Windows Server 2008 R2 Thread, Locking down remote desktop services in Technical; This is my first RDS set up and have got the basics installed and tested - thanks to these forums.
7th February 2013, 08:52 PM #1
Locking down remote desktop services
This is my first RDS set up and have got the basics installed and tested - thanks to these forums.
My setup = 2008r2 server running remote desktop services role with Gateway and session host set up to allow users to connect to the local server. (not full VDI)
I have TS CAP set up so that a user needs to a member of a security group and the client machine also needs to be a member of a security group.
I also have the certificates installed on the client computer.
I was wondering if it is possible to also make sure any computers are domain computers. I have Googled but not found anything.
Any advice about security and how to further lock things down would be handy.
Should I be looking at Network Policy and access services to further lock things down?
Should I be looking at session host / properties / security layer which has 3 settings, RDP security Layer / Negotiate / SSL(TSL1). Currently set to Negotiate
Should I be looking at session host / properties / encryption layer which has Low / Client compatible / High / FIPS compatible. Currently set at Client compatible.
Sorry for all the questions but even if you can help me with a few settings I would be very grateful.
IDG Tech News
8th February 2013, 09:30 PM #2
23rd February 2013, 09:54 PM #3
Is it possible to require a user has something else locally on the machine like a certificate. When setting RDS / gateway up I thought the user would have to have a certificate installed by a network admin on to the local computer but having played around it seems anyone can simply click install certificate at the certificate warning screen. Or have I not set thing up correctly?
23rd February 2013, 10:15 PM #4
Think I have just worked out a way of doing what I asked in my post above. If I create a self signed cert and apply this to the default website in IIS, when connecting to the rds gateway using remote desktop connection I get an error that the gateway cert cannot be verified and I have no way to continue as I have no option to install the cert. The only way is to copy the proper gateway cert which is not self signed but a purchased cert and install it manually on the client.
Does this sound ok or have I opened up some other back door in to the system?
By Ben_Stanton in forum Virtual Learning Platforms
Last Post: 11th June 2010, 02:35 PM
By ginge in forum Thin Client and Virtual Machines
Last Post: 27th May 2010, 10:44 AM
By mmoseley in forum Windows Server 2008 R2
Last Post: 15th March 2010, 09:31 AM
By Brono in forum Windows Server 2000/2003
Last Post: 28th January 2010, 12:59 PM
By HMCTech in forum Licensing Questions
Last Post: 4th November 2009, 11:49 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)