Locking down remote desktop services
This is my first RDS set up and have got the basics installed and tested - thanks to these forums.
My setup = 2008r2 server running remote desktop services role with Gateway and session host set up to allow users to connect to the local server. (not full VDI)
I have TS CAP set up so that a user needs to a member of a security group and the client machine also needs to be a member of a security group.
I also have the certificates installed on the client computer.
I was wondering if it is possible to also make sure any computers are domain computers. I have Googled but not found anything.
Any advice about security and how to further lock things down would be handy.
Should I be looking at Network Policy and access services to further lock things down?
Should I be looking at session host / properties / security layer which has 3 settings, RDP security Layer / Negotiate / SSL(TSL1). Currently set to Negotiate
Should I be looking at session host / properties / encryption layer which has Low / Client compatible / High / FIPS compatible. Currently set at Client compatible.
Sorry for all the questions but even if you can help me with a few settings I would be very grateful.