I'm trying to prevent Terminal Services users from starting a new RDP session on the same server using 'localhost' with a different user account. Does anyone have any suggestions or strategies for this?
5 Answers
Another approach could be to modify the hosts file to make localhost point to an invalid IP. Just be cautious if you have web applications that may rely on it.
It sounds like you may want to look into changing the security permissions to restrict RDP access from the server itself. Check out this link for more info: https://superuser.com/questions/1926981/restrict-a-local-windows-10-11-user-from-using-rdp-from-its-localhost. Just a heads up though, blocking RDP access only from localhost might be tricky.
Have you thought about just blocking access to mstsc.exe? You could use AppLocker policies for that if you have it set up.
You really need to explain why your users have multiple accounts. It’s key to addressing your issue effectively. Knowing what you hope to achieve can also help us give better answers.
It might be worth considering a firewall rule to block localhost as a source, but I’m not sure if that’s feasible with your setup. That said, this also sounds like it could be an educational issue for your users to clarify the correct usage.
Exactly! They might be trying to bypass restrictions like Citrix escape, but I think education is really the key here.
That's interesting, but I actually found it works for preventing those kinds of connections!