Issue certificate for Terminal services (remote admin)

[Peter Kaufman]

Hi,

1) I have a CA set up, and want to issue a certificate for remote
admin terminal service with IPsec to a DC in another forest that will
dial in to this one. I don't know where to start - do I have the other
DC (the one that will call in) request a certificate, or what?

Thanks for any assistance offered,

Peter

 

[Brian Komar]

1) I have a CA set up, and want to issue a certificate for remote
admin terminal service with IPsec to a DC in another forest that will
dial in to this one. I don't know where to start - do I have the other
DC (the one that will call in) request a certificate, or what?

Thanks for any assistance offered,

Peter

If you plan to use certificates for authentication of the two IPSec
endpoints, you will need to install certificates on both endpoints. For
the computer in the forest where the CA exists, you can request the
IPSec certificate. For the other computer, you will have to request an
IPSec (offline request) certificate and provide the dns name for the
computer. (assuming you are using an enterprise CA).

Are you trying to restrict that only the remote computer is allowed to
connect via Terminal Services (TCP 3389)? If you are just after
encryption, the native encryption for terminal services may be
sufficient, and then restrict access to only administrators.

Brian

 

[Peter Kaufman]

Are you trying to restrict that only the remote computer is allowed to
connect via Terminal Services (TCP 3389)?

Yes.

Thanks, Brian,

Peter