Securing Remote Administration
Securing Remote Administration
Remote administration of Windows servers requires careful firewall configuration to prevent unauthorized access while enabling legitimate management tasks. Windows offers multiple remote management protocols, each requiring specific firewall considerations.
Configure RDP access with restrictions:
# Remove default RDP rule
Remove-NetFirewallRule -DisplayName "Remote Desktop*"
# Create restricted RDP rule
New-NetFirewallRule -DisplayName "RDP from Admin Network" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 3389 `
-RemoteAddress 10.10.10.0/24 `
-Action Allow `
-Authentication Required `
-Encryption Required
# Alternative port for RDP (security through obscurity)
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name PortNumber -Value 13389
New-NetFirewallRule -DisplayName "RDP Custom Port" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 13389 `
-RemoteAddress 10.10.10.0/24 `
-Action Allow
Enable Windows Remote Management (WinRM):
# Configure WinRM
winrm quickconfig -quiet
# Create firewall rule for WinRM
New-NetFirewallRule -DisplayName "WinRM HTTPS" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 5986 `
-RemoteAddress 10.10.10.0/24 `
-Action Allow `
-Authentication Required
# PowerShell Remoting
Enable-PSRemoting -Force
New-NetFirewallRule -DisplayName "PowerShell Remoting" `
-Direction Inbound `
-Protocol TCP `
-LocalPort 5985,5986 `
-RemoteAddress 10.10.10.0/24 `
-Action Allow