05. Create and Deploy RDP TLS Certificate with GPO

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone welcome to a massive T webcast in this video I am going to show you the simple steps to create Remote Desktop certificate template in the windows over 2019 certification Authority and how to deploy it using group policy remember this is a taste environment created in VirtualBox so you can have an idea about the configuration steps I am using the same T's lab which we have used in the last video this is our domain controller for my lab DeLuca domain but the hostname WS took in 19 - this is 0-1 on this server we have installed and configured enterprise root certification Authority for this demo we have one member server as well this is our member server which is part of our my lab group local active directory dooming but the hostname WS 2k 19 - s a v01 on this server already I have enabled remote desktop last click on it as you can see the remote desktop is enable with native level authentication and already firewall exception are also in a place before we start configuration let me show something from domain controller and green to take a remote desktop of our member server let's type a musty SC in a run menu and press Enter key here I'm going to specify the IP address of our member server which is 170 2.1 8.72 dot nine let's click on connect here I'm being just pass over the password for our mile up slash administrator account and let's click on OK button here we are interested in certificate so let's click on view certificate and here you can see this as a self signed certificate which is issue by its sub itself to look at server fine so this is a certificate which we have before the configuration fine now let's click on OK button and we could no because we are not going to take remote daxter now let's open certification authority management console because we are going to create a new template for remote next of authentication as click on tools and select a certification authority and our c+ click on certificate template right click on certificate templates and select manage that is going to open a certificate template management console from this console we are going to copy that computer certificate template and by using this certificate template will create a new certificate template for remote text or authentication right click on computer certificate template and select in duplicate template on the console you can change the comp ability as per your requirement but for the stage tournament I'm not going to change it now the first thing which we are going to change is on a general tab let's click on general tab now here you need to specify the template name which you want to display for this demonstration I'm going to give name RDP authentication fine this is the name for our certificate template RDP authentication remember you will need this name when you configure group policy here we have a settings related to validity period and in your period you can change this as per your requirement I am also going to select publish the certificate in active directory fine now we are going to click on extension step and you can see under application policies you can see client authentication and server authentication czar there are going to modify it so let's click on edit button and the first thing which I'm going to do is let's remove client authentication application policy so select it and click on remove it now we need to add a remote taxed of authentication application policy which is not created by default must become add we need to create it so for that we need to click on new button now here we need to specify the name of new application policy which will be a remote text of authentication in our case fine now we need to specify the object identifier associated with that application policy for remote desktop authentication you can find the object identifier from Microsoft TechNet website as well I am also going to mention this object identifier number in a description area as well you this is the object identifier for remote desktop authentication fine nice click on OK button and already that application policy is selected the squeakin okay so now as you can see we have a remote desktop authentication and server authentication application policy for our this new template nice click on OK button now I'm going to click on security tap and first of all and in to click on domain computers because by default all computers account a member of this group domain computers as you can see the enroll permission is there see if you want you can also add a specific group to assign permission as per your requirement one more thing which I'm going to change here is I'm going to give a repo mission as well fine now let's click on request a handling tap and here I'm going to select allow private key to be exported the next thing which we are going to change is on cryptographic tap here I'm going to specify the minimum key size to 4 0 9 6 bit ass click on apply' and click on okay so in future if you want to modify any settings that time you simply need to select that certificate template right click on it and go for the properties you can change the settings as per your requirement fine so now we have our DP certificate template ready but before we can use it we need to issue this template to our local CA to assign so now I'm going to close this certificate management console and on certification authority console we need to right click on certificate templates click on new and select certificate template to issue now here we need to select newly created certificate template which we have created for remote desktop authentication this is a certificate select it and click on OK now our local seek an issue certificate requested from a remote desktop template remember the name that is RDP authentication so the next part is configuring the group policy object to utilize the new template for this demonstration in Active Directory users and computers snapping I have created one oh you for the testing purpose but the name test server accounts and under that the computer account of our member server is stored so we are going to create a GPO and link it to this oh you for the testing purpose now I'm going to open group policy management console let's click on tools and select group policy management expand group policy objects right click on it and select new you can specify the name of the CPU as you wish for this demo I am giving name our device certificate deployment GPU mass click on OK button let's select the newly created GPU right click on it and select edit on group policy management editor console under computer configuration we need to expand policies then we need to expand address our two templates click an expand Windows component under Windows component you will find Remote Desktop Services expand it under that you will find remote tech stop session host expand it and then click on security heal certain settings are there which we need to modify now the first setting is there so the authentication certificate template which we need to modify so let's double click on it I'm going to select enable and here you need to specify the name of certificate template which you are going to use in our case the name is our DP or thent occation fine so we need to specify the same exact name here fine this is the name of our certificate template and if you authentication click on apply and click on OK in order to use SSL to connect to a service we need to configure another policy settings which is a required use of specific security layer for remote connections plus double click on it here I'm going to select it let's select enable and from security layer we need to select SSL fine let's click on apply and ok remember already we have enabled remote backstop on our member server if you haven't you can also use group policy settings to do that things as well now we are ready to deploy group policy object on our member server now I'm going to close this group policy management editor consume let's go back to a group policy management console and here and the index one tastes to you this is the oh you where we have store our member service computer accountant so let's right click on paste service account to you and select link an existing GPU from group policy objects we need to select our GPU which is RDP certificate deployment GPU mus Riggin ok mine group policy object has been successfully linked to our view now it's time to taste the result let's go back to our members server I'm going to close this almond is a console first because we need to update the group policy manually on this computer and then we are going to restart a member server so let's open a run menu first let's type CMD press Enter key at a command prompt we need to type command gpupdate is less force let's press Enter key BB is then use base policy has been successfully updated we need to restart this computer in order to successfully apply the group policy objects plus closed command prompt and let's restart a member server okay fine have to restart again I'm going to login as a domain admin on our member server fine let's open not bed first okay let's go back to have a domain controller on a certification authority management console I'm going to click on issued certificates now here you can see our certificate which is issued to our member server you can see the name is there my laps less WS 2 K 19 - as Savi 0 - and the most important thing which you cannot is here a certificate template under certificate template you can see a different occassions certificate is there fine so this is a certificate which has been successfully assigned to of a member server now let's cease this by taking remote extra connections of our member server let's press Windows key and as type come on MST sc+ please enter key now specify the IP address of our member server which is 170 2.18 dot 72 . 9 + click on connected I'm going to specify the credential of our domain admin ass click on OK must click on view certificate and here you can see this certificate is issued by our local certification authority which is my lab - ws2 gay 19 having this is 0-1 I can see and this is a trusted certificate here you can see that object identifier number is also there which we have assigned to Remote Desktop authentication certificate template has weakened okay and even yes as you can see they are successfully able to take a remote desktop of our member server and that not bad which we have open on our member server is available here so this is the way have you can create remote dextra both indications certificate template in a Windows Server 2000 19 certification authority and you can use group policy to deploy that certificate to your member service that concludes our video demonstration thank you all for watching this video
Info
Channel: MSFT WebCast
Views: 12,963
Rating: undefined out of 5
Keywords: create rdp certificate, create rdp certificate template, create rdp certificate server 2019, create remote desktop certificate, RDP TLS Certificate Deployment Using GPO, secure rdp access with certificate, Configure the Server Authentication Certificate Template, Deploy RDP TLS Certificate with GPO, Deploy certificates using Group Policy, install certificate for remote desktop connection, removing self signed rdp certificates, windows server 2019 tutorial, ssl, rdp
Id: -TECgemk_88
Channel Id: undefined
Length: 13min 9sec (789 seconds)
Published: Wed Sep 04 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.