Remote Desktop Setup
Good articles on securing the Remote Desktop function of Windows, so that it uses encryption, etc.
Basic things all RDP should have:
http://www.howtogeek.com/175087/how-to-enable-and-secure-remote-desktop-on-windows/
In addition, set up temporary account lockout after 3 failed passwords:
https://security.berkeley.edu/resources/best-practices-how-articles/securing-remote-desktop-rdp-system-administrators
Lastly, set up two-factor for logins:
https://duo.com/docs/rdp
Duo uses system clock, so make sure that syncs every hour instead of 7 days:
https://www.google.com/amp/s/blog.jsinh.in/how-to-change-time-sync-time-interval-in-windows/amp/
If you still end up with a "bad timestamp" error at some point, you can either remote into another desktop on the same network or use a VPN. Then disable the internet for that machine to force a failopen disabling of Duo (for TP-Link, just block that server on the client list and it'll still have local network access), and remote in using the local IP for that machine.
If you want the computer to always be on even if power outtage, see:
http://www.technewsworld.com/story/78930.html
https://www.pftq.com/pq/42/auto_login_and_lock.php
You might also want to turn your server (or another) into a VPN (to keep the same IP no matter where you go), which I also have a post on here:
https://www.pftq.com/blabberbox/?page=VPN_Windows_Setup
---------
Additional settings depending on your use...
Increase the max outstanding connections to 3000, so having a bunch of failed logins can't suddenly lock you out remotely permanently. Run the following in command prompt:
Also add this to the registry to prevent potential error "all connections are in use" that can happen somewhat randomly (run in command prompt):
Additionally under gpedit.msc RDP connections settings, set "Limit number of connections" and "Restrict Remote Desktop Services Users to a single..." to unlimited to avoid "all connections are in use" error as well that builds up over time.
If you're trying to record the desktop while the RDP is minimized or signed out, you'll also need the following two regedit settings + a second RDP that remotes into the first RDP. The second RDP remoting into the one you want to record is what needs the regedit below:
https://social.technet.microsoft.com/Forums/sqlserver/en-US/0dd103cc-0da3-4d78-9a79-7aaf8598184c/using-remotedesktopsuppresswhenminimized-for-a-nested-rdp-session?forum=winserverTS
============
Additional troubleshooting:
- If you run into RDP hanging when trying to login remotely, try unsaving the password and having to type it in when prompted.
Basic things all RDP should have:
http://www.howtogeek.com/175087/how-to-enable-and-secure-remote-desktop-on-windows/
In addition, set up temporary account lockout after 3 failed passwords:
https://security.berkeley.edu/resources/best-practices-how-articles/securing-remote-desktop-rdp-system-administrators
Lastly, set up two-factor for logins:
https://duo.com/docs/rdp
Duo uses system clock, so make sure that syncs every hour instead of 7 days:
https://www.google.com/amp/s/blog.jsinh.in/how-to-change-time-sync-time-interval-in-windows/amp/
If you still end up with a "bad timestamp" error at some point, you can either remote into another desktop on the same network or use a VPN. Then disable the internet for that machine to force a failopen disabling of Duo (for TP-Link, just block that server on the client list and it'll still have local network access), and remote in using the local IP for that machine.
If you want the computer to always be on even if power outtage, see:
http://www.technewsworld.com/story/78930.html
https://www.pftq.com/pq/42/auto_login_and_lock.php
You might also want to turn your server (or another) into a VPN (to keep the same IP no matter where you go), which I also have a post on here:
https://www.pftq.com/blabberbox/?page=VPN_Windows_Setup
---------
Additional settings depending on your use...
Increase the max outstanding connections to 3000, so having a bunch of failed logins can't suddenly lock you out remotely permanently. Run the following in command prompt:
Quote
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536
Also add this to the registry to prevent potential error "all connections are in use" that can happen somewhat randomly (run in command prompt):
Quote
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPer1_0Server /t REG_DWORD /d 10
Quote
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPerServer /t REG_DWORD /d 10
Additionally under gpedit.msc RDP connections settings, set "Limit number of connections" and "Restrict Remote Desktop Services Users to a single..." to unlimited to avoid "all connections are in use" error as well that builds up over time.
If you're trying to record the desktop while the RDP is minimized or signed out, you'll also need the following two regedit settings + a second RDP that remotes into the first RDP. The second RDP remoting into the one you want to record is what needs the regedit below:
https://social.technet.microsoft.com/Forums/sqlserver/en-US/0dd103cc-0da3-4d78-9a79-7aaf8598184c/using-remotedesktopsuppresswhenminimized-for-a-nested-rdp-session?forum=winserverTS
Quote
HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Terminal Server Client
- Create a DWORD value with the name RemoteDesktop_SuppressWhenMinimized and set its value to 2.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Terminal Server Client
- Create a DWORD value with the name RemoteDesktop_SuppressWhenMinimized and set its value to 2.
============
Additional troubleshooting:
- If you run into RDP hanging when trying to login remotely, try unsaving the password and having to type it in when prompted.
Last Updated May 26th, 2024 | 1003 unique view(s)
« Rejecting Spam via G-Suite | -More 42- | Removing 30-Min Video Limit in Sony Cameras » |
-Back to Blabberbox- |