Enable Remote Desktop in Windows firewall without ticking Public

Question

I've just bought a home server with Windows Server 2012 R2 on it. When I first got it the following rules were set up in firewall inbound rules:

• Remote Desktop - User Mode TCP in (Domain, Private) - Ticked.
• Remote Desktop - User Mode TCP in (Public) - Not ticked.

So I could not remote to my home server from home PC (both connected to router).

I ticked "public" and was able to connect OK.

So, my PC is in the default WORKGROUP and my server is in the default WORKGROUP. (i.e. computer, properties, system). Is there anything else I need to do so that I can remote to server without ticking Public? Something in Network/sharing centre, etc.? Is there a risk with ticking "Public"?

Answer 1

In Windows firewall, Public and Domain/Private refer to the two network profiles your computer can be in. A network profile describes what kind of network you're connected to. You can only be connected to one type of profile at a time.

Generally the Domain/Private profile is used when connected to a network you control and/or trust other devices on. The Public profile is for networks you don't trust, such as public WiFi hotpots. For this reason fewer services are enabled by default in the Windows firewall for the Public profile.

You can change the network profile by going to Network Connections in Control Panel.

Is there anything else I need to do so that I can remote to server without ticking Public?

You can put the computer in to the Domain/Private profile. Make sure the corresponding firewall rule is enabled.

Is there a risk with ticking "Public"?

Not if you trust the other devices on the network. However, if you do move the computer from network to network and anticipate connecting to untrusted networks, you should not enable services like Remote Desktop for the Public profile.