?
Solved

Windows 2012 session collection security.

Posted on 2016-08-08
2
Medium Priority
?
127 Views
Last Modified: 2016-08-14
In the Windows 2012 RDS farm that we setup, the session collection security settings has the attached by default.

A piece of 3rd party software that we use leverages the RDP connection which is not working.  The software vendor wants us to change the "Security Layer" to "RDP Security Layer" instead of the default setting "Negotiate" and want us to uncheck the "Allow connections only from computers running remote desktop with network level authentication".  

I am not sure if these settings will cause security issue.  Please advise if you see a potential issue.

Thanks.
RDP-security.png
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 41748138
It certainly weakens your security footprint. So deepening on your corporate policies, any government regulations, or other regulations (such as credit card PCI compliance) this could indeed put yo out of compliance and therefore be an issue for you. But that is inherently unique to your individual requirements and circumstances. There is no universal "right" answer.
0
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 2000 total points
ID: 41748272
If the Security Layer is set to Negotiate (as shown in the figure), the RDS server will attempt to use SSL (TLS 1.0) first. If the client doesn't support it, it will use RDP Security Layer instead, which provides weaker security.

My Opinion. I would not allow them. It is necessary to force the manufacturer to fix their product.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question