Solved

Windows 2012 session collection security.

Posted on 2016-08-08
2
60 Views
Last Modified: 2016-08-14
In the Windows 2012 RDS farm that we setup, the session collection security settings has the attached by default.

A piece of 3rd party software that we use leverages the RDP connection which is not working.  The software vendor wants us to change the "Security Layer" to "RDP Security Layer" instead of the default setting "Negotiate" and want us to uncheck the "Allow connections only from computers running remote desktop with network level authentication".  

I am not sure if these settings will cause security issue.  Please advise if you see a potential issue.

Thanks.
RDP-security.png
0
Comment
Question by:nav2567
2 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
It certainly weakens your security footprint. So deepening on your corporate policies, any government regulations, or other regulations (such as credit card PCI compliance) this could indeed put yo out of compliance and therefore be an issue for you. But that is inherently unique to your individual requirements and circumstances. There is no universal "right" answer.
0
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
Comment Utility
If the Security Layer is set to Negotiate (as shown in the figure), the RDS server will attempt to use SSL (TLS 1.0) first. If the client doesn't support it, it will use RDP Security Layer instead, which provides weaker security.

My Opinion. I would not allow them. It is necessary to force the manufacturer to fix their product.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now