Introduction

Remote Desktop Protocol (RDP) is a useful tool for remote system access and management. However, if left enabled on devices not needing it, RDP can pose a significant security risk, especially to domain-joined computers. Threat actors often target exposed RDP services to gain unauthorised access, leading to data breaches and other serious issues.

Why Should You Disable RDP?

• Minimise Attack Surface: Disabling RDP helps reduce the risk of brute-force attacks.
• Prevent Unauthorised Access: Keeping RDP disabled ensures that potential attackers cannot exploit vulnerabilities in the service.
• Compliance with Security Best Practices: Organisations often require RDP to be disabled on non-essential devices as part of their security policies.

Disabling RDP on Windows 10 and 11

Method 1: Using Windows Settings

1. Open Settings:
   • Press Windows Key + I to open the Settings app.
   • Navigate to System > Remote Desktop.
2. Turn Off Remote Desktop:
   • Toggle the switch under Enable Remote Desktop to Off.
   • Confirm the change when prompted.
3. Verify:
   • Ensure the status shows Remote Desktop is not enabled.

Method 2: Using Control Panel

Open Control Panel:

• Press Windows Key + R, type control, and press Enter.
• Navigate to System and Security > System.

Access Remote Settings:

• In the left sidebar, click on Remote settings.
• Under the Remote Desktop section, select Don’t allow remote connections to this computer.

Apply Changes:

• Click Apply and then OK to save your settings.

Method 3: Using Group Policy Editor (For Domain Administrators)

This method is best suited for those managing multiple machines within a domain.

Open Group Policy Editor:

• Press Windows Key + R, type gpedit.msc, and press Enter.

Navigate to Remote Desktop Settings:

• Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.

Disable Remote Desktop:

• Double-click on Allow users to connect remotely using Remote Desktop Services.
• Select Disabled and click OK.

Force Group Policy Update:

• Run the following command in Command Prompt to apply the policy immediately:

gpupdate /force

Method 4: Using Windows PowerShell

Run PowerShell as Administrator:

• Right-click the Start button and select Windows PowerShell (Admin).

Execute Command to Disable RDP:

• Run the following command to disable RDP:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections' -Value 1

Confirm RDP is Disabled:

• Verify the change by running:

Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections'

• Ensure the returned value is 1 (disabled).

Additional Security Tips

• Use a VPN: If remote access is required, set up a Virtual Private Network (VPN) to secure remote connections.
• Enable Network Level Authentication (NLA): For situations where RDP must remain enabled, ensuring NLA is active adds a layer of security by requiring users to authenticate before connecting.
• Regularly Update Your System: Keep Windows up-to-date to patch any vulnerabilities related to RDP or other services.

Securing your system by disabling unnecessary services like RDP is essential for reducing potential attack vectors. Whether you’re managing individual workstations or domain-joined devices, the above methods provide effective solutions to safeguard your network.