We only use PCOIP in our environment. I would like to disable the RDP service on all the VM's using group policy. Any side affects? Mainly doing this because security scans are complaining about self-signed certificates, hash values etc...
This document should be what you're looking to doing. This is only for desktops and not possible with published apps (rdsh) servers.
I've seen that article, but I don't think that will disable the RDP service and the scan will find that RDP is still active. I just want to disable RDP all together. I'm not sure if there are any consequences.
The horizon agent needs the service to be running. You cannot stop it.
If you still have the windows firewall enabled, you can block incoming traffic to remote desktop. Outside of this create a test pool and test it, I don't think there is anything that specifies the effect of this. If you need concrete clarification you may want to open a support ticket. What we did was place our virtual desktops its own firewall context on the network and just prevent rdp from everywhere.
Our Nessus scan reported the same 6 or so rdp related findings. We applied a group policy that disables rdp and haven't seen an issue.
@eric Thank You, Nessus is my problem too.
I assume you disabled "Allow users to connect remotely by using remote desktop services".
I've done this in the past using a combination of the firewall and changing this setting to "Don't allow connections to this computer" using group policy..
Yes
if it matter of security,
close the port in the firewall