In some cases, Windows Server administrators recommend that users disable UDP support for RDP connections and use only the TCP protocol, which is more reliable and stable under adverse network conditions. This can help avoid some complications and provide more stable remote server management.
Methods to disable UDP for RDP connection.
There are several methods you can use to prevent RDP connections over UDP on Windows Server. In this article, we will look at three main methods:
Method 1: Through setting up a firewall for Windows Server 2012-2016.
1. Open the "Control Panel" (Win+X → Control Panel) on your server.
2. Go to the "System and Security" section. Select Windows Firewall.
3. In the left panel, click on "Advanced settings".
4. In the Windows Firewall with Advanced Security window, select Inbound Rules. Find the rule "Remote Desktop - User Mode (UDP-In)" with port 3389 (default RDP port, if not changed) and double-click on it.
5. In the "General" section, in the "Action" section, check the box next to "Block the connection" and click "OK". to save changes.
Launching the firewall for Windows Server 2022-2019 for configuration is done through Server Manager:
The method is through the registry editor (regedit).
The other is a longer and more difficult path. Open the Registry Editor by running the "regedit" command in a Command Prompt or PowerShell as an administrator. Navigate to the following path:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\
Create a new DWORD entry (32-bit value) and name it "fClientDisableUDP". Set "fClientDisableUDP" to 1 to disable UDP support for RDP connections.
Method through local group policies (gpedit.msc)
1. Open the "Local Group Policy Editor" by running the "gpedit.msc" command in the command line, in PowerShell (or Win+X → Run) as an administrator.
2. Go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Client connection to a remote desktop" (Remote Desktop Connection Client).
3. Find the Turn Off UDP On Client option and set it to Enabled.
4. Go to "Computer Configuration" -> "Administrative Templates" -> "Windows Components" -> "Remote Desktop Services" -> "Remote Desktop Session Host" -> "Connections" ( Connections).
5. Find the Select RDP Transport Protocols option and set it to Enabled, and in the options select Use only TCP.
Results.
These methods will allow you to successfully disable UDP support for RDP connections, which can improve the stability and security of remote sessions on your Windows Server. Don't forget to restart the server after applying the changes for them to work correctly.
FAQs
Go to "Computer Configuration" -> "Administrative Templates" -> "Windows Components" -> "Remote Desktop Services" -> "Remote Desktop Session Host" -> "Connections" ( Connections). 5. Find the Select RDP Transport Protocols option and set it to Enabled, and in the options select Use only TCP.
Does RDP need UDP? ›
When available, RDP will attempt to use UDP first for its low-latency benefits. If the UDP connection fails, RDP will revert to TCP. This dual approach allows RDP to leverage the speed of UDP while maintaining the reliability of TCP as a fallback.
How do I restrict access to Remote Desktop on Windows server? ›
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment. Find and double-click "Deny logon through Remote Desktop Services". Add the user and / or the group that you would like to deny access. Select ok.
How do I disable outgoing RDP connections? ›
Disabling RDP
Create or Edit Group Policy Objects. Expand Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections. Disable users from connecting remotely using Remote Desktop Services.
Why disable UDP? ›
UDP is a connectionless protocol and does not provide confirmation of delivery of data. This means that data packets can be lost on the network, resulting in screen artifacts, lags, and poor quality audio and video in the remote session.
How do I disable UDP in Windows Server RDP? ›
Go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Client connection to a remote desktop" (Remote Desktop Connection Client). 3. Find the Turn Off UDP On Client option and set it to Enabled.
What is the RDP UDP ratio? ›
Milk production: With regard to milk production, also, the RDP : UDP ratio in the diet has been suggested to vary from 85 : 15 to 80 : 20 as the metabolizability of the diet increases from 0.5 to 0.7 for a cow weighing 400 kg and yielding 10 litres of milk/day of 4.9% fat.
How do I block Remote Desktop Connection? ›
Open the "Control Panel" in Windows 10 and click on "System and Security." Click "Allow remote access" in the "System" section. Go to the "Remote" tab. Uncheck the "Allow Remote Assistance connection to this computer" option under the "Remote Assistance" section.
How do I restrict Remote Desktop to a local network? ›
Restrict Access to RDP with Windows Firewall
- Settings > Update and Security > Windows Security > Firewall and Network Protection > Advanced Settings > Inbound Rules > Remote Desktop - User Mode (TCP-In) > Properties > Scope > Remote IP address > Add > This IP address or subnet.
- Berkeley IT RD Gateway.
Steps to Restrict RDP Access
- Open Windows Firewall with Advanced Security. Search and open Windows Defender Firewall with Advanced Security.
- Edit the RDP Inbound Rule details. Find the RDP rule in the list of Inbound Rules. For example, the server using the default RDP rule: Right-click on your rule and select Properties.
Risks of RDP
When RDP is configured to allow access from anywhere on the internet, it becomes highly susceptible to attacks. Hackers all over the world are constantly scanning the internet looking for devices configured for RDP. Once found, they will use tools to try and crack or break into your system.
How to keep a remote desktop connection active? ›
How to keep your Remote Desktop Session Alive with Remote Desktop Connection
- Open Group Policy Editor: Press Win + R on the remote computer to open the Run dialog. ...
- Navigate to Remote Desktop Session Host Policies: ...
- Enable Keep-Alive Connections: ...
- Configure Keep-Alive Interval: ...
- Restart Remote Desktop Services (optional):
You could try if setting the connection never to disconnect automatically helps, you can do it in Group Policy Editor (Win + R, type GPEDIT. MSC, press Enter). Enable the three settings shown in the screenshot below setting the Active session limit to NEVER.
How do I block UDP connection? ›
- To block incoming traffic on a specific UDP port (for example 53) from everywhere, run the following command:
- # iptables -I INPUT -p udp —dport 53 -j DROP.
- To block outgoing traffic on port 500:
- # iptables -I OUTPUT -p udp —dport 500 -j DROP.
- You can make these commands more specific by using switches for:
Does RDP use TCP or UDP? Actually, Remote Desktop requires TCP port 3389 to be open. Also, opening UDP port 3389 enables acceleration since RDP 8.0 (e.g. Windows 7 with RDP 8 Update, Windows 8, or Windows 10).
How do I block UDP ports on Windows? ›
Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. Step 4:Right click on inbound rules and click on new rule. Step 6:Select port and press next Step 7:Specify the port 137 under specific local ports, select UDP and press next.
What is required for Remote Desktop Protocol? ›
RDP Requirements
- The Security Controls console must have network access to the target machine.
- The RDP port specified by Security Controls must be the same as the RDP port specified by the target machine.
- The target machine must be powered on; it cannot be in sleep or hibernation mode.
By default, VNC Viewer trys to establish a UDP connection first, which is likely to make the remote access session more responsive, before falling back to TCP if (for example) UDP is not enabled in your network environment. See also the VNC Server IpListenProtocols parameter.
Does SSH use TCP or UDP? ›
Is SSH over TCP or UDP? SSH uses TCP, not UDP (User Datagram Protocol).
Is SMB TCP or UDP? ›
SMB relies on the TCP and IP protocols for transport. This combination allows file sharing over complex, interconnected networks, including the public Internet. The SMB server component uses TCP port 445.
