Securing Remote Desktop (RDP) For System Administrators

If you have a campus-managed computer:

• Contact IT Client Services or your departmental IT support for assistance.

If you have a personally-managed computer and Administrator access:

• Follow the instructions in this article to update your Windows Firewall so that only authorized hosts and networks can access your system via Remote Desktop (RDP). 

Settings > Update and Security > Windows Security > Firewall and Network Protection > Advanced Settings > Inbound Rules > Remote Desktop - User Mode (TCP-In) > Properties > Scope > Remote IP address > Add > This IP address or subnet

1. Settings > Update and Security

2. Windows Security > Firewall and Network Protection

3. Advanced Settings

4. Inbound Rules > Remote Desktop - User Mode (TCP-In) > Properties 

5. Scope > Remote IP address > Add 

6. Under This IP address or subnet, only add IP addresses and network subnets that should be authorized to connect to your computer’s Remote Desktop (RDP) service. Some common examples of campus IP addresses and subnets are listed in the section below.

Campus IP addresses and subnets

Based on your needs, choose only authorized campus IP addresses and subnets to connect to your computer’s RDP service. Network Operations & Services maintains the source list of UC Berkeley Campus Networks, but some common examples are included below for reference.

Berkeley IT RD GatewayTo access your system via RDP directly from the Internet, utilize the Campus Remote Desktop Gateway. The RD Gateway will allow you to use your CalNet ID with Duo push notifications to connect. You can authorize the RD Gateway by adding the following subnet to your firewall rule:

• 169.229.164.0/24

Campus Remote Access VPN Networks (bSecure Remote Access Services with GlobalProtect)To access your system via RDP via the campus VPN, add one or more, as appropriate, of the following VPN networks to your firewall rule:

• Split Tunnel Client Networks
  • 10.136.128.0/18
• Full Tunnel Client Networks
  • 136.152.16.0/20
• Restricted Tunnel Networks
  • 136.152.210.0/23

Campus Networks (onsite)

To access your system via RDP while on campus, add the appropriate campus wireless or wired networks to your firewall rule. See UC Berkeley Campus Networks for the most recent information available.