I found an article to harden Terminal Services on Windows 2008 R2,http://technet.microsoft.com/en-us/library/cc264467.aspx, but there are a couple of things that I am not clear about. As I am working through this in my test environment I had a couple of questions.
First with the Network Level Authentication enable I want to verify that what I did worked. I was having some weird problems with the check box grayed out so I created a GPO with the following settings under Polices\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security:
- Set client connection encryption level: Enabled High Level
- Require secure RPC communication: Enabled
- Require use of specific security layer for remote (RDP) connections: Enabled SSL
- Require user authentication for remote connections by using Network Level Authentication: Enabled
With those items set how can I verify that NLA is working and that the communication is secured with my CA issued certificate?
The other question I have is with the Single Sign-On GPO settings. I know what the settings are based on the above mentioned article, but it does not say whether it should be applied to the clients or the server and of course a good way to test based on the GPO application.
Thanks in advance, I just want to make sure this is done right.
Eric