Security

All performed using the IIS Crypto tool

More knowledge to turn off TLS 1.0/1.1 successfully

You have to uncheck Set Client Side Protocols

This link will show you how to manually edit the settings too in case you need to go and disable (Enabled=DWORD(0)) for Client registry keys

2018-12-02 18_44_33-Server 2016 with RDS [Running] - Oracle VM VirtualBox

These are the ciphers that i have tested so far

2018-12-03 19_02_52-Work - it-lemmermann.snet.crouse.org - Remote Desktop Connection


Lockdown Drives

To help prevent some exploits (reference below), I would suggest hiding and restricting servers drives

2018-08-03 13_57_41-Clipboard

A=1,B=2,C=4,D=8,E=16,F=32,G=64,H=128,I=256, etc

https://hunter2.gitbook.io/darthsidious/defense-evasion/from-rds-app-to-empire-shell

Block Users from Saving Passwords

(copied without Permission)

please.go.away
  Computer Configuration\
                         Policies\
                              Administrative Templates\
                                    Windows Components\
                                          Remote Desktop Services\
                                                 Remote Desktop Connection Client
     Do not allow passwords to be saved = ENABLED
i.have.gone

https://community.spiceworks.com/topic/462809-rdp-shortcut-get-rid-of-remember-my-credentials-on-the-client-side

Lockout a Group of users from Logging in (ie Generic accounts)

Now log into your RD Web Access server and browse to C:\Windows\Web Right-click the RDWeb folder and choose Properties.
Set the permissions and click Deny

2019-01-02 09_00_57-crh16vrdpgate01 - Remote Desktop Connection

2019-01-02 09_53_38-RD Web Access - Internet Explorer

http://www.vkernel.ro/blog/restrict-users-from-login-to-remote-desktop-web-access



Enable SCHANNEL logging


http://support.microsoft.com/kb/260729

The following will log everything;

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL] "EventLogging"=dword:00000007

You will then have events in the SYSTEM log for example;

An SSL client handshake completed successfully. The negotiated cryptographic parameters are as follows.

Protocol: TLS 1.0 CipherSuite: 0x2f Exchange strength: 1024

Google the resulting cipher suite.

FAWC

When using Elliptic Curve certificates you will also get something like the following as the certificates are exchanged;

An SSL server handshake completed successfully. The negotiated cryptographic parameters are as follows.

Protocol: TLS 1.0 CipherSuite: 0xc009 Exchange strength: 256

https://security.stackexchange.com/questions/45867/how-do-i-verify-exactly-which-cipher-suite-is-in-use-for-this-remote-desktop-ses