How to grant access to Windows Server by IP or IP range

Granting access to a Windows Server based on IP or IP range is essential for security and control. By limiting access to specific addresses, you can prevent unauthorized users from connecting while ensuring that only trusted devices can interact with the server.
This method is commonly used in remote desktop access, web servers, and database connections.

An IP (Internet Protocol) address is a unique identifier assigned to each device on a network. It can be either:

An IP range refers to a set of IP addresses within a specific range, allowing multiple addresses to be included in one rule, such as 192.168.1.1 - 192.168.1.255.

Public IP: Visit a website like https://whatismyipaddress.com/.

Local IP (Windows):
Open Command Prompt and run: ipconfig
Look for "IPv4 Address" under your active network adapter.

(Linux/MacOS)
Open Terminal and run:

It will provide you your Public Ipv4 address

1. Connect to your Windows server via RDP

2. Open Windows Defender Firewall with Advanced Security (wf.msc in Run dialog Win + R).

3. Click Inbound Rules.

4. Find Rule named "Remote Desktop - User Mode (TCP-In)" (Press "R" key on keyboard to navigate faster).

5. Double click on the Rule to open it's properties.

6. Select tab named "Scope".

7. In section "Remote IP address" choose "These IP addresses" and click "Add":

8. In new opened window you can choose to either allow:

9. Press OK to apply changes.

The simplest way to check if the rules are working is to connect from a different IP address that you have applied in the rules. If the device cannot connect to the server, it means the rules are blocking it.

By implementing IP-based access control, we have enhanced the security of the Windows Server by allowing only trusted IPs or ranges to connect. This ensures that unauthorized users are blocked while legitimate access remains uninterrupted.