Q: How do I disable remote desktop in Windows?
Microsoft created the ability to remotely connect to Windows-based computers so authorized users could connect to their computers via the internet from other computers, smartphones and tablets.
While this option can be very useful, if you don’t have a need for it, it’s best to disable it. Doing so will help to protect your computer from a variety of threats, including unscrupulous tech support scammers.
It’s become a known target technology for hackers, so much so that the FBI sent out an alert last September warning of the increased activity.
‘BlueKeep flaw’
A truly dangerous flaw was discovered recently in Microsoft’s Remote Desktop Protocol (RDP) that exposes older versions of Windows, including Windows 7, and many versions of Windows Server 2008.
Coined the “BlueKeep flaw,” this security hole will actually allow remote hackers to take over computers without having to trick the user into clicking on or downloading anything.
This security flaw is considered one of the most dangerous because it’s “wormable,” which means it can spread automatically without any user interaction.
The good news is that there are no known exploits in circulation at the moment, but the security community expects one to be hitting the internet shortly.
For the bad guys, finding victims isn’t hard: Easy-to-use tools such as Shodan can scan the internet for computers using any form of RDP, and whether they’ve been patched or not.
If you’re still running Windows 7 or Windows Server 2008 — even if you don’t use RDP — it’s imperative that you patch this hole immediately, which can be done through this Microsoft security bulletin.
Disabling remote access
Turning off the services will help protect your computers from any current or future attempts to exploit this method of access.
Windows 10 users can do so by typing “remote settings” in the search box (Cortana) and opening Control Panel by clicking on “Allow remote access to your computer.”
When the System Properties box pops up, make sure there is no check mark in the “Allow Remote Assistance connections to this computer” and that the “Don’t allow remote connections to this computer” in the Remote Desktop section is selected.
Windows 8 and 7 users will need to go to the Control Panel, then to System and Security. Click on System in the panel to the right. From there, click on Remote Settings on the left to access the dialog box with the Remote tab at the top.
Click on the “Don’t allow connections to this computer” checkbox, then on the OK button to save this setting.
Those businesses that are still running Windows 8 Server should make sure that their system administrator has addressed this issue, as there are lots of variables that will determine the best way to protect against these types of exploits.
Safer remote alternative
Those that do want the ability to remotely connect using tools that aren’t as easily exploited can use tools such as TeamViewer or the free Chrome Remote Desktop option, which both use session PINs to further secure the connection.
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.