Security – How secure is Remote Desktop Connection

A couple of things based on your post of the event log:

1. The NULL SID indicates that no such user account exists.

2. The status code 0xc0000064 indicates that the user name does not exist

3. Logon Type 3 is a network logon, but an RDP logon is normally a logon type 10 (RemoteInteractive).

Aside form the logon type being 3 instead of 10 as I would expect, have you tried logging on to the server with a domain account (domain\username)? It looks like you're trying to log on with a local user account (machine\username). Are you sure the local user account exists?

A. Buy your cert. Like you say, it's the same as one you would get for a web site. Just make sure the name of it matches the name the users will go to for RDP.

B. Install the cert by doing this:

1. Open MMC.
2. Highlight Certificates and click Add.
3. Select Computer Account and click Next.
4. Select Local Computer and click Finish.
5. Back in the MMC, highlight Certificates.
6. From the View menu, select Options.
7. Change the View mode to Certificate Purpose and then click OK.
8. Expand the Certificates object.
9. Right-click on Server Authentication and select All Tasks/Import.
10. When the Certificate Import Wizard launches, click Next.
11. On the File To Import, click Browse and then pick the .PFX file you got from your certificate authority and then click Open. Click Next.
12. On the Password page, enter the password for the cert if there is one. Select the Mark this key as exportable option. Click Next.
13. On the Certificate Store page, accept the default to automatically select the cert store.
14. Click Finish.

C. Enforce SSL by doing this:

1. Launch Terminal Services Configuration.
2. In the left pane, highlight Terminal Services Configuration: .
3. In the right pane, right-click on RDP-Tcp and select Properties.
4. Click on the General tab.
5. Next to Certificate:Auto generated, click Select.
6. Select the cert you just imported and click OK.
7. Change the Security layer from Negotiate to SSL and the Encryption level from Client Compatible to High. Also, select Allow connections only from computers running Remote Desktop with Network Level Authentication. Click OK.

D. If you're making this server accessible from your internal network to the internet, you then need to give it an external IP and have TCP port 3389 opened on the firewall.

E. Create an A record in DNS that matches exactly the name of the cert.

That should do it. Note that you'll want to review the security configuration in step C7 above to your preference - that config will lock it down nice and tight and will work for anyone running Vista or later.