How to secure remote desktop connections using TLS/SSL based authentication

Requirement

When you enable remote desktop on a Windows Server for administrative purposes, security issues may arise depending on how you have configured your server

Steps in windows server end

Prerequisites

  1. Ensure your terminal server is running Windows Server 2003 including SP1
  2. You also need a TLS/SSL based certificate that should be installed with the following specifications:
    1. The certificate should be computer based
    2. The certificate's purpose should be server authentication
    3. The certificate¡¯s private key should be available
    4. Since it is a computer based certificate, it should be stored in the computer account certificate store on the terminal server

1-Request a certificate

We will Request a certificate in Internet Explore, About how to Request a certificate, Please access
How To Request a certificate from Certificate Authority server in Internet Explore?

2-Issue the certificate

After you requested certificate, You can login Certificate Authority server to issue the certificate. Please access
How to Issue A certificate in Certificate Authority server?

3-Install certificate in Certificate Authority server

After you issued the certificate, You can install the certificate in Certificate Authority server. Please access
How to Install A certificate in Certificate Authority server?

4-Export certificate in Certificate Authority server

After you installed certificate in step3, You will can get the
certificate information in Internet Options tool. You can export it from
here, Please access
How to Export A certificate in Certificate Authority server?

5-Export root certificate in Certificate Authority server

MS SQL Server and all clients have to import Root Certificate, You can
export root certificate in Certificate Authority server
How to Export root certificate in Certificate Authority server?

6-Import certificate and Trusted Root Certification Authority in server

About how to import certificate, Please access
How To Import Personal Certificate With MMC?

7-Configure the Terminal Services

About how to Configure the Terminal Services, Please access
How To Configure the Terminal Services?

Steps in client computer end

Prerequisites

  1. The client computer must be running Microsoft Windows 2000, Windows XP, Windows Server 2003 or Windows Vista
  2. For Windows 2000, XP and Windows Server 2003, the remote desktop client version 5.2 or newer should be used.
  3. Only authorized clients should be able to trust the root
    Certification Authority (CA) that has issued the computer based
    certificate residing on the terminal server. This will ensure that a
    TLS/SSL connection can be established from a trusted client.

1- Install Trusted Root Certification Authority

Note: You should install Trusted Root Certification Authority in your client computer.
About how to import Trusted Root Certification Authority, Please access
How To Install Trusted Root Certification Authority With MMC?

Connect to remote using TLS/SSL based authentication

Start the Remote Desktop client

start the Remote Desktop client and select the Security tab which is
a new tab that is included with the updated remote desktop client

You can now connect and logon to the terminal server

How to secure remote desktop connections using TLS/SSL的更多相关文章

  1. Connect to a Windows PC from Ubuntu via Remote Desktop Connection

    http://www.7tutorials.com/connecting-windows-remote-desktop-ubuntu A useful feature of Windows is be ...

  2. 使用ubuntu远程连接windows, Connect to a Windows PC from Ubuntu via Remote Desktop Connection

    from: https://www.digitalcitizen.life/connecting-windows-remote-desktop-ubuntu NOTE: This tutorial w ...

  3. Configure Security Settings for Remote Desktop(RDP) Services Connections

    catalogue . Configure Server Authentication and Encryption Levels . Configure Network Level Authenti ...

  4. remote desktop connect btw Mac, Windows, Linux(Ubuntu) Mac,Windows,Linux之间的远程桌面连接

    目录 I. 预备 II. Mac连接Windows III. Windows连接Mac IV. Windows连接Ubuntu V. Mac连接Ubuntu VI. Ubuntu连接Mac VII, ...

  5. Running a Remote Desktop on a Windows Azure Linux VM (远程桌面到Windows Azure Linux )-摘自网络(试了,没成功 - -!)

                              A complete click-by-click, step-by-step video of this article is available ...

  6. 开启Remote Desktop的PowerShell

    1) Enable Remote Desktop set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Ser ...

  7. Microsoft Remote Desktop 通过 .rdp 文件登录

    最近在淘宝上买了「市场洞察」子账号,说是子账号,其实是需要登录到他们的 Windows 服务器上才能用的.并且子账号也是 5-6 个人共用的,且不说远程服务器很老又有延迟,经常是我想添加一个监控店铺或 ...

  8. Remote Desktop Connection Manager

    通过Remote Desktop Connection Manager(RDCMan),当前最新版本是 v2.7. 通过这款软件,我们便可以轻松的管理和访问数个RDP.左边的列表中我们可以创建总的分区 ...

  9. Windows组件:打开MSDTC,恢复Windows TaskBar,查看windows日志,打开Remote Desktop,打开Services,资源监控

    一,Win10 打开 MSDTC 1,Win+R 打开运行窗口,输入 dcomcnfg,打开组件服务窗口 2,在组件服务 catalog下找到 Distributed Transaction Coor ...

随机推荐

  1. CSS选取指定位置标签first-child、last-child、nth-child

    1.first-child 选择列表中的第一个标签. 2.last-child 选择列表中的最后一个标签 3.nth-child(n) 选择列表中的第n个标签 4.nth-child(2n) 选择列表 ...

  2. python系列4之装饰器

    目录 递归算法解析 冒泡排序解析 装饰器解析 一. 递归 1. 递归的定义 递归(Recursion),又成为递回,在数学与计算机科学中,是指在函数的定义中使用函数自身的方法.递归一词还较长用于描述以 ...

  3. 读懂CCS链接命令文件(.cmd)

    链接器的核心工作就是符号表解析和重定位,链接命令文件则使得编程者可以给链接器提供必要的指导和辅助信息.多数时候,由于集成开发环境的存在,开发者无需了解链接命令文件的编写,使用默认配置即可.但若需要对计 ...

  4. 36-应用Jwtbearer Authentication

    新建.net core webapi项目 E:\coding\netcore>dotnet new webapi --name JwtAuthSample 创建需要用到的实体对象类 namesp ...

  5. FCS校验 C语言简单实现

    static uint8 calcFCS(uint8 *pBuf, uint8 len){  uint8 rtrn = 0;  while (len--)  {    rtrn ^= *pBuf++; ...

  6. Android 布局错乱 Android花屏

    最近做项目,妈的,有个一个很难受的bug. 这个bug ,自己这里没有手机,没有办法复现,找到了手机之后.解决了. 我先给大家看下什么叫布局错乱,花屏: 来张正常的图片: 正常情况下是这样的.然后, ...

  7. web.py上传文件并解压

    有个需求是从php端上传zip文件到python端并且解压到指定目录,以下是解决方法 1.python端,使用的web.py def POST(self): post_data = web.input ...

  8. 你是怎么封装一个view的

    可以通过纯代码或者xib的方式来封装子控件 建立一个跟view相关的模型,然后将模型数据传给view,通过模型上的数据给view的子控件赋值 /** * 纯代码初始化控件时一定会走这个方法 */ - ...

  9. 剑指Offer - 九度1509 - 树中两个结点的最低公共祖先

    剑指Offer - 九度1509 - 树中两个结点的最低公共祖先2014-02-07 01:04 题目描述: 给定一棵树,同时给出树中的两个结点,求它们的最低公共祖先. 输入: 输入可能包含多个测试样 ...

  10. IIS 部署网站--浏览--“该页无法显示”

    解决办法: 打开IIS管理器--web站点(网站)--右键点击对应的站点--属性--主目录--执行权限改为(脚本和和执行文件) 点击“应用”--确定. 重启一下站点,OK.