Tag Archives: Win7-EC-Desktop

RDP stops working for XP clients trying to remote to Windows 7 clients after applying Win7-EC-Desktop baseline policy

Sorry, not the catchiest of titles but it does what it says on the tin (unfortunately).

Essentially, following the application of the Microsoft-recommended Win7-EC-Desktop baseline hardening policy (this baseline and others can be found when you install Microsoft Security Compliance Manager solution accellerator) users on XP desktops are no longer able to reach those Windows 7 machines that are subject to this policy. Two weeks on the phone to Microsoft resulted only in various network monitor captures, procmon captures and general frustration. In the end it was simple. Instead of concentrating on the specific RDP changes made in the policy, it was to do with the new firewall settings.

Just change Allow the connection if it’s secure to Allow the connection:


An fix has been created by Microsoft which both myself and the original customer who raised the bug have recently beta tested and approved. A full KB article and the final approved release version will be made available from the Microsoft site around about the 13th November 2012.