Harden RDP on Windows 2012 / 2012 R2

gistfile1.txt

###############################################################################
# Remote Desktop Services settings

# Remote Desktop Services: Enable NLA Requirement
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired 
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)

# Remote Desktop Services: Require 'High' level of encryption
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetEncryptionLevel(3)

# Remote Desktop Services: Set Security Layer to SSL
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetSecurityLayer(2)


###############################################################################
# References
#
# .SetUserAuthenticationRequired(1) - https://msdn.microsoft.com/en-us/library/aa383441%28v=vs.85%29.aspx
# .SetEncryptionLevel(3) - https://msdn.microsoft.com/en-us/library/aa383800(v=vs.85).aspx
# .SetSecurityLayer(2) - https://msdn.microsoft.com/en-us/library/aa383801(v=vs.85).aspx