VMware Horizon Community
bjohn
Enthusiast
Enthusiast

Disabliing RDP

We only use PCOIP in our environment. I would like to disable the RDP service on all the VM's using group policy. Any side affects? Mainly doing this because security scans are complaining about self-signed certificates, hash values etc...

9 Replies
techguy129
Expert
Expert

This document should be what you're looking to doing. This is only for desktops and not possible with published apps (rdsh) servers.

Prevent Access to Horizon 7 Desktops Through RDP

Reply
0 Kudos
bjohn
Enthusiast
Enthusiast

I've seen that article, but I don't think that will disable the RDP service and the scan will find that RDP is still active. I just want to disable RDP all together. I'm not sure if there are any consequences.

Reply
0 Kudos
techguy129
Expert
Expert

The horizon agent needs the service to be running. You cannot stop it.

Reply
0 Kudos
sjesse
Leadership
Leadership

If you still have the windows firewall enabled, you can block incoming traffic to remote desktop. Outside of this create a test pool and test it, I don't think there is anything that specifies the effect of this. If you need concrete clarification you may want to  open a support ticket. What we did was place our virtual desktops its own firewall context on the network and just prevent rdp from everywhere.

Reply
0 Kudos
EricNichols
Hot Shot
Hot Shot

Our Nessus scan reported the same 6 or so rdp related findings. We applied a group policy that disables rdp and haven't seen an issue.

bjohn
Enthusiast
Enthusiast

@eric Thank You, Nessus is my problem too.
I assume you disabled "Allow users to connect remotely by using remote desktop services".

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso

I've done this in the past using a combination of the firewall and changing this setting to "Don't allow connections to this computer" using group policy..

2019-01-11 15_17_12-System Properties.png

Reply
0 Kudos
EricNichols
Hot Shot
Hot Shot

Yes

Reply
0 Kudos
HussamRabaya
VMware Employee
VMware Employee

if it matter of security,

close the port in the firewall

Reply
0 Kudos