Blabberbox » 42 » Remote Desktop SetupShare on Twitter

Remote Desktop Setup

October 15th, 2015 | Posted by pftq in 42 | #
Good articles on securing the Remote Desktop function of Windows, so that it uses encryption, etc.

Basic things all RDP should have:
http://www.howtogeek.com/175087/how-to-enable-and-secure-remote-desktop-on-windows/

In addition, set up temporary account lockout after 3 failed passwords:
https://security.berkeley.edu/resources/best-practices-how-articles/securing-remote-desktop-rdp-system-administrators

Lastly, set up two-factor for logins:
https://duo.com/docs/rdp

Duo uses system clock, so make sure that syncs every hour instead of 7 days:
https://www.google.com/amp/s/blog.jsinh.in/how-to-change-time-sync-time-interval-in-windows/amp/
If you still end up with a "bad timestamp" error at some point, you can either remote into another desktop on the same network or use a VPN.  Then disable the internet for that machine to force a failopen disabling of Duo (for TP-Link, just block that server on the client list and it'll still have local network access), and remote in using the local IP for that machine.

If you want the computer to always be on even if power outtage, see:
http://www.technewsworld.com/story/78930.html
https://www.pftq.com/pq/42/auto_login_and_lock.php

You might also want to turn your server (or another) into a VPN (to keep the same IP no matter where you go), which I also have a post on here:
https://www.pftq.com/blabberbox/?page=VPN_Windows_Setup

---------

Additional settings depending on your  use...


Increase the max outstanding connections to 3000, so having a bunch of failed logins can't suddenly lock you out remotely permanently.  Run the following in command prompt:
Quote
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536

Also add this to the registry to prevent potential error "all connections are in use" that can happen somewhat randomly (run in command prompt):
Quote
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPer1_0Server /t REG_DWORD /d 10
Quote
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPerServer /t REG_DWORD /d 10

Additionally under gpedit.msc RDP connections settings, set "Limit number of connections" and "Restrict Remote Desktop Services Users to a single..." to unlimited to avoid "all connections are in use" error as well that builds up over time.

If you're trying to record the desktop while the RDP is minimized or signed out, you'll also need the following two regedit settings + a second RDP that remotes into the first RDP.  The second RDP remoting into the one you want to record is what needs the regedit below:
https://social.technet.microsoft.com/Forums/sqlserver/en-US/0dd103cc-0da3-4d78-9a79-7aaf8598184c/using-remotedesktopsuppresswhenminimized-for-a-nested-rdp-session?forum=winserverTS
Quote
HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Terminal Server Client
- Create a DWORD value with the name RemoteDesktop_SuppressWhenMinimized and set its value to 2.

Last Updated Apr 4th, 2022 | 854 unique view(s)

Leave a Comment

Name: (Have an account? Login or Register)
Email: (Won't be published)
Website: (Optional)
Comment:
Enter the code from image: