Blabberbox » 42 » Remote Desktop SetupShare on Twitter

Remote Desktop Setup

October 15th, 2015 | Posted by pftq in 42 | #
Good articles on securing the Remote Desktop function of Windows, so that it uses encryption, etc.

Basic things all RDP should have:

In addition, set up temporary account lockout after 3 failed passwords:

Lastly, set up two-factor for logins:

Duo uses system clock, so make sure that syncs every hour instead of 7 days:
If you still end up with a "bad timestamp" error at some point, you can either remote into another desktop on the same network or use a VPN.  Then disable the internet for that machine to force a failopen disabling of Duo (for TP-Link, just block that server on the client list and it'll still have local network access), and remote in using the local IP for that machine.

If you want the computer to always be on even if power outtage, see:

You might also want to turn your server (or another) into a VPN (to keep the same IP no matter where you go), which I also have a post on here:


Additional settings depending on your  use...

Increase the max outstanding connections to 3000, so having a bunch of failed logins can't suddenly lock you out remotely permanently.  Run the following in command prompt:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536

Also add this to the registry to prevent potential error "all connections are in use" that can happen somewhat randomly (run in command prompt):
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPer1_0Server /t REG_DWORD /d 10
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPerServer /t REG_DWORD /d 10

Additionally under gpedit.msc RDP connections settings, set "Limit number of connections" and "Restrict Remote Desktop Services Users to a single..." to unlimited to avoid "all connections are in use" error as well that builds up over time.

If you're trying to record the desktop while the RDP is minimized or signed out, you'll also need the following two regedit settings + a second RDP that remotes into the first RDP.  The second RDP remoting into the one you want to record is what needs the regedit below:
HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Terminal Server Client
- Create a DWORD value with the name RemoteDesktop_SuppressWhenMinimized and set its value to 2.


Additional troubleshooting:
- If you run into RDP hanging when trying to login remotely, try unsaving the password and having to type it in when prompted.

Last Updated May 26th, 2024 | 899 unique view(s)

Leave a Comment

Name: (Have an account? Login or Register)
Email: (Won't be published)
Website: (Optional)
Enter the code from image: