My computer is on a domain. I wanted to enable RDP access so I could work remotely, however in doing that, I’m letting my colleagues and others in my organization log in to my PC, as well as potentially allowing an intruder to log in.
There are options to disallow logins from specific groups, however I can not block those domain groups because I am part of them. The easier approach for me is to be selective with who is allowed as opposed to defining explicit blocks.
To allow logins for only yourself through RDP
gpedit.msc on your machine.
Drill down to:
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
"Allow log on through Remote Desktop Services" and open it’s properties.
By default, “Remote Desktop Users” and “Administrators” are allowed RDP login.
First, add your account.
Then remove “Administrators” and “Remote Desktop Users:
That’s it! Now no one besides your account will be able to RDP into your PC.
Enjoy peace of mind.