|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Photos: Connect securely to Vista's Remote Desktop By George Ou, TechRepublic March 14, 2007 URL: http://www.zdnet.com.au/insight/software/soa/Photos-Connect-securely-to-Vista-s-Remote-Desktop/0,139023769,339274237,00.htm
Windows Remote Desktop Protocol (RDP) hasn't always had the best reputation for security. But since FIPS (Federal Information Processing Standard) grade security was added to Windows Server 2003 SP1 (Service Pack 1), Windows Remote Desktop security has improved immensely. Credit: TechRepublic 
The first thing you need to do is edit the Group Policy Object by running gpedit.msc. Credit: TechRepublic 
Once inside the Group Policy Editor, navigate to Computer Configuration, Administrative Templates, Windows Components, Terminal Services, and then Security. Credit: TechRepublic 
Set the Encryption Level to High Level. Credit: TechRepublic 
Set Require Secure RPC Communication to Enabled. Credit: TechRepublic 
Set Require Use Of Specific Security Layer For Remote (RDP) Connections to SSL (TLS 1.0) Credit: TechRepublic 
Move to a different GPO section, at Computer Configuration, Windows Settings, Security Settings, Local Policies, and then Security Options. Credit: TechRepublic 
Select Enabled on the Local Security Setting tab. Credit: TechRepublic 
Enable Remote Desktop from the System Properties Window. Note that you're setting it to allow any RDP 6.0 client rather than locking it down to permit only Vista clients. Credit: TechRepublic 
When you've finished the configuration, refresh the Group Policy to implement the new settings without a reboot using a forced GPUpdate. Credit: TechRepublic 
The update was successful. Credit: TechRepublic 
Launch the RDP client using the MSTSC command. Windows 2003 and XP users must download and install RDP 6.0 clients, whereas Vista comes with the correct client. On XP, you also need to launch the Run command before you can issue the MSTSC command. Credit: TechRepublic 
Enter the name of the server, noting that this initial process should happen on the LAN first. For this example, we're going to an RDP host machine called "msi-p965." This is not a fully qualified name, so it will work only on the same subnet LAN for now. Credit: TechRepublic 
Now it's time to set the Remote Desktop Connections options. Credit: TechRepublic 
Set the display to your liking. Credit: TechRepublic 
Specify whether you want sound, printers, or the Clipboard to work. Credit: TechRepublic 
Specify any programs you want to launch upon connection. Credit: TechRepublic 
Specify how you want the remote desktop to look using the settings shown here. The more features you add, the more bandwidth it takes. Credit: TechRepublic 
Set the RDP client to warn you if the RDP server fails to prove its authenticity. You don't want to accidentally hand over your user credentials to a hacker who might be intercepting your connection. Credit: TechRepublic 
Click Settings and configure the options as shown here. In this example, we're telling it not to use a TS Gateway server. Credit: TechRepublic 
After you click OK, be sure you go back to the General tab and click Save As to save your entire profile. Otherwise, you'll have to do this whole procedure again next time. You can save it to the desktop for easy access. Click Connect and you'll be prompted for your username and password. Credit: TechRepublic 
The first time you connect, you'll see this authentication warning telling you that the server's certificate is not trusted (yet). To rectify this situation and force it to be trusted in the future, click the View Certificate button. Credit: TechRepublic 
This self-signed cert generated by the Vista RDP host machine is valid for the next six months. Click on the Install Certificate button to add it to the CTL (Certificate Trust List). Credit: TechRepublic 
When the Certificate Import Wizard launches, click Next. Credit: TechRepublic 
Choose Place All Certificates In The Following Store and click the Browse button. Credit: TechRepublic 
Select Show Physical Stores and highlight Local Computer. Credit: TechRepublic 
Back in the Certificate Store screen, click Next. Credit: TechRepublic 
To complete the import, just click the Finish button. Credit: TechRepublic 
When you see the success message, click OK. At this point, you'll be securely connected to the Vista RDP host, but more important, future connections to msi-p965 won't result in any warning signs or even password prompts. It will simply connect in a secure manner, and any warning signs must be viewed with a critical eye. Credit: TechRepublic 
If you try to connect by any name other than the one you used to generate the certificate (in this example, it's "msi-p965"), you will see a warning. You can tell it to connect anyway and choose Don't Prompt Me Again For Connections To This Computer. Credit: TechRepublic 
If you connect anyway, you'll see a warning like this one, but it's not a bad thing. You can view the certificate and it will say it's for "msi-p965" and that it's trusted. Credit: TechRepublic
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
