Microsoft KB Archive/924927

= How to limit Remote Desktop Connection connections to a specific network interface in Windows XP =

Article ID: 924927

Article Last Modified on 10/6/2006

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Tablet PC Edition

-



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



INTRODUCTION
By default, Microsoft Windows XP Remote Desktop and Terminal Services use all available network interfaces to listen for Remote Desktop Protocol (RDP) requests. As a security option, you may want to limit this to a specific network interface.

This article describes how to configure the listening interfaces on a Windows XP-based computer.



Method 1: Create a policy to block RDP requests from a specific network interface in Windows XP with Service Pack 2 (SP2)
To create a firewall policy to block RDP requests from a specific network interface in Windows XP SP2, follow these steps:
 * 1) Click Start, click Run, type firewall.cpl, and then click OK.
 * 2) On the Advanced tab, click to select the connection for which you want to configure RDP connections under Network Connection Settings, and then click Settings.
 * 3) On the Services tab, locate Remote Desktop, click the check box to enable or disable the option, and then click OK.
 * 4) Repeat step 3 for the remaining network connections.

Note These steps can differ from one firewall to another.

Method 2: Manually edit the registry and add registry entries to enable listening for RDP requests
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To manually edit the registry and add registry entries to enable listening for RDP requests, follow these steps:  Click Start, click Run, type regedit, and then click OK. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

 Right-click the GUID of the network adapter you want RDP to listen on, and then click Copy Key Name. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

 On the Edit menu, click New, and then click Key. Type lanatable, and then press ENTER. Right-click the lanatable subkey, click New, and then click Key.</li> Paste the GUID name that you copied in step 3. Delete any path information that is in the pasted text.</li> Right-click this new key, click New, and then click DWORD Value.</li> Type LanaId and then press ENTER.</li> Double-click LanaId, type 1, and then click OK.</li> Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstation\RDP-Tcp

</li> Double-click LanAdapter, change the value to 1, and then click OK.</li> Exit Registry Editor.</li> Restart the computer.</li></ol>

Additional query words: security

Keywords: kbinfo kbexpertiseadvanced kbhowto KB924927

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.