https://wiki.scott5.org/index.php?action=history&feed=atom&title=Windows_remote_desktopWindows remote desktop - Revision history2026-04-13T00:32:38ZRevision history for this page on the wikiMediaWiki 1.43.1https://wiki.scott5.org/index.php?title=Windows_remote_desktop&diff=514&oldid=prevScott: Created page with '==Server Setup== http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx *System Properties -> Remote Tab ** Allow users to connect remotely to this comput…'2011-02-04T22:49:08Z<p>Created page with '==Server Setup== http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx *System Properties -> Remote Tab ** Allow users to connect remotely to this comput…'</p>
<p><b>New page</b></p><div>==Server Setup==<br />
http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx<br />
<br />
*System Properties -> Remote Tab<br />
** Allow users to connect remotely to this computer<br />
<br />
<br />
== Securing Remote Desktop for Windows XP ==<br />
http://www.mobydisk.com/techres/securing_remote_desktop.html<br />
<br />
===Local Security Policy===<br />
run <code>secpol.msc</code><br />
* Local Policies -> User Rights Assignment<br />
** Allow logon through Terminal Services - specify the correct user<br />
* Account Policies -> Account Lockout Policy<br />
** Account lockout threshold - 3 invalid logon attempts<br />
** Account lockout duration - 3 minutes<br />
** Reset account lockout after - 3 minutes<br />
<br />
===Global Security Policy===<br />
run <code>gpedit.msc</code><br />
* Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Encryption and Security<br />
** Set client connection encryption level - Enabled, High level<br />
** Always prompt client for password upon connection - Enabled<br />
<br />
===Registry===<br />
run <code>regedit</code><br />
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp<br />
** change PortNumber to something like 12345<br />
<br />
===Firewall===<br />
Add this port to the firewall exception list. Click the "Change Scope" button to restrict access to the subnet. To permit VPN access, set the network mask to 255.255.0.0 (so any 123.45 address can connect to Remote Desktop).<br />
<br />
==Client==<br />
Start -> All Programs -> Accessories -> Communications -> Remote Desktop Connection<br />
<br />
Be sure to check through the Options<br />
<br />
== Notes ==<br />
<br />
===USB License Dongles===<br />
Remote Desktop doesn't seem to work with USB license dongles. We were able to start a program from the console, but got errors when trying to use it remotely. <br />
<br />
===Locked account===<br />
To manually unlock an account you must log on as another administrator user (preferably one without remote desktop access). Then go to Start - Programs - Administrative Tools - Computer Management - Local Users and Groups. Click on the individual user and uncheck the "account is disabled" check box. You may then log on as that user. <br />
<br />
===Security Limitations===<br />
Remote desktop is encrypted, which makes it more secure than many simplistic VNC implementations. However, Remote Desktop is vulnerable to a man-in-the-middle attack because it does not use a certificate to authenticate the server like SSL/SSH does. That means that if you connect to a your system via remote desktop, there is no guarantee that the conversation is not recorded and your passwords are not guaranteed to be safe, even though the session is encrypted.</div>Scott