signed by a certificate authority) instead of a self-signed certificate. Just like above, Microsoft has already done a really great job documenting how to force target hosts to present a trusted certificate (i.e. But, hey, why would you use IPs when there’s DNS? So, if you use the IP address, the hostname entry will not work. The hostname with or without wildcards is matched against the string you use when connecting to the target server. You can also use wildcard like in TERMSRV/*.mydomain.tld. In the policy object called Allow delegating default credentials (see first screenshot below), you need to create a list of entries in the form TERMSRV/ (see second screenshot below). The target hosts are specified in the policy setting. You just need to define a group policy and bind it to the hosts that should be able to pass on the credentials.
I will not go into too many details on this because there is a very detailed article about implementing SSO for RDP. I have now implemented the following features to make my life easier. Although I am using remote management whereever possible, I still need to RDP into VMs regularly. Therefore, I have always used the server as the first hop before working on the VMs. Because my virtual machines are located on virtual networks on the hypervisor, I cannot access them directly from the outside. With the update to Windows Server 2012 R2, I decided to utilize more features of Remote Desktop Services. It is a single, dedicated server running all my virtual machines. I have recently blogged about the cloud-based lab which I have been using for more than a year now. Tags #Certificate #Certificate Authority #Certificate Template #Cloud #Group Policy #Lab #NAP #Network Access Protection #Network Policy Server #NPS #Proxy #RDS #RDSH #RDWA #Remote Desktop Gateway #Remote Desktop Services #Remote Desktop WebAccess #RemoteApp #Reverse Proxy #RRAS #Server Manager #Single Sign-On #VPN #Windows Server 2012 R2 #WinGate
Useful Features in Remote Desktop Services for Cloud-Based Labs
0 kommentar(er)
