RDP (Remote Desktop Protocol)
Adding an RDP Zero Trust application
This article describes how to configure a Zero Trust RDP Application to a remote Windows instance, such as Windows Server 2016 / Windows 10.
Make sure you are familiar with the server's authentication methods (username and password or RDP keys) and that you have a tunnel connecting your network and the environment that hosts the Windows instance.
- Go to the Applications tab on the Perimeter 81 Platform. Select Add application.
- Fill in the following information:
Application Name: Choose the name of your own choice.
Icon: Use default or choose an icon of your own choice.
Host: Enter the internal IP address of the server to which you'd like to connect.
Network: Choose the network that contains the gateway from which you created a tunnel to the environment that hosts the server you'd like to connect to.
Max number of connections: The maximum number of concurrent RDP sessions.
Ignore server certificate: Yes, unless you activate an RDP over SSL.
Admin console: Connect directly to the console session on the Windows server.
Display Application Icon at Login Screen: Choose according to your preference.
URL Alias (Optional): See further instructions here.
Security Mode: This mode dictates how data will be encrypted and what type of authentication will be performed if any. By default, a security mode is selected based on a negotiation process that determines what both the client and the server support.
Username and Password: Enter one set of credentials as predefined on the server. You will not be required to enter any parameter with the login.
Domain: If applicable, enter your active directory FQDN.
If the Authentication toggle is Disabled, you'll need to insert your credentials as predefined on the Windows instance with every new RDP login.
Windows Server 2016 and Windows 10 instances will need an additional configuration.
Please follow the "How to resolve upstream error" section below.
- Access Groups: State the names of the user group that will have access to the RDP application.
- Policy: Leave blank, or choose a policy that was previously created and matches your needs.
2. If password authentication is disabled, simply edit the application and choose TLS as your security mode.
Registry modifications may be required in case you're operating on a Windows 7 device.
Navigate to HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows NT -> Terminal Services.
- Set the value type to "REG_DWORD".
- Make sure that the enabled value is 1 (disables value is 0).
- Reboot the machine.