Professional Documents
Culture Documents
Use this procedure to configure the local Group Policy object. To change a policy for a domain or an organizational unit, you must log on to the primary domain controller as an administrator. Then, you must open Group Policy by using the Active Directory Users and Computers snap-in. Computers You should thoroughly test any changes you make to Group Policy settings before applying them to users or computers. For more information on testing policy settings, see Resultant Set of Policy . To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups , Default groups , and Using Run as .
Top of page
Compliant. r Compliant For more information about these levels, see Notes, at the end of this topic. 6. server, To use TLS 1.0 to authenticate the server, in Certificate, click Browse, click Select Certificate, and then click the certificate that you want to use. The certificate must be an X.509 certificate with a corresponding private key. For instructions on how to verify whether the certificate has a corresponding private key, see Notes. corresponding 7. To specify that clients log on to the terminal server by typing their credentials in the default Windows logon dialog box, select the Use standard Windows logon interface check box. Note To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. To open Terminal Services Configuration, click Start click Control Panel double-click Administrative Tools and Start, Panel, Tools, then double-click Terminal Services Configuration Configuration. Any encryption level settings that you configure in Group Policy override the configuration that you set by using the Terminal Services Configuration tool. Also, if you enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting, this setting overrides the Set client connection encryption level Group Policy setting. When you change the encryption level, the new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately. To verify that certificate has a corresponding private key, in Terminal Services Configuration, right-click the connection for which you want to view the certificate, click the General tab, click Edit click the certificate that Edit, you want to view, and then click View Certificate At the bottom of the General tab, the statement, "You have a Certificate. private key that corresponds to this certificate" should appear. You can also view this information by using the Certificates snap-in. The FIPS compliant setting (the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting in Group Policy or the FIPS Compliant setting in Terminal Server Configuration) encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140-1 encryption algorithms, using Microsoft cryptographic modules. For more information, see FIPS 140 Evaluation (http://go.microsoft.com/fwlink/?LinkID=34627). The High setting encrypts data sent from the client to the server and from the server to the client by using
strong 128-bit encryption. The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. The Low setting encrypts data sent from the client to the server using 56-bit encryption.