How to secure remote desktop connections using TLS/SSL based authentication

Requirement

When you enable remote desktop on a Windows Server for administrative purposes, security issues may arise depending on how you have configured your server

Steps in windows server end

Prerequisites

  1. Ensure your terminal server is running Windows Server 2003 including SP1
  2. You also need a TLS/SSL based certificate that should be installed with the following specifications:
    1. The certificate should be computer based
    2. The certificate's purpose should be server authentication
    3. The certificate¡¯s private key should be available
    4. Since it is a computer based certificate, it should be stored in the computer account certificate store on the terminal server

1-Request a certificate

We will Request a certificate in Internet Explore, About how to Request a certificate, Please access
How To Request a certificate from Certificate Authority server in Internet Explore?

2-Issue the certificate

After you requested certificate, You can login Certificate Authority server to issue the certificate. Please access
How to Issue A certificate in Certificate Authority server?

3-Install certificate in Certificate Authority server

After you issued the certificate, You can install the certificate in Certificate Authority server. Please access
How to Install A certificate in Certificate Authority server?

4-Export certificate in Certificate Authority server

After you installed certificate in step3, You will can get the
certificate information in Internet Options tool. You can export it from
here, Please access
How to Export A certificate in Certificate Authority server?

5-Export root certificate in Certificate Authority server

MS SQL Server and all clients have to import Root Certificate, You can
export root certificate in Certificate Authority server
How to Export root certificate in Certificate Authority server?

6-Import certificate and Trusted Root Certification Authority in server

About how to import certificate, Please access
How To Import Personal Certificate With MMC?

7-Configure the Terminal Services

About how to Configure the Terminal Services, Please access
How To Configure the Terminal Services?

Steps in client computer end

Prerequisites

  1. The client computer must be running Microsoft Windows 2000, Windows XP, Windows Server 2003 or Windows Vista
  2. For Windows 2000, XP and Windows Server 2003, the remote desktop client version 5.2 or newer should be used.
  3. Only authorized clients should be able to trust the root
    Certification Authority (CA) that has issued the computer based
    certificate residing on the terminal server. This will ensure that a
    TLS/SSL connection can be established from a trusted client.

1- Install Trusted Root Certification Authority

Note: You should install Trusted Root Certification Authority in your client computer.
About how to import Trusted Root Certification Authority, Please access
How To Install Trusted Root Certification Authority With MMC?

Connect to remote using TLS/SSL based authentication

Start the Remote Desktop client

start the Remote Desktop client and select the Security tab which is
a new tab that is included with the updated remote desktop client

You can now connect and logon to the terminal server

How to secure remote desktop connections using TLS/SSL的更多相关文章

  1. Connect to a Windows PC from Ubuntu via Remote Desktop Connection

    http://www.7tutorials.com/connecting-windows-remote-desktop-ubuntu A useful feature of Windows is be ...

  2. 使用ubuntu远程连接windows, Connect to a Windows PC from Ubuntu via Remote Desktop Connection

    from: https://www.digitalcitizen.life/connecting-windows-remote-desktop-ubuntu NOTE: This tutorial w ...

  3. Configure Security Settings for Remote Desktop(RDP) Services Connections

    catalogue . Configure Server Authentication and Encryption Levels . Configure Network Level Authenti ...

  4. remote desktop connect btw Mac, Windows, Linux(Ubuntu) Mac,Windows,Linux之间的远程桌面连接

    目录 I. 预备 II. Mac连接Windows III. Windows连接Mac IV. Windows连接Ubuntu V. Mac连接Ubuntu VI. Ubuntu连接Mac VII, ...

  5. Running a Remote Desktop on a Windows Azure Linux VM (远程桌面到Windows Azure Linux )-摘自网络(试了,没成功 - -!)

                              A complete click-by-click, step-by-step video of this article is available ...

  6. 开启Remote Desktop的PowerShell

    1) Enable Remote Desktop set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Ser ...

  7. Microsoft Remote Desktop 通过 .rdp 文件登录

    最近在淘宝上买了「市场洞察」子账号,说是子账号,其实是需要登录到他们的 Windows 服务器上才能用的.并且子账号也是 5-6 个人共用的,且不说远程服务器很老又有延迟,经常是我想添加一个监控店铺或 ...

  8. Remote Desktop Connection Manager

    通过Remote Desktop Connection Manager(RDCMan),当前最新版本是 v2.7. 通过这款软件,我们便可以轻松的管理和访问数个RDP.左边的列表中我们可以创建总的分区 ...

  9. Windows组件:打开MSDTC,恢复Windows TaskBar,查看windows日志,打开Remote Desktop,打开Services,资源监控

    一,Win10 打开 MSDTC 1,Win+R 打开运行窗口,输入 dcomcnfg,打开组件服务窗口 2,在组件服务 catalog下找到 Distributed Transaction Coor ...

随机推荐

  1. tar工具(打包,压缩)

    tar工具(打包,压缩)========================= tar打包工具 -c:表示建立一个tar包或者压缩文件包-x:表示解包或者解压缩-v:表示可视化-f: 后面跟文件名(即-f ...

  2. aop设计原理

    本文摘自 博文--<Spring设计思想>AOP设计基本原理 0.前言 Spring 提供了AOP(Aspect Oriented Programming) 的支持, 那么,什么是AOP呢 ...

  3. HTML常用标签用法及实例

    HTML常用标签用法及实例1.<!--1.注释-->2.<!--2.DOCTPYE 声明文档类型-->3.<!--3.a--> <a href="h ...

  4. http虚拟主机的简单配置训练

    http的虚拟主机 对于某些web访问站点而言,每天的访问量很少,因此真正的放一台服务器去进行web站点是很 浪费资源的,因此我们选择了虚拟主机 web处理模块的分类(MPM) 1.perfork 一 ...

  5. Dialog BLE 学习之 修改分散加载文件 (2)

    最近搞Dialog的BLE SDK,发现空间不够了,询问原厂,得知可以通过调整分散加载文件而增加空间,一方面是有42KB+8KB的硬件基础,另一方面是原有的程序限制为38KB+8KB.故顺便学习了下把 ...

  6. Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support (LEMP) On Ubuntu 12.04 LTS [repost]

    from : http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-ub ...

  7. 使用selenium监听每一步操作

    1.创建类LogEventListener.java, 如下: package com.demo; import org.openqa.selenium.By; import org.openqa.s ...

  8. SQL 与关系代数

    Table of Contents 前言 关系与表 关系代数的基本运算 投影 选择 并运算 集合差运算 笛卡尔积 更名运算 关系代数的附加运算 集合交运算 连接运算 自然连接 内连接 外连接 结语 前 ...

  9. python 学习分享-进程

    python中的多线程其实并不是真正的多线程,如果想要充分地使用多核CPU的资源,在python中大部分情况需要使用多进程.Python提供了非常好用的多进程包multiprocessing,只需要定 ...

  10. ASP NET Core 部署 IIS 和发布

    1. 微软官网原文链接: https://docs.microsoft.com/zh-cn/aspnet/core/host-and-deploy/iis/index?view=aspnetcore- ...