1. Home
  2. Security
  3. How to firewall the RDP (remote desktop protocol) service on a Windows 2012 Server

How to firewall the RDP (remote desktop protocol) service on a Windows 2012 Server

This article will show you how to firewall the remote desktop protocol (RDP) service on a Windows 2012 server.

Step 1.  Log-in to the server as an administrator.

Step 2.  Hover the cursor over the lower, left-hand corner of your screen.

Step 3.  The Start icon will appear.  Click Start.

Step 4.  All of the Windows apps and desktop programs in the Start menu will appear.

Step 5.  Start typing Fire.  You will see the results filtered in real-time as each letter is being typed.  Click on Windows Firewall with Advanced Security.

Step 6.  Click Inbound Rules.

Step 7.  By default, the Windows firewall rules will be listed by “group” alphabetical order.  Scroll down until you see the 2 firewall rules: Remote Desktop – User Mode (TCP-In) and Remote Desktop – User Mode (UDP-In).

Step 8.  Double-click on the firewall rule Remote Desktop – User Mode (TCP-In).  A dialog box window will appear.  Click Scope.

Step 9.  Under the Remote IP address heading, click These IP addresses:.

Step 10.  Click Add.

Step 11.  A dialog box will appear.  Enter the IP address you want to allow RDP access from and click OK.

Step 12.  You should see the IP address you just added in the list.

Step 13.  Repeat Steps 10 to 12 for each additional IP address or IP address range you wish to add to the server.  You will want to add (whitelist) all IPs that you regularly connect to the server from.  To determine your IPs, visit http://whatsyourip.net from each location where you want to be able to RDP to your server (for example, work, a home office, home, etc.).
(The screenshot below is only an example.  Your actual IP address will be different than the one displayed below).

Step 14.  In addition to the IPs you added in Steps 11 through 12, you will also need to whitelist these IP addresses which are the office IPs of Applied Innovations support staff:
174.136.79.138
174.136.95.1
216.167.201.0/255.255.255.0
216.167.202.0/255.255.255.0
66.252.232.0/255.255.255.0
174.136.72.0/255.255.255.0
174.136.73.0/255.255.255.0
174.136.75.0/255.255.255.0
174.136.74.154/255.255.255.255
Local subnet
We highly recommend adding the IP addresses above, as they are necessary in order for Support to connect to your server in the event that support assistance is needed at some point in the future.  If you opt not to add these addresses, please be informed that this will prolong the amount of time it takes to troubleshoot any potential issues on the server if assistance is requested, as we will need to use alternative means to connect to the server.  We will only connect to the server if you request support help.  Removal of these IP addresses from the firewall and/or intentionally not adding the IP addresses listed above constitutes acknowledgement and consent that support engineers would not be able to RDP to the server in the future if support assistance is requested.

Step 15.  Click Apply for the new IPs you just added to the firewall rule to take effect, and then click OK to save changes.

Step 16.  Double-click on the firewall rule Remote Desktop – User Mode (UDP-In).  A dialog box window will appear.  Click Scope.

Step 17.  Under the Remote IP address heading, click These IP addresses:.

Step 18.  Click Add.

Step 19.  Enter the IP address you want to allow RDP access from and click OK.

Step 20.  You should see the IP address you just added in the list.  Repeat Steps 10 to 11 for each additional IP address or IP address range you wish to add to the server.  You will want to add (whitelist) all IPs that you regularly connect to the server from.  To determine your IPs, visit http://whatsyourip.net from each location where you want to be able to RDP to your server (for example, work, a home office, home, etc.).

Step 21.  In addition to the IPs you added in Steps 11 through 12, you will also need to whitelist these IP addresses which are the office IPs of Applied Innovations support staff:
174.136.79.138
174.136.95.1
216.167.201.0/255.255.255.0
216.167.202.0/255.255.255.0
66.252.232.0/255.255.255.0
174.136.72.0/255.255.255.0
174.136.73.0/255.255.255.0
174.136.75.0/255.255.255.0
174.136.74.154/255.255.255.255
Local subnet
We highly recommend adding the IP addresses above, as they are necessary in order for Support to connect to your server in the event that support assistance is needed at some point in the future.  If you opt not to add these addresses, please be informed that this will prolong the amount of time it takes to troubleshoot any potential issues on the server if assistance is requested, as we will need to use alternative means to connect to the server.  We will only connect to the server if you request support help.  Removal of these IP addresses from the firewall and/or intentionally not adding the IP addresses listed above constitutes acknowledgement and consent that support engineers would not be able to RDP to the server in the future if support assistance is requested.

Step 22.  Click Apply for the new IPs you just added to the firewall rule to take effect, and then click OK to save changes.

Step 23.  Congratulations, you are all set.
We recommend if you see additional IPs in the firewall rule you don’t recognize, that you do not remove these addresses, as they are necessary in order for Support to connect to your server in the event that support assistance is needed at some point in the future.  Removal of these IPs constitutes acknowledgement and consent that support engineers would not be able to RDP to the server in the future if support assistance is requested.

Content retrieved from: https://support.appliedi.net/kb/a1366/how-to-firewall-the-rdp-remote-desktop-protocol-service-on-a-windows-2012-server.aspx.

Updated on November 17, 2020
Was this article helpful?

Related Articles

Customer Support Portal
Can't find the answer you're looking for? Don't worry we're here to help!
CONTACT SUPPORT