Editing RDPTcp Connection Settings

Although the default connection name is RDP-Tcp, you can use any name for this connection. When you see the term RDP-Tcp connection properties in technical documents, it often means the properties of the default Terminal Services connection. The connection properties dialog box has the following tabs:

■ General By editing the properties of this tab, you can configure the connection's encryption and authentication properties.

■ Log On Settings Use this tab to configure information about accounts used for sessions.

■ Sessions Use this tab to set session time limits and configure whether the server allows reconnection.

■ Environment Use this tab to configure which applications launch when a user initiates a session.

■ Remote Control Use this tab to specify whether administrators have remote control access to client sessions.

■ Client Settings By editing the settings on this tab, you can limit the depth of colors displayed and the local resources clients can use in the Terminal Services session.

■ Network Adapter Use this tab to specify the maximum number of sessions supported and which network adapter the connection uses. You can select either all network adapters or one specific adapter.

■ Security By editing the properties on this tab, you can specify which users or groups can connect to Terminal Services sessions and have access to functions such as remote control.

In the next few pages, you learn how to configure specific settings that are relevant to the 70-649 upgrade exam.

You set the authentication and encryption of the session through the General tab shown in Figure 12-2. The security layer can be set to RDP, SSL (TLS 1.0), or Negotiate. Microsoft Windows XP clients prior to Service Pack 3 do not support RDP security. SSL provides stronger encryption than RDP, supports earlier clients, but requires an SSL certificate. You can create a self-signed certificate on the Terminal Services server, but unless you take further steps, clients will not trust this certificate. Consider deploying an enterprise certification authority (CA) in your environment and using it to issue the Terminal Services server with a Secure Sockets Layer (SSL) certificate. If Terminal Services is to be used by third parties, consider obtaining an SSL certificate from a commercial CA.

Windows Server Maximum Tcp Connections
FIGURE 12-2 Connection security and encryption.

After Terminal Services authenticates a session, using RDP or SSL, the encryption level determines the encryption strength of the connection. The FIPS Compliant level uses Federal Information Process Standard (FIPS) 140-1 validated encryption methods. If you specify this level, clients that do not support these methods cannot connect. The High encryption level uses 128-bit encryption. Some older RDP clients do not support this level of encryption. The Client Compatible setting allows encryption at the maximum key length supported by the client. The Low encryption level uses 56-bit encryption. When Low encryption is used, the client encrypts data sent to the server, but the server does not encrypt data sent to the client.

If the Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication Setting is enabled, user authentication occurs before the Terminal Services session is initiated. Although Windows XP with Service Pack 3 supports Network Level Authentication, not all RDP client software supports this feature. You cannot enable the Network Level Authentication option if the RDP Security Layer is in use.

The Log On Settings tab, shown in Figure 12-3, enables you to specify whether a client's account information or Terminal Services uses a specific general user account. General user accounts are useful in kiosk scenarios. You can also configure the Terminal Services server so that it prompts connecting users for passwords.

On the Sessions tab, you can configure how the Terminal Services server treats disconnected sessions as well as specify active and idle session limits. You can use an idle session limit to terminate a session when the user has been inactive within the session for a certain amount of time. This stops users from taking up resources on a Terminal Services server when they are not actually doing anything with their session. You use active session limits to specify the maximum length of time a user's session may stay connected. Use the End A Disconnected Session limit to allow users to reconnect for a certain amount of time if they are accidentally disconnected. If they do not reconnect within the specified time, Terminal Services ends their session. In Figure 12-4, you can see settings that will allow users to reconnect to disconnected sessions after 30 minutes, will terminate idle sessions after an hour, and will limit the length of any single session to eight hours.

Rdp Tcp Properties Dialog Box
FIGURE 12-3 Log-on settings.
Sessions Tab Windows Server 2008
FIGURE 12-4 Session settings.

You can use the Remote Control tab of the RDP-Tcp Properties dialog box, shown in Figure 12-5, to set the level of assistance that support staff can provide to those connected to Terminal Services sessions. The default setting uses the settings configured on the Remote Control tab of the user's account Properties in Active Directory Users and Computers. The default settings for Remote Control in Active Directory are to allow remote control and interaction if the user grants permission. By configuring this setting, you can block the use of remote control, allow it with the user's permission, or allow it without prompting the user.

You can configure remote control so that a helper can interact with the session or simply view the session without interacting. When you configure the Do Not Allow Remote Control or Use Remote Control With the Following Settings options, you override the settings applied through the user's account properties.

figure 12-5 Remote control settings.

You can block client attempts to redirect resources through the Client Settings tab of a connection's properties in Terminal Services configuration, as shown in Figure 12-6. You can limit the maximum color depth displayed to 8, 15, 16, 24, or 32 bits per pixel, and you can disable the redirection of local volumes, printers, LPT and COM ports, Clipboard, Audio, and Plug and Play devices.

figure 12-6 Limiting client resources.

On the Security tab, you can configure which groups and users have User Access, Guest Access, and Full Control over the Terminal Services service. User Access allows you to connect and log on locally. Guest Access allows logon but not connections to existing sessions. If Terminal Services has been deployed on a domain controller, it will be necessary also to modify the Allow Log On Through Terminal Services policy to allow remote desktop access. As you can see in Figure 12-7, the default settings allow members of the local Remote Desktop Users group User Access and Guest Access. The local Administrators group is assigned Full Control permission.

Rdp Tcp Advanced Security Defaults
figure 12-7 RDP-Tcp Security.

You can set specific permissions by clicking Advanced on the Security tab of the RDP-Tcp Properties dialog box. Rather than just setting Full Control, User Access, or Guest Access, the Advanced permissions enable you to set more granular rights. As Figure 12-8 shows, you can give security principals the right to use Remote Control to view an active session, forcibly disconnect a user from a session, configure connection properties, and obtain information about Terminal Services servers and sessions. You can use these permissions to allow Help Desk staff access to Remote Control functionality over user sessions without having to grant them local Administrator access on the Terminal Services server.

II Permission Entry for RDP-Tcp

Apply to: J This object only

Apply to: J This object only




Query Information

Set Information

Remote Control






Virtual Channels

|— Apply these permissions: to objects and/or Managing permissions

|— Apply these permissions: to objects and/or Managing permissions

FIGURE 12-8 Advanced RDP-Tcp permissions.

Was this article helpful?

+1 0
Computer Hard Drive Data Recovery

Computer Hard Drive Data Recovery

Learn How To Recover Your Hard Drive Data After A Computer Failure.

Get My Free Ebook


  • myla
    How to Give the user groups Full Control in RDPTcp Security?
    9 years ago
  • joel
    What does session tab in rdptcp properties control?
    9 years ago
  • diamanda
    Where can i find RDP tcp setting on windows 2008?
    9 years ago
  • rian
    How to enable certificate required in RDPTCP setting?
    9 years ago
  • Tyler
    How to configure idle session limit in windows server 2008?
    9 years ago
    Is rdp encrypted 2008?
    9 years ago
  • asmait
    Where to edit RDPTCP Properties dialog box,?
    9 years ago
    Where are rdptcp settings on windows server 2008?
    8 years ago
  • amina
    How to give full control to rdptcp connection?
    8 years ago
  • sigismond
    How to change rdptcp properties maximum connections windows xp?
    7 years ago
  • laura
    What is user access and guest access rdp access control?
    7 years ago
  • leslie
    How do i change group policy rdptcp windows server 2003?
    7 years ago
    Where is rdptcp properties configured in 2008?
    7 years ago
  • asfaha
    How to create rdptcp on windows server 2008?
    7 years ago
  • aira
    How to: change windows terminal server 2008 rdptcp properties?
    7 years ago
    How to change the change security layer of the rdptcp?
    7 years ago
  • Ky
    How to open rdptcp properties in windows server 2003?
    7 years ago
  • banazir
    Where to find rdptcp properties in windows 2008?
    7 years ago
  • Anne
    How to change rdptcp session to "rdp security layer?
    7 years ago
  • Teuvo Rislakki
    What is highest rdptcp version for windows 2008 enterprise?
    7 years ago
  • ailie
    How to increase rdptcp connections?
    7 years ago
  • pirjo
    How to enable rdptcp client settings in windows server 2008?
    7 years ago
  • elen selassie
    Where did rdptcp properties move to in 2008 "use remote control with the following settings"?
    7 years ago
  • bonifacio
    How to check rdptcp properties 2008?
    7 years ago
  • Massawa
    How do u configure rdp tcp properties in win server 2003?
    7 years ago
    How to enable remote control tab on server 2008?
    7 years ago
  • Birikti
    How to change the encryption level of rdptcp in windows server 2008?
    7 years ago
  • hailey
    Why server 2008 rdptcp maximum connection can not change?
    7 years ago
  • adiam
    How to open rdp tcp properties in windows server 2008?
    7 years ago
  • james booher
    How to change rdptcp properties maximum connections 2003?
    7 years ago
  • christopher
    How to increase windows 2008 rdp tcp properties?
    7 years ago
  • clarence
    How to change a rdptcp connection to a normal connection in windows server?
    7 years ago
  • bernd
    How to set 2008 server max tcp sessions?
    7 years ago
  • reima
    How to check rdptcp properties in win 2008 server?
    7 years ago
  • katrin
    How to set rdptcp encryption level high on registry win 2008?
    7 years ago
  • andrea
    How to change security layer of the rdptcp session in windows server 2003?
    7 years ago
  • Charles
    How can configare rdptcp?
    7 years ago
  • David
    How to configure RDPtcp connection in windows server 2008?
    7 years ago
  • mariano milanesi
    Can i manage rdp tcp properties client settings by gpo?
    7 years ago
  • satu
    How to connect server with old sessions ie rdptcp#0?
    7 years ago
  • karen
    Where do we fint the rdptcp properties in the windows 2008 server?
    7 years ago
  • Jaiden
    How to launch RDPTCP properties on windows server 2016?
    1 year ago

Post a comment