How to check RDP is secured

  • Thread starter Thread starter tman
  • Start date Start date
T

tman

Can anyone tell me if there is a way to check if an RDP connection is
encrypted ok? Via local group policy, I enabled the RDP security feature on
the RDP server, and the RDP client connects ok, but I can't obviously tell
if the connection is encrypted or not (no warning, no systray icon etc).

Thanks
 
tman said:
Can anyone tell me if there is a way to check if an RDP connection is
encrypted ok? Via local group policy, I enabled the RDP security feature
on the RDP server, and the RDP client connects ok, but I can't obviously
tell if the connection is encrypted or not (no warning, no systray icon
etc).

Thanks
Click to expand...

Remote Desktop is encrypted natively. You can configure the host/server PC
to only use "High" encryption via a group policy. That is the way I
configure my host/server PCs. Beyond that you might look into a packet
sniffer of some sort to verify the data link is encrypted.

Some folks do run Remote Desktop through VPN or SSH tunnels for other
reasons including added security, strong authentication, etc...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
Thanks for the quick reply. I used a sniffer, and the payload definately
appeared as unreadable, so I was hoping the encryption was enabled. This
requirement is for some remote customers to connect to an XP client over the
internet. They don't really have much experience on encrypting/tunneling so
I wanted to keep it simple. RDP is ok for them, so as long as I make the
correct policy settings on the XP 'server', they should be ok. For there
needs, 128-bit RC4 enc should be acceptable.
 
tman said:
Thanks for the quick reply. I used a sniffer, and the payload definately
appeared as unreadable, so I was hoping the encryption was enabled. This
requirement is for some remote customers to connect to an XP client over
the internet. They don't really have much experience on
encrypting/tunneling so I wanted to keep it simple. RDP is ok for them, so
as long as I make the correct policy settings on the XP 'server', they
should be ok. For there needs, 128-bit RC4 enc should be acceptable.
Click to expand...
In addition to the "High" security setting I also configure my standalone
RDP host or TS server to always prompt for a password. Again that is via a
group policy. You might be interested in this RDP 6 authentication FAQ from
the TS team blog...

http://blogs.msdn.com/ts/archive/2007/01/22/vista-remote-desktop-connection-authentication-faq.aspx

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
If you are using TLS/SSL certificate-based RDP, a padlock appears on the
retractable bar at the top of the screen on the client PC. I wish I knew
what to call that bar!
 
Back
Top