Connect to Windows Server 2012 with valid client certificate only?
Yes but you will need to install and configure your Remote Desktop Session host to use a Remote Desktop Gateway to do it.
Once you are using a Remote Desktop Gateway you can set up Remote Desktop Connection Authorization Policies (RD CAPs) and Desktop Resource Authorization Policies (RD RAPs) in those you can set things up like requiring that a connecting machine has a client certificate (per machine or per user).
Related videos on Youtube
11 : 44
03 : 12
14 : 01
01 : 25
05 : 00
Piotr Kula
Updated on September 18, 2022Comments
-
Piotr Kula over 1 year
With linux you can issue a certificate and put it into putty and disable password login.
I think this is a great way to stop pesky bots hammering RDP login the whole time.
I have noticed on the Start SSL website, they generate a certificate for you, which gets installed onto your browser and you don't need to type in a password to login, as long as you have that certificate in the browser.
Is it possible to connect to RDP using certificate authentication from the client?
-
Piotr Kula almost 10 yearsThanks - Do you know if it is possible to configure all this on a single machine?
-
Scott Chamberlain almost 10 yearsYes and no. Yes you can, but it requires a domain to work so that machine will also need to be a domain controller or already joined to a domain that has a domain controller.
-
Piotr Kula almost 10 yearsIt is defiantly the right direction. To bad its such a nightmare to setup. It easier for me to write my own app that scans the event log and adds firewall rules against the attacker, than setup a certificate based login.. sigh
