demichel
asked on
Enforce users use PKI for Remote Desktop in Terminal Server 2012R2
We need to setup the AD CS that we can enforce users to use the PKI in order to connected with terminal server with out auto-enrollment certificate so the users need to install the certificate manually in their clients machine in order to connect with the Terminal Server session
Thank you .
Thank you .
What you are trying to do and what provided in link are two different things
Users do not require certificate in order to connect to terminal server
You need to install SSL cert on server hosting terminal server role and need to assign same to RDP through wmic or PowerShell
The SSL certificate subject name must be match to FQDN you are using to connect to terminal server
Users do not require certificate in order to connect to terminal server
You need to install SSL cert on server hosting terminal server role and need to assign same to RDP through wmic or PowerShell
The SSL certificate subject name must be match to FQDN you are using to connect to terminal server
ASKER
We need a internal certificate that only users can request once via https://<servername>/certsrv/ and install it in their computers in order to connect with the terminal server .
You can have certificate requested to CA server with user login
If you are not enabling certificate Autoenrollment, user must request it manually
But this certificate has nothing to do with RDS \ terminal server
Check below post
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
Mahesh
If you are not enabling certificate Autoenrollment, user must request it manually
But this certificate has nothing to do with RDS \ terminal server
Check below post
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
Mahesh
ASKER
how to create the CA for Remote Desktop login? so that user need to install in order to connect in the TS
ASKER
Something like this http://www.alkia.net/index.php/faqs/106-how-to-secure-remote-desktop-connections-using-tls-ssl-based-authentication but in 2012 R2
ASKER
That's we need ..... The solution is certificate based computer authentication. If the computer cannot authenticate itself by presenting a valid certificate to the terminal server it is trying to connect to, then the RDP connection will be dropped before the user has a chance to attempt to log on.....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER