Using Microsoft Remote Desktop



-->

Office Remote turns your phone into a smart remote that interacts with Microsoft Office on your PC. The app lets you control Word, Excel, and PowerPoint from across the room, so you can walk around freely during presentations. It also shows you your speaker notes and the presentation timer to help you present more effectively. VNC using Microsoft's Remote Desktop Connection – For Windows. This manual is written based on Windows 10 1903. Starting Spring 2021, Remote Desktop Connection must be connected via IIT VPN connection if you are outside of Illinois Tech Network If you. Before you can use it, you'll need to enable access. In the search box on the taskbar, type remote assistance, and then select Allow Remote Assistance invitations to be sent from this computer from the list of results. Then, on the Remote tab, select the Allow Remote Assistance connections to this computer check box, and then select OK.

This article describes the methods to configure listener certificates on a Windows Server 2012-based or Windows Server 2012-based server that is not part of a Remote Desktop Services (RDS) deployment.

Remote

Original product version: Windows Server 2012 R2
Original KB number: 3042780

About Remote Desktop server listener availability

The listener component runs on the Remote Desktop server and is responsible for listening to and accepting new Remote Desktop Protocol (RDP) client connections. This lets users establish new remote sessions on the Remote Desktop server. There is a listener for each Remote Desktop Services connection that exists on the Remote Desktop server. Connections can be created and configured by using the Remote Desktop Services Configuration tool.

Methods to configure listener certificate

In Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2, the Remote Desktop Configuration Manager MMC snap-in lets you direct access to the RDP listener. In the snap-in, you can bind a certificate to the listener and in turn, enforce SSL security for the RDP sessions.

In Windows Server 2012 or Windows Server 2012 R2, this MMC snap-in does not exist. Therefore, the system provides no direct access to the RDP listener. To configure the listener certificates in Windows Server 2012 or Windows Server 2012 R2, use the following methods.

  • Method 1: Use Windows Management Instrumentation (WMI) script

    The configuration data for the RDS listener is stored in the Win32_TSGeneralSetting class in WMI under the RootCimV2TerminalServices namespace.

    The certificate for the RDS listener is referenced through the Thumbprint value of that certificate on a SSLCertificateSHA1Hash property. The thumbprint value is unique to each certificate.

    Note Download adobe preview mac.

    Before you run the wmic commands, the certificate that you want to use must be imported to the Personal certificate store for the computer account. If you do not import the certificate, you will receive an Invalid Parameter error.

    To configure a certificate by using WMI, follow these steps:

    1. Open the properties dialog for your certificate and select the Details tab.

    2. Scroll down to the Thumbprint Software to download canon vixia videos for mac. field and copy the space delimited hexadecimal string into something like Notepad.

      The following screenshot is an example of the certificate thumbprint in the Certificate properties:

      If you copy the string into Notepad, it should resemble the following screenshot:

      After you remove the spaces in the string, it still contains the invisible ASCII character that is only visible at the command prompt. The following screenshot is an example:

      Make sure that this ASCII character is removed before you run the command to import the certificate.

    3. Remove all spaces from the string. There may be an invisible ACSII character that is also copied. This is not visible in Notepad. The only way to validate is to copy directly into the Command Prompt window.

    4. At command prompt, run the following wmic command together with the thumbprint value that you obtain in step 3:

      The following screenshot is a successful example:

  • Method 2: Use registry editor

    Important

    Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, How to back up and restore the registry in Windows in case problems occur.

    To configure a certificate by using registry editor, follow these steps:

    1. Install a server authentication certificate to the Personal certificate store by using a computer account.

    2. Create the following registry value that contains the certificate's SHA1 hash so that you can configure this custom certificate to support TLS instead of using the default self-signed certificate.

      • Registry path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
      • Value name: SSLCertificateSHA1Hash
      • Value type: REG_BINARY
      • Value data: certificate thumbprint

      The value should be the thumbprint of the certificate and be separated by comma (,) without any empty spaces. For example, if you were to export that registry key, the SSLCertificateSHA1Hash value would be as follows:

      SSLCertificateSHA1Hash=hex:42,49,e1,6e,0a,f0,a0,2e,63,c4,5c,93,fd,52,ad,09,27,82,1b,01

    3. The Remote Desktop Host Services runs under the NETWORK SERVICE account. Therefore, you have to set the system access control list (SACL) of the key file that is used by RDS to include NETWORK SERVICE together with the Read permissions.

      To change the permissions, follow these steps on the Certificates snap-in for the local computer:

      1. Click Start, click Run, type mmc, and then click OK.
      2. On the File menu, click Add/Remove Snap-in.
      3. In the Add or Remove Snap-ins dialog box, on the Available snap-ins list, click Certificates, and then click Add.
      4. In the Certificates snap-in dialog box, click Computer account, and then click Next.
      5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
      6. In the Add or Remove Snap-ins dialog box, click OK.
      7. In the Certificates snap-in, on the console tree, expand Certificates (Local Computer), expand Personal, and then select the SSL certificate that you want to use.
      8. Right-click the certificate, select All Tasks, and then select Manage Private Keys.
      9. In the Permissions dialog box, click Add, type NETWORK SERVICE, click OK, select Read under the Allow check box, and then click OK.
-->

Applies to: Windows 10, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

You can use Remote Desktop to connect to and control your PC from a remote device by using a Microsoft Remote Desktop client (available for Windows, iOS, macOS and Android). When you allow remote connections to your PC, you can use another device to connect to your PC and have access to all of your apps, files, and network resources as if you were sitting at your desk.

Note

You can use Remote Desktop to connect to Windows 10 Pro and Enterprise, Windows 8.1 and 8 Enterprise and Pro, Windows 7 Professional, Enterprise, and Ultimate, and Windows Server versions newer than Windows Server 2008. You can't connect to computers running a Home edition (like Windows 10 Home).

To connect to a remote PC, that computer must be turned on, it must have a network connection, Remote Desktop must be enabled, you must have network access to the remote computer (this could be through the Internet), and you must have permission to connect. For permission to connect, you must be on the list of users. Before you start a connection, it's a good idea to look up the name of the computer you're connecting to and to make sure Remote Desktop connections are allowed through its firewall.

How to enable Remote Desktop

The simplest way to allow access to your PC from a remote device is using the Remote Desktop options under Settings. Since this functionality was added in the Windows 10 Fall Creators update (1709), a separate downloadable app is also available that provides similar functionality for earlier versions of Windows. You can also use the legacy way of enabling Remote Desktop, however this method provides less functionality and validation.

Windows 10 Fall Creator Update (1709) or later

You can configure your PC for remote access with a few easy steps.

  1. On the device you want to connect to, select Start and then click the Settings icon on the left.
  2. Select the System group followed by the Remote Desktop item.
  3. Use the slider to enable Remote Desktop.
  4. It is also recommended to keep the PC awake and discoverable to facilitate connections. Click Show settings to enable.
  5. As needed, add users who can connect remotely by clicking Select users that can remotely access this PC.
    1. Members of the Administrators group automatically have access.
  6. Make note of the name of this PC under How to connect to this PC. You'll need this to configure the clients.

Windows 7 and early version of Windows 10

Using Microsoft Remote Desktop To Ssh On Mac

To configure your PC for remote access, download and run the Microsoft Remote Desktop Assistant. This assistant updates your system settings to enable remote access, ensures your computer is awake for connections, and checks that your firewall allows Remote Desktop connections.

All versions of Windows (Legacy method)

To enable Remote Desktop using the legacy system properties, follow the instructions to Connect to another computer using Remote Desktop Connection.

Should I enable Remote Desktop?

If you only want to access your PC when you are physically using it, you don't need to enable Remote Desktop. Enabling Remote Desktop opens a port on your PC that is visible to your local network. You should only enable Remote Desktop in trusted networks, such as your home. You also don't want to enable Remote Desktop on any PC where access is tightly controlled.

Be aware that when you enable access to Remote Desktop, you are granting anyone in the Administrators group, as well as any additional users you select, the ability to remotely access their accounts on the computer.

Using Microsoft Remote Desktop With Mac

You should ensure that every account that has access to your PC is configured with a strong password.

Why allow connections only with Network Level Authentication?

Using Microsoft Remote Desktop App

Using Microsoft Remote Desktop

If you want to restrict who can access your PC, choose to allow access only with Network Level Authentication (NLA). When you enable this option, users have to authenticate themselves to the network before they can connect to your PC. Allowing connections only from computers running Remote Desktop with NLA is a more secure authentication method that can help protect your computer from malicious users and software. To learn more about NLA and Remote Desktop, check out Configure NLA for RDS Connections.

Using Microsoft Remote Desktop On Mac

If you're remotely connecting to a PC on your home network from outside of that network, don't select this option.