> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/knowledge-base-articles/restricting-ms-rdp-access-to-remote-desktop-manager-only.md). # Restricting MS RDP access to Remote Desktop Manager only Many organizations aim to centralize their Remote Desktop connections, restricting them to initiate solely from Remote Desktop Manager. Here are some considerations for implementing this strategy within your organization. ### Considerations Merely blocking Microsoft RDP (**mstsc.exe**) does not sufficiently secure access, as it leaves potential vulnerabilities open. Users might bypass this by employing alternatives like Microsoft RDC Manager or unauthorized versions of Remote Desktop Manager, potentially using settings outside of approved parameters. A more secure approach involves embedding session credentials within Remote Desktop Manager itself. This method ensures that users can establish remote connections without directly accessing the credentials, thereby enforcing the use of Remote Desktop Manager. However, if you believe that simply disabling Microsoft RDP meets your security needs, guidance on this process is available in Microsoft's article on [How to Enable or Disable Remote Desktop via Group Policy Windows 2008](https://social.technet.microsoft.com/wiki/contents/articles/4980.how-to-enable-or-disable-remote-desktop-via-group-policy-windows-2008.aspx). Our recommended solution entails utilizing a secure gateway, shielded by a password unknown to the end user. This can be implemented via an SSH tunnel or our proprietary Jump feature, combined with firewall adjustments on remote hosts to block any connections from IP addresses not recognized by your designated gateways. ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4436.png) SSH tunnels are particularly effective; they can operate on a virtual machine using any \*nix distribution and require minimal RAM and HDD space. Moreover, using SSH tunnels compels users to rely on Remote Desktop Manager since the tunnel credentials are not domain credentials and must be stored within the application itself. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/rdm/knowledge-base/knowledge-base-articles/restricting-ms-rdp-access-to-remote-desktop-manager-only.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.