Windows remote desktop

From Wiki
Jump to navigation Jump to search

Server Setup

http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx

  • System Properties -> Remote Tab
    • Allow users to connect remotely to this computer


Securing Remote Desktop for Windows XP

http://www.mobydisk.com/techres/securing_remote_desktop.html

Local Security Policy

run secpol.msc

  • Local Policies -> User Rights Assignment
    • Allow logon through Terminal Services - specify the correct user
  • Account Policies -> Account Lockout Policy
    • Account lockout threshold - 3 invalid logon attempts
    • Account lockout duration - 3 minutes
    • Reset account lockout after - 3 minutes

Global Security Policy

run gpedit.msc

  • Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Encryption and Security
    • Set client connection encryption level - Enabled, High level
    • Always prompt client for password upon connection - Enabled

Registry

run regedit

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    • change PortNumber to something like 12345

Firewall

Add this port to the firewall exception list. Click the "Change Scope" button to restrict access to the subnet. To permit VPN access, set the network mask to 255.255.0.0 (so any 123.45 address can connect to Remote Desktop).

Client

Start -> All Programs -> Accessories -> Communications -> Remote Desktop Connection

Be sure to check through the Options

Notes

USB License Dongles

Remote Desktop doesn't seem to work with USB license dongles. We were able to start a program from the console, but got errors when trying to use it remotely.

Locked account

To manually unlock an account you must log on as another administrator user (preferably one without remote desktop access). Then go to Start - Programs - Administrative Tools - Computer Management - Local Users and Groups. Click on the individual user and uncheck the "account is disabled" check box. You may then log on as that user.

Security Limitations

Remote desktop is encrypted, which makes it more secure than many simplistic VNC implementations. However, Remote Desktop is vulnerable to a man-in-the-middle attack because it does not use a certificate to authenticate the server like SSL/SSH does. That means that if you connect to a your system via remote desktop, there is no guarantee that the conversation is not recorded and your passwords are not guaranteed to be safe, even though the session is encrypted.

Retrieved from "https://wiki.scott5.org/index.php?title=Windows_remote_desktop&oldid=514"