Last active
August 29, 2015 14:21
-
-
Save TomSellers/89c9d16ee3e75e296a3b to your computer and use it in GitHub Desktop.
Harden RDP on Windows 2012 / 2012 R2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################################### | |
# Remote Desktop Services settings | |
# Remote Desktop Services: Enable NLA Requirement | |
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired | |
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1) | |
# Remote Desktop Services: Require 'High' level of encryption | |
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetEncryptionLevel(3) | |
# Remote Desktop Services: Set Security Layer to SSL | |
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetSecurityLayer(2) | |
############################################################################### | |
# References | |
# | |
# .SetUserAuthenticationRequired(1) - https://msdn.microsoft.com/en-us/library/aa383441%28v=vs.85%29.aspx | |
# .SetEncryptionLevel(3) - https://msdn.microsoft.com/en-us/library/aa383800(v=vs.85).aspx | |
# .SetSecurityLayer(2) - https://msdn.microsoft.com/en-us/library/aa383801(v=vs.85).aspx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment