How to secure remote desktop connections using TLS/SSL based authentication

Requirement

When you enable remote desktop on a Windows Server for administrative purposes, security issues may arise depending on how you have configured your server

Steps in windows server end

Prerequisites

  1. Ensure your terminal server is running Windows Server 2003 including SP1
  2. You also need a TLS/SSL based certificate that should be installed with the following specifications:
    1. The certificate should be computer based
    2. The certificate's purpose should be server authentication
    3. The certificate¡¯s private key should be available
    4. Since it is a computer based certificate, it should be stored in the computer account certificate store on the terminal server

1-Request a certificate

We will Request a certificate in Internet Explore, About how to Request a certificate, Please access
How To Request a certificate from Certificate Authority server in Internet Explore?

2-Issue the certificate

After you requested certificate, You can login Certificate Authority server to issue the certificate. Please access
How to Issue A certificate in Certificate Authority server?

3-Install certificate in Certificate Authority server

After you issued the certificate, You can install the certificate in Certificate Authority server. Please access
How to Install A certificate in Certificate Authority server?

4-Export certificate in Certificate Authority server

After you installed certificate in step3, You will can get the
certificate information in Internet Options tool. You can export it from
here, Please access
How to Export A certificate in Certificate Authority server?

5-Export root certificate in Certificate Authority server

MS SQL Server and all clients have to import Root Certificate, You can
export root certificate in Certificate Authority server
How to Export root certificate in Certificate Authority server?

6-Import certificate and Trusted Root Certification Authority in server

About how to import certificate, Please access
How To Import Personal Certificate With MMC?

7-Configure the Terminal Services

About how to Configure the Terminal Services, Please access
How To Configure the Terminal Services?

Steps in client computer end

Prerequisites

  1. The client computer must be running Microsoft Windows 2000, Windows XP, Windows Server 2003 or Windows Vista
  2. For Windows 2000, XP and Windows Server 2003, the remote desktop client version 5.2 or newer should be used.
  3. Only authorized clients should be able to trust the root
    Certification Authority (CA) that has issued the computer based
    certificate residing on the terminal server. This will ensure that a
    TLS/SSL connection can be established from a trusted client.

1- Install Trusted Root Certification Authority

Note: You should install Trusted Root Certification Authority in your client computer.
About how to import Trusted Root Certification Authority, Please access
How To Install Trusted Root Certification Authority With MMC?

Connect to remote using TLS/SSL based authentication

Start the Remote Desktop client

start the Remote Desktop client and select the Security tab which is
a new tab that is included with the updated remote desktop client

You can now connect and logon to the terminal server

How to secure remote desktop connections using TLS/SSL的更多相关文章

  1. Connect to a Windows PC from Ubuntu via Remote Desktop Connection

    http://www.7tutorials.com/connecting-windows-remote-desktop-ubuntu A useful feature of Windows is be ...

  2. 使用ubuntu远程连接windows, Connect to a Windows PC from Ubuntu via Remote Desktop Connection

    from: https://www.digitalcitizen.life/connecting-windows-remote-desktop-ubuntu NOTE: This tutorial w ...

  3. Configure Security Settings for Remote Desktop(RDP) Services Connections

    catalogue . Configure Server Authentication and Encryption Levels . Configure Network Level Authenti ...

  4. remote desktop connect btw Mac, Windows, Linux(Ubuntu) Mac,Windows,Linux之间的远程桌面连接

    目录 I. 预备 II. Mac连接Windows III. Windows连接Mac IV. Windows连接Ubuntu V. Mac连接Ubuntu VI. Ubuntu连接Mac VII, ...

  5. Running a Remote Desktop on a Windows Azure Linux VM (远程桌面到Windows Azure Linux )-摘自网络(试了,没成功 - -!)

                              A complete click-by-click, step-by-step video of this article is available ...

  6. 开启Remote Desktop的PowerShell

    1) Enable Remote Desktop set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Ser ...

  7. Microsoft Remote Desktop 通过 .rdp 文件登录

    最近在淘宝上买了「市场洞察」子账号,说是子账号,其实是需要登录到他们的 Windows 服务器上才能用的.并且子账号也是 5-6 个人共用的,且不说远程服务器很老又有延迟,经常是我想添加一个监控店铺或 ...

  8. Remote Desktop Connection Manager

    通过Remote Desktop Connection Manager(RDCMan),当前最新版本是 v2.7. 通过这款软件,我们便可以轻松的管理和访问数个RDP.左边的列表中我们可以创建总的分区 ...

  9. Windows组件:打开MSDTC,恢复Windows TaskBar,查看windows日志,打开Remote Desktop,打开Services,资源监控

    一,Win10 打开 MSDTC 1,Win+R 打开运行窗口,输入 dcomcnfg,打开组件服务窗口 2,在组件服务 catalog下找到 Distributed Transaction Coor ...

随机推荐

  1. linux 安装 zookeeper

    第一步 下载 zookeeper: http://archive.apache.org/dist/zookeeper/ 第二步 解压: tar -xzvf zookeeper-3.4.5.tar.gz ...

  2. 平衡二叉查找树 AVL 的实现

    不同结构的二叉查找树,查找效率有很大的不同(单支树结构的查找效率退化成了顺序查找).如何解决这个问题呢?关键在于如何最大限度的减小树的深度.正是基于这个想法,平衡二叉树出现了. 平衡二叉树的定义 (A ...

  3. B1008 数组元素循环右移问题 (20分)

    B1008 数组元素循环右移问题 (20分) 思路 1 2 3 4 5 6 5 6 1 2 3 4 6个数,循环右移2位. 也可以理解为 先翻转 6 5 4 3 2 1 然后再两部分,分别翻转 5 6 ...

  4. python向多个邮箱发邮件--注意接收是垃圾邮件

    群发邮件注意:三处标红的地方 # -*- coding: UTF-8 -*- import smtplib from email.mime.text import MIMEText from emai ...

  5. 初见spark-04(高级算子)

    今天,这个是spark的高级算子的讲解的最后一个章节,今天我们来介绍几个简单的算子, countByKey val rdd1 = sc.parallelize(List(("a", ...

  6. java实时监听日志写入kafka

    目的 实时监听某目录下的日志文件,如有新文件切换到新文件,并同步写入kafka,同时记录日志文件的行位置,以应对进程异常退出,能从上次的文件位置开始读取(考虑到效率,这里是每100条记一次,可调整) ...

  7. CFileDialog OFN_NOCHANGEDIR

    问题:CFileDialog 调用后变成了当前工作路径,变成了CFileDialog所选择的路径. 解决:在CFileDialog的dwFlags 设置标志OFN_NOCHANGEDIR就可以了,不会 ...

  8. Eclipse 修改字符集---Eclipse教程第02课

    默认情况下 Eclipse 字符集为 GBK,但现在很多项目采用的是 UTF-8,这是我们就需要设置我们的 Eclipse 开发环境字符集为 UTF-8, 设置步骤如下: 在菜单栏选择 Window ...

  9. CocosCreator设置模拟器默认横竖屏以及机型

    之前好好的横屏,今天不知道为毛突然变成竖屏了,虽然可以在点击模拟器左上角进行设置,   但是 每次启动模拟器又变成竖屏了,折腾了很久,终于找到了设置的地方,记录下:        

  10. android studio 配置网络代理

    1.首先在vultr网站购买服务器. 然后使用shadowsocksR给服务器配置FQ,再在本地机器配置好shadowsocksR. 参考网址:https://github.com/getlanter ...