Windows Remote Desktop Protocol

by



The RD Gateway server listens for Remote Desktop requests over HTTPS (port 443) and connects the client to the Remote Desktop service on the target machine. Utilize Campus RDP Gateway Service. This is the best option to allow RDP access to system categorized as UC P2 and lower. Aug 26, 2019 Windows Remote Desktop Protocol (RDP) is widely used by system administrators trying to provide remote operators access to internal systems and servers. In a shocking oversight this connection does not use strong encryption by default. This post will walk through the steps required to force TLS encryption on all RDP connections. Configure H.264/AVC hardware encoding for Remote Desktop connections This policy lets you enable hardware encoding for AVC/H.264, when used in conjunction with the AVC444 mode. When enabled, each remote desktop monitor will use up one AVC/H.264 encoder on the server.

-->

This article describes the methods to configure listener certificates on a Windows Server 2012-based or Windows Server 2012-based server that is not part of a Remote Desktop Services (RDS) deployment.

Windows remote desktop protocol

Original product version: Windows Server 2012 R2
Original KB number: 3042780

About Remote Desktop server listener availability

The listener component runs on the Remote Desktop server and is responsible for listening to and accepting new Remote Desktop Protocol (RDP) client connections. This lets users establish new remote sessions on the Remote Desktop server. There is a listener for each Remote Desktop Services connection that exists on the Remote Desktop server. Connections can be created and configured by using the Remote Desktop Services Configuration tool.

Methods to configure listener certificate

In Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2, the Remote Desktop Configuration Manager MMC snap-in lets you direct access to the RDP listener. In the snap-in, you can bind a certificate to the listener and in turn, enforce SSL security for the RDP sessions.

In Windows Server 2012 or Windows Server 2012 R2, this MMC snap-in does not exist. Therefore, the system provides no direct access to the RDP listener. To configure the listener certificates in Windows Server 2012 or Windows Server 2012 R2, use the following methods.

  • Method 1: Use Windows Management Instrumentation (WMI) script

    The configuration data for the RDS listener is stored in the Win32_TSGeneralSetting class in WMI under the RootCimV2TerminalServices namespace.

    The certificate for the RDS listener is referenced through the Thumbprint value of that certificate on a SSLCertificateSHA1Hash Sky go free for sky customers. property. The thumbprint value is unique to each certificate.

    Note

    Before you run the wmic commands, the certificate that you want to use must be imported to the Personal certificate store for the computer account. If you do not import the certificate, you will receive an Invalid Parameter error.

    To configure a certificate by using WMI, follow these steps:

    1. Open the properties dialog for your certificate and select the Details tab.

    2. Scroll down to the Thumbprint field and copy the space delimited hexadecimal string into something like Notepad.

      The following screenshot is an example of the certificate thumbprint in the Certificate properties:

      If you copy the string into Notepad, it should resemble the following screenshot:

      After you remove the spaces in the string, it still contains the invisible ASCII character that is only visible at the command prompt. The following screenshot is an example:

      Make sure that this ASCII character is removed before you run the command to import the certificate.

    3. Remove all spaces from the string. There may be an invisible ACSII character that is also copied. This is not visible in Notepad. The only way to validate is to copy directly into the Command Prompt window.

    4. At command prompt, run the following wmic command together with the thumbprint value that you obtain in step 3:

      The following screenshot is a successful example:

  • Method 2: Use registry editor

    Important

    Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, How to back up and restore the registry in Windows in case problems occur.

    To configure a certificate by using registry editor, follow these steps:

    1. Install a server authentication certificate to the Personal certificate store by using a computer account.

    2. Create the following registry value that contains the certificate's SHA1 hash so that you can configure this custom certificate to support TLS instead of using the default self-signed certificate. 21: wish you were here!.

      • Registry path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
      • Value name: SSLCertificateSHA1Hash
      • Value type: REG_BINARY
      • Value data: certificate thumbprint

      The value should be the thumbprint of the certificate and be separated by comma (,) without any empty spaces. For example, if you were to export that registry key, the SSLCertificateSHA1Hash value would be as follows:

      SSLCertificateSHA1Hash=hex:42,49,e1,6e,0a,f0,a0,2e,63,c4,5c,93,fd,52,ad,09,27,82,1b,01

    3. The Remote Desktop Host Services runs under the NETWORK SERVICE account. Therefore, you have to set the system access control list (SACL) of the key file that is used by RDS to include NETWORK SERVICE together with the Read permissions.

      To change the permissions, follow these steps on the Certificates snap-in for the local computer:

      1. Click Start, click Run, type mmc, and then click OK.
      2. On the File menu, click Add/Remove Snap-in.
      3. In the Add or Remove Snap-ins dialog box, on the Available snap-ins list, click Certificates, and then click Add.
      4. In the Certificates snap-in dialog box, click Computer account, and then click Next.
      5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
      6. In the Add or Remove Snap-ins dialog box, click OK.
      7. In the Certificates snap-in, on the console tree, expand Certificates (Local Computer), expand Personal, and then select the SSL certificate that you want to use.
      8. Right-click the certificate, select All Tasks, and then select Manage Private Keys.
      9. In the Permissions dialog box, click Add, type NETWORK SERVICE, click OK, select Read under the Allow check box, and then click OK.

What is an RDP Client?

Remote Desktop Protocol (RDP) is a connection protocol developed by Microsoft to provide users with a graphical interface while connected to another computer over a network connection. The connecting user must deploy an RDP client software, while the receiving computer must deploy RDP server software.

There are several RDP Clients for Windows 10, Windows 8.1, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2. The available client apps for different clients are listed below:

ClientApp
Windows Desktop
Windows Desktop client
Microsoft Store
Windows 10 client
Android
Android client
iOS
iOS client
macOS
macOS client
Html 5
Html5 client

The RDP servers are built into Windows operating systems and can be enabled through the Server Manager panel.

Microsoft Remote Desktop Assistant

You can download and install Microsoft Remote Desktop Assistant, and use it to enable Remote Desktop Services, hence allowing other devices to access your PC. Follow the steps mentioned below:

  1. Download and install the Microsft Remote Desktop Assistant after accepting the terms and conditions.
  2. Click Accept and a Welcome screen appear. Click Got it.
  3. Click Get Started on the screen that appears next. It lists down all the changes that the tool will carry out on your computer including:
  • Enabling remote connections to your PC.
  • Keeping your PC awake, making it available for connections.
  • Changing your Firewall rules to allow Remote Desktop connection.
  1. Scan the QR code that appears on the screen next, save the connection as a file, or choose your option to proceed further to enable connection using Remote Desktop.

Your computer is now ready to be accessible from other devices. Install and use Microsoft Remote Desktop client on the device that you will use to connect to your PC.

How does Microsoft Client work?

For the RDP client to work, the receiving machine must have Remote Desktop connections enabled. There are 2 most common ways to enable the RDP connection:

1. Right-click on the Personal Computer icon on your desktop, click on Properties from the drop-down list, and then select Remote settings from the list on the left.

2. Navigate to your Start Menu and go to Windows Settings, click on the System icon, and from the list on the left select Remote Desktop and enable it. How to sync numbers from gmail phone.

Latest Windows RDP Client

Due to the Windows Virtual Desktop (WVD), Microsoft is working on patching some bugs that occurred from using their RDP Client to connect to WVD instances. Two of the RDP Client (1.2.605 & 1.2.535) releases were mainly focused on fixing bugs instead of introducing new features.

The latest 1.2.1104 update of Windows RDP Client has the following changes:

  • Support for Windows Virtual Desktop Spring 2020 update by updating the automatic discovery logic for the Subscribe option. Customers who have the Spring Update resources do not need to provide consent for the Fall 2019 release.
  • The scale factor of high-DPI devices has been improved up to 400%.
  • The issue where disconnect dialog did not appear has been resolved.
  • The issue where the command tooltips appeared longer than expected has been fixed.
  • The crash that occurred when trying to subscribe immediately after a refresh has been fixed.
  • The crash that occurred when parsing date and time in some languages has been fixed.

An enhanced RDP Client

Parallels Client, is a completely free RDP Client. It leverages RDP technology, allowing users to instantly connect to either simple RDS infrastructures or Parallels RAS Farms.

It’s an intuitive RDP client that enables multi-tasking on applications and desktops. Multiple connection settings can be stored and utilized so users can keep workspaces docked under the same application window (or undock them to work in another window).

Moreover, features not supported by the Microsoft RDP Client—such as drag and drop, multiscreen support, zoom, client group policy and more—are implemented to provide a top-class user experience.

The mobile client enables all native gestures of iOS and Android, offering the best mobile experience on the market. Touch ID and passcode features are available to increase data security.

References

Protocol

Remote Desktop Protocol | https://en.wikipedia.org/wiki/Remote_Desktop_Protocol

What’s new in the Windows Desktop client | https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew

Remote Desktop Protocol Download

Microsoft Remote Desktop Client | https://www.parallels.com/blogs/ras/microsoft-remote-desktop-client/

Windows Remote Desktop Protocol Weak Encryption Method Allowed

5 Best Remote Desktop Connection Managers | https://activedirectorypro.com/rdp-connection-manager/

Windows Remote Desktop Protocol Error

Get Microsoft Remote Desktop Client | https://www.microsoft.com/en-us/p/microsoft-remote-desktop/9wzdncrfj3ps