Binding the RDP listener to 127.0.0.1 only
Solution 1
Why would you want to only have it listen on 127.0.0.1? That would make you take over your own session which would then lock the machine.
I'm not sure if you can bind RDP to listen on only IP. I would imagine that you can't. You best option will probably be using Windows firewall to prevent access to port 3389 on all IPs other than 127.0.0.1.
Solution 2
Binding the RDP listeners to localhost can also be a cheap way to enable multiple concurrent sessions stemming from a single console session.
I'm guessing you want the localhost functionality, not strictly wanting 127.0.0.1. I'm also guessing that you don't want to expose the adapter to the network.
If you're still wanting to do this, I can think of the below method:
- Install a local loopback network adapter. (See here.)
- Configure the RDP Listener to bind only on the loopback network adapter. In Server2K8 and higher, this will be possible via the tsconfig.msc snap-in. I've never tried in Server2k3 but that should be a similar procedure. (I can go in more details about the configuring the registry if needed.)
From there, you'll be able to RDP to the loopback adapter using its link-local address.
Solution 3
I was able to resolve my issue by doing the following:
Start
, Run
, MMC
MMC: add Terminal Server Configuration
Enable RDP_TCP
Right on The RDP-TCP
Click on Properties
Click on the Network Adapter Tab
Bind the new Vmware Adapter
Solution 4
binding to localhost is very common for several services under linux. so you can ssh to the box and forward ports to your ManagementClient.
The reason is simple: security.
I'm not using windows server, so I have no idea to configure this service. But blocking via windows firewall sound good.
EDIT:
Here is a link how this can be done: www-css.fnal.gov/csi/win-firewall/win-firewall.html
Related videos on Youtube
Admin
Updated on September 17, 2022Comments
-
Admin over 1 year
I'm trying to bind the remote desktop listener to 127.0.0.1 on Windows Server 2003 Enterprise.
I tried tscc.msc but it only lets you choose a certain physical adapter.
Also by quickly glancing over
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
I couldn't find any setting that seemed to do the trick.Is this impossible after all?
-
djangofan over 12 yearsThe answer to this question would be really useful when using Bitvise WinSSHD.
-
-
radius almost 15 yearsDoing ssh and port forwarding to a windows host is very uncommon.
-
user34884 almost 15 yearsYet this is what I'm doing. I already have the firewall allowing only connections on 127.0.0.1. I just wanted another layer of security by completely removing the listener from every other IP address.
-
splattne almost 15 yearsI agree. Why would you access RDP from the machine itself? Makes no sense to me. But maybe there is a hidden agenda.
-
Adam Gordon Bell almost 15 yearsYeap does not make sense to remote desktop to one's own machine. Might as well shut down the service altogether.
-
jingyu9575 over 8 yearsYour link (experts exchange) is permanently down.
-
CaffeineAddiction about 5 yearssame reason vnc has the option for "looback only" ... you SSH in and port forward to localhost