This page is WIP
This guide shows how to configure Windows Server Firewall to block all inbound traffic and allow only Remote Desktop (RDP) access using Powershell.
- Locate the PowerShell app and open it
- Copy-paste the below and run the command
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"; Set-NetFirewallProfile -Profile Domain,Public,Private -DefaultInboundAction Block; Get-NetFirewallRule -Direction Inbound -Enabled True | Where-Object {$_.DisplayGroup -ne "Remote Desktop"} | Disable-NetFirewallRule
That's it!
This one-liner is 3 separate commands running at once. They:
- Blocks incoming connections by default
- Opens RDP Ports
- Closes off all open incoming ports
Securing RDP from repeated connection attempts
We also recommend using a Fail2Ban Windows alternative where possible, to stop repeated malicious login attempts. We recommend EvlWatcher for its ease of use and quick install. You can download it from https://github.com/devnulli/EvlWatcher/releases.
Simply install it and let it get to work. Do note that repeated login attempts may block your own IP, and you would need to access VNC to remove yourself from the blocklist.
