Block RDP unless client has private certificate

We are using server 2016 standard with remote desktop services. I have done a quick setup with sessions. I've created a private certificate and exported out the .cer to give to my users. On the server how do I make so when remote users are connecting to the server through remote desktop that if the client does not have private certificate I gave them deny access?
Who is Participating?
David SankovskyConnect With a Mentor Senior SysAdminCommented:
You can use certs to encrypt the session, but I don't think you can deny access to RDP without a cert unless you employ 802.1x Authentication.
But that would require implementing a radius server
easyworksAuthor Commented:
I was hoping for something simpler :( . I am only working with about 12 users who travel so I could not use static IPs in the windows firewall. I guess the next option would be to use some kind of program that looks at HIPS for RDP?
David SankovskySenior SysAdminCommented:
How about a VPN instead? I assume that the server is behind some sort of firewall, Implementing a SSL-VPN solution will both encrypt the connection and will also give you some sort of 2FA (as the user must first connect to the VPN and only then Connect to the server)
easyworksAuthor Commented:
Sounds good.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.