opened image

    To provide additional security for Windows Server, it is recommended to restrict access to the server. This can be done in several ways, the easiest and fastest is to allow access to the server only from a specific IP or range of IP addresses. We implement this using the built-in server protection system - firewall (or firewall).

    Before configuring access via IP, please note that changing your external IP from which access will be allowed will block access to the server via RDP. In this case, you need to know how to connect to the server directly via VNS (how to connect to the server via VNC) and fix the situation.

    Let's get started:

    1. Connect to the server via RDP

    2. Open the Server Control Panel



    3. Go to the section System and security.


    4. Next - "Windows Firewall"


    5. On the right, in the menu list, select "Advanced settings"



    6. In the window that opens, select from the menu on the right "Inbound Rules"



    7. In the list of rules, you need to find the rule called "Remote Desktop - User Mode (TCP-In)" and select its Properties



    8. In the properties window of this rule that opens, in the "Scope" tab, you can specify a specific IP or IP range from which connection to the server via RDP is allowed. To do this, in the section "Remote IP address" select "These IP addresses and click "Add" 



    9. To specify a specific IP (or subnet), select "This IP address or subnet"



    To specify an IP range, select "This IP adddress range"



    10. Press the OK button to apply the settings.


    Please note: by default, when connecting to the server via RDP, TCP and UDP protocols are used. But there may be a situation that one of the protocols (usually unstable UDP) is disabled. In this case, you need to change the properties of the rule whose protocol is used to connect. For example, by default, these are two rules: "Remote Desktop - User Mode (inbound TCP traffic)" and "Remote Desktop - User Mode (inbound UDP traffic)"


    Thus, we have learned to restrict access to a server running the Windows Server operating system by IP address or range of IP addresses.