Have you enabled SSL for Remote Desktop?
Did you know that you can enable Remote Desktop/Terminal Server to use SSL?
Configuration authentication and encryption for Terminal Services
It is generally good practice to configure any machine which has Remote Desktop or Terminal Services enable to at least have an SSL certificate that can be used with RDP. It’s easy to do, and it will allow RDP to use better encryption.
This is especially important if you’re running RDP directly over the Internet (for which special care needs to taken in many more aspects), but it also makes sense to use this in local LAN.
If you don’t have any legacy clients, it also makes sense to set the accepted keystrength to “High”. This will cause all older RDP clients to fail. If you can’t risk that, you can still use “client-compatible”, and use SSL with newer clients and RDP’s builtin encryption with older clients.
Leave a comment