Restricting RDP access by IP address

RDP (Remote Desktop Protocol) is a protocol that lets you connect to a remote server and work with it as if you were sitting in front of its monitor. With RDP you can run applications, manage files, configure the system, transmit audio, and use clipboard sharing between local and remote computers.

Restricting access by IP is one of the most effective ways to protect your server from unauthorized RDP connections. Below is a step-by-step guide for Windows Server (applicable to all versions, including 2016/2019/2022).

Step 1: Open Firewall Settings

1. Open Control Panel → System and Security → Windows Defender Firewall.
2. Click Advanced settings (on the left sidebar).

Control Panel → Windows Defender Firewall

“Advanced settings” option

Step 2: Locate the RDP Rule

1. In the “Windows Defender Firewall with Advanced Security” window, select Inbound Rules on the left.
2. In the list, find the active rule named “Remote Desktop - User Mode (TCP-In)” (or similar, containing “Remote Desktop”).

Inbound Rules section

Step 3: Restrict Access by IP

1. Right-click the rule → Properties.
2. Go to the Scope tab.
3. In the Remote IP address section, select These IP addresses.
4. Click Add and specify:
   • single IP addresses (e.g., 185.18.52.152)
   • IP ranges (e.g., 185.18.52.0–185.18.52.255)
   • subnets (e.g., 185.18.52.0/24)
5. Remove or disable the “Any IP address” entry to block connections from all other IPs.

Adding permitted IP addresses

2. Click OK in all windows to save changes.

Useful Notes

• After applying these settings, RDP connections will be allowed only from the specified IP addresses.
• If you connect via VPN or have a dynamic IP — add your provider’s IP range or use a static IP.
• For maximum security, enable Network Level Authentication (NLA) in the Remote Desktop settings and use strong passwords.