How To Secure Windows Remote Desktop In September 2018 the FBI issued a public service announcement regarding risks and hacking attempts again the RDP protocol. See the announcement here which includes some suggestions (with additional considerations below) https://www.ic3.gov/media/2018/180927.aspx Considerations For Securing your Windows Server / RDP Terminal Server Here is a list of various actions to […]
Category: Remote Desktop Hosting
RD Session Host Security settings in Windows Server 2016 (SSL, High encryption, etc.) Gpedit.msc, computer configuration, administrative templates, windows components, remote desktop services, remote desktop session host, security, see various options. “Require use of specific security layer for remote (RDP) connections” – Changing Security Layer to SSL is the recommendation listed in Windows 2016, “Client […]
Update: see more detailed post on how to install the RD Gateway Role on Windows Server 2019/2016 here: http://www.riptidehosting.com/blog/installing-the-remote-desktop-gateway-role-rdgw-on-windows-server-2019/ RD Gateway Role in RDS Using the Remote Desktop Gateway Role (RDGW) provides additional security by forcing RDP traffic over https/port 443 (requires SSL certificate) instead of port 3389. General steps to install the RDGW role on […]
Lockout Policies (based on username attempts, not IP addresses): To lock out an account for a period of time after a number of incorrect login attempts (to create delay with recurring failed logins), you can set up Account Lockout Policies in Windows. It does NOT apply to the Administrator account (so you may want to […]
Limit users who can login via RDP By default, all users in the “Administrators group” have RDP access rights. And, of course, all users in the “Remote Desktop Users group” have RDP access rights too. If you only want some members of the Administrators group to have RDP access, you can adjust this in Local […]
RDP Intrusion Prevention Software (Host based Intrusion Detection/Prevention) – RDP IP blockers (software for brute force protection against Windows RDP based on failed attempts from various IP addresses; some products also have geolocation blocking to block IPs assigned to certain countries.) There are several third-party software products available that will lock out IP addresses after […]
Update: See link here for Setting up the VPN Role on Server 2019- http://www.riptidehosting.com/blog/how-to-install-vpn-server-on-windows-server-2019/ Windows Server 2016 VPN Using a VPN with RDP is more secure because it provides two steps to access your network. You could require clients to connect with a VPN first before being able to RDP to the server. Unless you […]
Advantages to using Riptide Hosting SPLA Microsoft Licenses Most customers use our Microsoft licensing (Windows Server, Office, SQL Server, Remote Desktop Services – RDS) provided under the SPLA program (Service Provider Licensing Agreement) on a monthly basis rather than purchasing their own MS Volume Licenses. (Windows Server CAL licenses are not required with our SPLA […]
You may want to see which users are logged on to your Windows 2016 Server at any given time and may want to logoff a user. Users can be “active” on a server or in a “disconnected” session status which means they disconnected from the server but didn’t log off. Since disconnected sessions continue to […]
This post is about how to shadow a user session if the Windows Remote Desktop Server is not connected to a domain. If the server is connected to a domain, you can go to server manager, RDS Manager, and right click on current sessions to shadow and connect. When the server is in Workgroup mode […]