+ Post New Thread
Results 1 to 4 of 4
Windows Server 2008 R2 Thread, Locking down remote desktop services in Technical; This is my first RDS set up and have got the basics installed and tested - thanks to these forums. ...
  1. #1

    Join Date
    Apr 2010
    Posts
    2,038
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83

    Locking down remote desktop services

    This is my first RDS set up and have got the basics installed and tested - thanks to these forums.

    My setup = 2008r2 server running remote desktop services role with Gateway and session host set up to allow users to connect to the local server. (not full VDI)

    I have TS CAP set up so that a user needs to a member of a security group and the client machine also needs to be a member of a security group.

    I also have the certificates installed on the client computer.

    I was wondering if it is possible to also make sure any computers are domain computers. I have Googled but not found anything.

    Any advice about security and how to further lock things down would be handy.

    Should I be looking at Network Policy and access services to further lock things down?

    Should I be looking at session host / properties / security layer which has 3 settings, RDP security Layer / Negotiate / SSL(TSL1). Currently set to Negotiate

    Should I be looking at session host / properties / encryption layer which has Low / Client compatible / High / FIPS compatible. Currently set at Client compatible.

    Sorry for all the questions but even if you can help me with a few settings I would be very grateful.

  2. #2
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,288
    Thank Post
    605
    Thanked 160 Times in 145 Posts
    Blog Entries
    78
    Rep Power
    83
    Here is a great resource on getting a Remote Desktop system up and running...

    Configuring Windows 2008 R2 Remote Desktop Farm with Connection Broker « Aaron Walrath – Another IT Guy's Meanderings

    Ive also blogged about this a bit myself, EduGeek.net - TheScarfedOne - Blogs

  3. #3

    Join Date
    Apr 2010
    Posts
    2,038
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    Is it possible to require a user has something else locally on the machine like a certificate. When setting RDS / gateway up I thought the user would have to have a certificate installed by a network admin on to the local computer but having played around it seems anyone can simply click install certificate at the certificate warning screen. Or have I not set thing up correctly?

  4. #4

    Join Date
    Apr 2010
    Posts
    2,038
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    Think I have just worked out a way of doing what I asked in my post above. If I create a self signed cert and apply this to the default website in IIS, when connecting to the rds gateway using remote desktop connection I get an error that the gateway cert cannot be verified and I have no way to continue as I have no option to install the cert. The only way is to copy the proper gateway cert which is not self signed but a purchased cert and install it manually on the client.

    Does this sound ok or have I opened up some other back door in to the system?

SHARE:
+ Post New Thread

Similar Threads

  1. Now BECTA has gone, do we NEED to have a VLE? Remote Desktop Services instead?
    By Ben_Stanton in forum Virtual Learning Platforms
    Replies: 11
    Last Post: 11th June 2010, 01:35 PM
  2. Remote Desktop Services - SSO Problems
    By ginge in forum Thin Client and Virtual Machines
    Replies: 0
    Last Post: 27th May 2010, 09:44 AM
  3. Remote Desktop Services - Mandatory Profiles
    By mmoseley in forum Windows Server 2008 R2
    Replies: 4
    Last Post: 15th March 2010, 08:31 AM
  4. LOcking down the desktop
    By Brono in forum Windows Server 2000/2003
    Replies: 5
    Last Post: 28th January 2010, 11:59 AM
  5. [Windows Software] Server 2008 R2 Remote Desktop Services
    By HMCTech in forum Licensing Questions
    Replies: 1
    Last Post: 4th November 2009, 10:49 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •