skip to main content
Caltech
Information Management Systems and Services
IMSS  /  Services  /  Information Security  /  Security for IT Staff  /  Restricting Windows RDP to Campus

Restricting Windows RDP to Specific IP Ranges

Restricting Windows RDP Using the Windows Firewall

Restrict access to Windows Remote Desktop by creating an inbound firewall rule in the built-in Windows firewall. The instructions below apply to both Windows 7 and Windows 10.

1. Open your "Control Panel" by clicking on your start menu and then clicking on "Control Panel" (Windows 7) or by simply typing the word "Control Panel" in the search (Windows 10), and select "Windows Firewall". Note that you may first need to change the Control Panel "View by" setting, if it is currently set to "View by Categories".

Control Panel Windows Firewall



2. Click on "Advanced Settings"

Windows Firewall



3. Next, click on "Inbound Rules"

Windows Firewall Inbound Rules




4. Now scroll down and find the inbound rule for Remote Desktop. If there is more than one rule for Remote Desktop, be sure to modify scope for each one.

Inbound Rules Remote Desktop




5. Right click on the Remote Desktop rule and click on "Properties".

Remote Desktop Properties Protocols and Ports



6. Click on the "Scope" tab, and under the "Remote IP address" section and add the required IP address range. If you access your remote desktop from a specific computer, please enter your computer's IP address in the form xxx.xxx.xxx.xxx/32. If you need access from a small set of computers, please use the IP address for an individual subnet: xxx.xxx.xxx.xxx/24. If you really need access from all of campus and VPN, you can use 131.215.0.0/16 to allow Remote desktop access from Caltech campus IP addresses.

Be sure to click "Apply" to apply your changes.

Remote Desktop Scope



7. Lastly, make sure this rule is actually Enabled. It will have a green check mark next to it to indicate that it is enabled.

Inbound Rules Remote Desktop