Use this level when the clients that access the Terminal Server also support 128-bit encryption.
Security Layer 3 – With a high security level, communications between server and client are encrypted using 128-bit encryption. Use this level when the Terminal Server is running in an environment containing mixed or legacy clients as this is the default setting on your OS. 
Security Layer 2 – Having a client compatible security level, communications between the server and the client are encrypted at the maximum key strength supported by the client. This setting is not recommended as you can be exposed to various attacks. Data sent from the server to the client is not encrypted. Security Layer 1 – With a low security level, communications sent from the client to the server are encrypted using 56-bit encryption. \HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MinEncryptionLevel To change the encryption level, navigate to the following registry key: We recommend using this setting for maximum security. Security Layer 2- With a high security level, Transport Layer Security, better knows as TLS is used by the server and client for authentication prior to a remote desktop connection being established. As this is the default value, use this setting only if all your machines are running Windows. Security Layer 1 – With a medium security level, the server and client negotiate the method for authentication prior to a Remote Desktop connection being established. Use this setting if you are working in an isolated environment. Security Layer 0 – With a low security level, the remote desktop protocol is used by the client for authentication prior to a remote desktop connection being established. \HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer Navigate to the following registry keys to modify the Remote Desktop security settings:. Write “regedit” in a command line shell to open the Registry Editor. Set TLS and encryption level using registry #SET UP SERVER 2012 R2 REMOTE DESKTOP SERVICES WINDOWS#
! Now every time you will connect to your Windows Server using RDP, all data sent will be encrypted, every session will use SSL to connect and user authentication will be needed for every remote connection. “Require user authentication for remote connections by using Network Level Authentication”: set to “Enabled”.“Require use of specific security layer for remote (RDP) connections”: Set to “SSL (TLS 1.0)”.“Set client connection encryption level”: set to “High Level”.Modify the following settings accordingly : In a command line window run “gpedit” to open the “Local Group Policy Editor”.Ĭomputer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security.Enhance security for remote sessionsīy default, Windows Server 2012 does not log the IP addresses of clients that are using the remote desktop protocol, making every intrusion attempt, be it failed or successful, untraceable.īy forcing Windows to log every login attempt, you can have a better understanding of the security situation you are in, if you are the victim of a brute force attack or if your server has already been breached.
But using these 2 simple steps, you can increase the security every time you connect to your server using the Remote Desktop Protocol. Using Windows Server 2012 for personal projects or for business usage, security should be a top priority when setting up your server’s operating system.
0 kommentar(er)
