against brute-force attacks.
- Whitelist connections to specific trusted hosts.
- Restrict RDP logins to authorized non-administrator accounts, where possible. Adhere to the Principle of Least Privilege, ensuring that users have the minimum level of access required to accomplish their duties.
- Log and review RDP login attempts for anomalous activity and retain these logs for a minimum of 90 days. Ensure that only authorized users are accessing this service.
- Verify cloud environments adhere to best practices, as defined by the cloud service provider. After the cloud environment setup is complete, ensure that RDP ports are not enabled unless required for a business purpose.
- Enable automatic Microsoft Updates to ensure that the latest versions of both the client and server software are running.
- Perform regular scans to ensure RDP remains externally closed to the Internet.
For additional help hardening your system, the MS-ISAC recommends organizations use the CIS Benchmarks and CIS Build Kits, which are a part of CIS SecureSuite.
Disabling RDP
The directions below are a general outline of how to disable RDP.
- Use Group Policy setting to Disable RDP:
- Click Start Menu > Control Panel > System and Security > Administrative Tools.
- Create or Edit Group Policy Objects.
- Expand Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
- Disable users from connecting remotely using Remote Desktop Services.
For more information on how to enable or disable RDP please go to Microsoft.
The MS-ISAC is the focal point for cyber threat prevention, protection, response, and recovery for the nation’s state, local, tribal, and territorial [SLTT] governments. More information about this topic, as well as 24×7 cybersecurity assistance is available at 866-787-4722, [email protected]. The MS-ISAC is interested in your comments – an anonymous feedback survey is available.