Solved

Windows 2012 session collection security.

Posted on 2016-08-08
2
91 Views
Last Modified: 2016-08-14
In the Windows 2012 RDS farm that we setup, the session collection security settings has the attached by default.

A piece of 3rd party software that we use leverages the RDP connection which is not working.  The software vendor wants us to change the "Security Layer" to "RDP Security Layer" instead of the default setting "Negotiate" and want us to uncheck the "Allow connections only from computers running remote desktop with network level authentication".  

I am not sure if these settings will cause security issue.  Please advise if you see a potential issue.

Thanks.
RDP-security.png
0
Comment
Question by:nav2567
2 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 41748138
It certainly weakens your security footprint. So deepening on your corporate policies, any government regulations, or other regulations (such as credit card PCI compliance) this could indeed put yo out of compliance and therefore be an issue for you. But that is inherently unique to your individual requirements and circumstances. There is no universal "right" answer.
0
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
ID: 41748272
If the Security Layer is set to Negotiate (as shown in the figure), the RDS server will attempt to use SSL (TLS 1.0) first. If the client doesn't support it, it will use RDP Security Layer instead, which provides weaker security.

My Opinion. I would not allow them. It is necessary to force the manufacturer to fix their product.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question