How to limit Remote Desktop Connection connections to a specific network interface in Windows XP (924927)


The information in this article applies to:

  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Tablet PC Edition
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

INTRODUCTION

By default, Microsoft Windows XP Remote Desktop and Terminal Services use all available network interfaces to listen for Remote Desktop Protocol (RDP) requests. As a security option, you may want to limit this to a specific network interface.

This article describes how to configure the listening interfaces on a Windows XP-based computer.

MORE INFORMATION

Method 1: Create a policy to block RDP requests from a specific network interface in Windows XP with Service Pack 2 (SP2)

To create a firewall policy to block RDP requests from a specific network interface in Windows XP SP2, follow these steps:
  1. Click Start, click Run, type firewall.cpl, and then click OK.
  2. On the Advanced tab, click to select the connection for which you want to configure RDP connections under Network Connection Settings, and then click Settings.
  3. On the Services tab, locate Remote Desktop, click the check box to enable or disable the option, and then click OK.
  4. Repeat step 3 for the remaining network connections.
Note These steps can differ from one firewall to another.

Method 2: Manually edit the registry and add registry entries to enable listening for RDP requests

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To manually edit the registry and add registry entries to enable listening for RDP requests, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

  3. Right-click the GUID of the network adapter you want RDP to listen on, and then click Copy Key Name.
  4. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

  5. On the Edit menu, click New, and then click Key.
  6. Type lanatable, and then press ENTER.
  7. Right-click the lanatable subkey, click New, and then click Key.
  8. Paste the GUID name that you copied in step 3. Delete any path information that is in the pasted text.
  9. Right-click this new key, click New, and then click DWORD Value.
  10. Type LanaId and then press ENTER.
  11. Double-click LanaId, type 1, and then click OK.
  12. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstation\RDP-Tcp

  13. Double-click LanAdapter, change the value to 1, and then click OK.
  14. Exit Registry Editor.
  15. Restart the computer.
Modification Type:MinorLast Reviewed:10/6/2006
Keywords:kbinfo kbExpertiseAdvanced kbhowto KB924927 kbAudEndUser
©2004 Microsoft Corporation. All rights reserved.