Connect to Windows Server 2012 with valid client certificate only?

1

With linux you can issue a certificate and put it into putty and disable password login.

I think this is a great way to stop pesky bots hammering RDP login the whole time.

I have noticed on the Start SSL website, they generate a certificate for you, which gets installed onto your browser and you don't need to type in a password to login, as long as you have that certificate in the browser.

Is it possible to connect to RDP using certificate authentication from the client?

Piotr Kula

Posted 2014-05-07T18:22:23.780

Reputation: 3 538

Answers

3

Yes but you will need to install and configure your Remote Desktop Session host to use a Remote Desktop Gateway to do it.

Once you are using a Remote Desktop Gateway you can set up Remote Desktop Connection Authorization Policies (RD CAPs) and Desktop Resource Authorization Policies (RD RAPs) in those you can set things up like requiring that a connecting machine has a client certificate (per machine or per user).

Scott Chamberlain

Posted 2014-05-07T18:22:23.780

Reputation: 28 923

1Thanks - Do you know if it is possible to configure all this on a single machine? – Piotr Kula – 2014-05-07T18:57:03.017

Yes and no. Yes you can, but it requires a domain to work so that machine will also need to be a domain controller or already joined to a domain that has a domain controller. – Scott Chamberlain – 2014-05-07T20:25:46.083

1It is defiantly the right direction. To bad its such a nightmare to setup. It easier for me to write my own app that scans the event log and adds firewall rules against the attacker, than setup a certificate based login.. sigh – Piotr Kula – 2014-05-07T20:27:57.520

Asked: 2014-05-07T18:22:23.780

Viewed: 6 638 times

Active: 2014-05-07T18:48:40.033