Remote Desktop Connections to Windows PCs and servers make remote service and home to work access a reality and reason to save gasoline ($4 gas = ouch). However, RDP or RDC (Macintosh version) does have some security issues you might want to correct prior to use. On a recent podcast, “Ask the Techies” with D. Lee Beard, I found out a couple Windows XP Pro settings that will increase the security of your remote connections.
For a video version of how to perform the necessary operations to secure your RDC on Windows XP Pro, bounce over to “Ask the Techies” at askthetechies.com/wrdssh.html and watch the video. While you are at it, subscribe to their video podcast. For now, just jot down my shorthand notes on the process.
You must turn on security for remote connection by editing group policy and local policy settings. Since Windows XP Home will not allow group policy edits, make sure you have XP Pro on the machine you wish to secure.
Click Start and go to your Control Panels. Click and go to Administrative Tools. We want to use the Group Policy editor, which usually is a shortcut called gpedit. If Group Policy has not been used prior to this process, the shortcut may be missing. You will need to create that shortcut. In the Administrative Tools windows, right click and create a new shortcut. In the location field – type this:
%SystemRoot%\system32\gpedit.msc /s
Go ahead and finish with the default name. Open the Group Policy editor program shortcut you just created and let’s edit some security policies for remote connections.
Under Computer Configurations, expand the Administrative Templates, expand Windows Components, and click on Terminal Services. Note that Terminal Services is the Windows service that controls remote access and connections to Windows machines. Expand the Terminal Services to reveal Security and Encryption. This is where we will enable our security in Windows XP Pro.
In the right hand windows pane, there is a policy called “Set client connection encryption level”. Double click and open it up. Go ahead and enable it. Set the encryption level to high which is 128-bit in Windows XP Pro. Click Apply and OK. Then enable “Always prompt client for password upon connection”. This will not allow people to save passwords and make the remote connection insecure.
Now we need to modify the Local Security Policy. Close the Group Policy editor and back in the Administrative Tools folder, open Local Security Policy editor. Here, in the left hand windows, go to Local Policies –> User Rights Assignments. In the right hand windows, click on the policy named “Access Computer from the Network”, and make sure only Administrators is showing.
Next, click on the policy “Allow login through Terminal Services” and remove the Administrator group, leaving the Remote Desktop Users group entact. We will enable specific users to be Remote Desktop Users in another area of policy settings. This restricts specific remote users instead of all people with Administrative access. Note: you can specify individual users in this window, but there is a better place. You can also “Deny login through terminal service” and keep specific group and individuals from remote access of your computer. We will not do that here.
Make sure Remote Connections are allow in the Remote tab of System Properties. Here is where we will specify the remote users as well. Go to the Remote tab, enable remote connections and click on “Select Remote Users”. Specify the users for remote connections and you are done.
Test the access using either a Mac or PC with Remote Connection software. On the Mac, get the RDC (Remote Desktop Connection) beta 2 software from the Microsoft website. It works great.
Subscribe via RSS