![]() The last step is to configure Group Policy to use certificates based on the “RemoteDesktopComputer” template for Remote Desktop authentication. Now the “RemoteDesktopComputer” template is published and can be used in certificate requests. ![]() Select “RemoteDesktopComputer”, and then click “OK.” The “Enable Certificate Templates” dialog box appears. Right-click on “Certificate Templates”, then select “NewCertificate Template to Issue” from the menu that appears. On the computer that has your enterprise Certification Authority installed, start the Certification Authority MMC snap-in. Publishing the “RemoteDesktopComputer” certificate template: The next step is to publish the template. Now the “Edit Application Policies Extension” dialog box should look like this:Ĭlick “OK” in this dialog box, and then click “OK” in the “Properties of New Template” dialog box. Select “Remote Desktop Authentication” in the “Add Application Policy” dialog box, and then click “OK.” In this dialog box, set “Name” to “Remote Desktop Authentication” and “Object Identifier” to “1.3.6.1.4.1.311.54.1.2”, and then click “OK.” The “New Application Policy” dialog box appears. The “Add Application Policy” dialog box appears. ![]() To create the “Remote Desktop Authentication” policy, first remove both the “Client Authentication” and “Server Authentication” policies, and then click “Add…” Doing the latter will prevent certificates based on this template from being used for any purpose other than Remote Desktop authentication. Now you can either remove the “Client Authentication” policy leaving the “Server Authentication” policy, or you can use the special “Remote Desktop Authentication” policy. The “Edit Application Policies Extension” dialog box appears. On the “Extensions” page, select “Application Policies”, and then click the “Edit…” button. Note: it is important to use the same string for both properties. On the “General” page of this dialog box, set both “Template display name” and “Template name” to “RemoteDesktopComputer”. The “Properties of New Template” dialog box will appear. In the “Duplicate Template” dialog box, choose “Windows Server 2003 Enterprise” template version. On the computer that has your enterprise Certification Authority installed start MMC and open the “Certificate Templates” MMC snap-in.įind the “Computer” template, right-click on it, and then choose “Duplicate Template” from the menu. This method allows you to install Remote Desktop certificates on multiple computers in your domain but it requires your domain to have a working public key infrastructure (PKI).įirst, you need to create a Remote Desktop certificate template.Ĭreating Remote Desktop certificate template: Part I: Using Group Policy and Certificate Templates. The first method is using Group Policy and Certificate Templates, and the second one is using a WMI script. There are two possible ways to accomplish this. Though no such tool is available on Client operating systems such as Windows Vista and Windows 7, it is still possible to provide them with certificates for Remote Desktop connections. This is easy to configure using the “Remote Desktop Session Host Configuration” tool on Server operating systems. Starting with Windows Server 2003 SP1, it is possible to provide server authentication by issuing a Secure Sockets Layer (SSL) certificate to the Remote Desktop server. ![]() First published on CloudBlogs on Apr, 09 2010
0 Comments
Leave a Reply. |