• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 162
  • Last Modified:

Windows 2012 session collection security.

In the Windows 2012 RDS farm that we setup, the session collection security settings has the attached by default.

A piece of 3rd party software that we use leverages the RDP connection which is not working.  The software vendor wants us to change the "Security Layer" to "RDP Security Layer" instead of the default setting "Negotiate" and want us to uncheck the "Allow connections only from computers running remote desktop with network level authentication".  

I am not sure if these settings will cause security issue.  Please advise if you see a potential issue.

1 Solution
Cliff GaliherCommented:
It certainly weakens your security footprint. So deepening on your corporate policies, any government regulations, or other regulations (such as credit card PCI compliance) this could indeed put yo out of compliance and therefore be an issue for you. But that is inherently unique to your individual requirements and circumstances. There is no universal "right" answer.
Benjamin VoglarIT ProCommented:
If the Security Layer is set to Negotiate (as shown in the figure), the RDS server will attempt to use SSL (TLS 1.0) first. If the client doesn't support it, it will use RDP Security Layer instead, which provides weaker security.

My Opinion. I would not allow them. It is necessary to force the manufacturer to fix their product.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now