A certificate is needed to authenticate an RD Session Host server when
SSL (TLS 1.0) is used to secure communication between a client and an
RD Session Host server during RDP connections. You can select a
certificate that you have already installed on the RD Session Host
server, or you can use the default self-signed certificate. You can
enable SSL for Remote Desktop connections using the RDP-Tcp Properties
dialog box, which is accessed from the Remote Desktop Session Host
Configuration snap-in.
By default, Remote Desktop connections are encrypted at the highest
level of security available (128-bit). However, some older versions of
the Remote Desktop Connection client application do not support this
high level of encryption. If a high level of encryption is needed to
support legacy clients, the encryption level of the connection can be
configured to send and receive data at the highest encryption level
supported by the client.
There are four levels of encryption available:
Low
Data sent from the client to the server is encrypted
using 56-bit encryption. Data sent from the server to the client is
not encrypted.
Client Compatible
Encrypts client/server communication at
the maximum key strength supported by the client. Use this level when
the terminal server is running in an environment containing mixed or
legacy clients. This is the default encryption level.
High
Encrypts client/server communication using 128-bit
encryption. Use this level when the clients accessing the terminal
server also support 128-bit encryption. When encryption is set at this
level, clients that do not support this level of encryption will not
be able to connect.
FIPS Compliant
All client/server communication is
encrypted and decrypted with the Federal Information Processing
Standards (FIPS) encryption algorithms. FIPS 140-1 (1994) and its
successor, FIPS 140-2 (2001), describe U.S. government requirements
for encryption.
The RDP-Tcp Properties dialog box, which is accessed from the Remote
Desktop Session Host Configuration snap-in, allows you to configure
the encryption level.
Best Answer
For TLS level security, You should be able to go to Administrative Tools, then Remote Desktop Services, Desktop Session Host Configuration. On the General tab, choose the appropriate security layer and encryption level from the drop-down boxes.
You have the following levels for security layers:
Low – uses 56 bit encryption for data sent from client to server. Does not encrypt data sent from server to client.
Client Compatible – this is the default. It encrypts data sent both ways between client and server with the maximum key strength that the client supports.
High – this encrypts data sent both ways between client and server with 128 bit encryption.
FIPS Compliant – this encrypts data sent both ways between client and server with FIPS 140-1 validated encryption.