I use Chrome Remote Desktop (CRD) to manage a Windows machine that I own. My main machine is a Macbook Air so accessing my Windows box without having to hook up a monitor or keyboard is key – and Chrome Remote Desktop is great for this use case.
While convenience is great, I worry about exposing a machine to the public internet.
Ideally, I’d only access CRD on my local network, from machines I trust. If you’d prefer to limit access to just your local network (LAN), here’s a step-by-step guide to make it happen—complete with a little registry magic.
Why Limit Chrome Remote Desktop to LAN?
Running Chrome Remote Desktop on an open internet connection can expose your system to unauthorized access, even with Google’s security measures. Restricting it to your LAN reduces the attack surface by ensuring only devices on your local network can connect.
Step 1: Prepare Your System
Before diving into the registry, let’s get the basics set up.
- Install Chrome Remote Desktop: If you haven’t already, download and set up CRD on your Windows machine by visiting remotedesktop.google.com.
- Check Network Configuration: Ensure all devices that need access are connected to the same local network.
Step 2: Update the Registry for LAN-Only Access
This is where the magic happens. Modifying the Windows Registry will allow you to enforce LAN-only rules for CRD.
Warning: Backup First!
Tweaking your registry can be risky. Always create a backup before making changes. To back up your registry:
- Press
Win + R
, typeregedit
, and hit Enter. - In the Registry Editor, go to File > Export and save a backup.
Adding the Necessary Registry Entries
- Press
Win + R
, typeregedit
, and hit Enter to open the Registry Editor. - Navigate to the following path:Copy code
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
If theChrome
key doesn’t exist, you’ll need to create it:- Right-click on
Google
, select New > Key, and name itChrome
.
- Right-click on
- Inside the
Chrome
key:- Right-click and select New > DWORD (32-bit) Value.
- Name this value
RemoteAccessHostFirewallTraversal
. - Double-click it and set the value to
0
. This disables firewall traversal, effectively blocking remote connections over the internet.
Step 3: Verify Changes
- Restart your computer to ensure the changes take effect.
- Test your Chrome Remote Desktop setup:
- Try connecting from a device on the same network. It should work as usual.
- Attempt a connection from an external network (e.g., using a mobile hotspot). The connection should fail.
Bonus Tips for Extra Security
- Use a Strong PIN: Even within your LAN, ensure your CRD access PIN is strong and unique.
- Restrict Access to Specific Devices: Use your router settings to create MAC address filtering or assign static IPs to trusted devices.
- Monitor Connections: Regularly review the
chrome://remotedesktop
settings to remove devices or accounts you no longer use.
Conclusion
Now, with a simple and quick registry tweak, and now Chrome Remote Desktop is locked down to your LAN. No unnecessary exposure, just local access, nice and simple. If you’ve got any other ways to keep CRD or other tools secure, leave a comment as I’m always looking for smarter ways to do things.