Configure the Server Authentication Certificate Template using Group Policy for Remote Desktop Services

The following group policy and certificate template is supported on current versions of Windows Server:

  1. On a computer that has the Group Policy Management feature installed, click Start, Administrative Tools, and then Group Policy Management.
  2. In the navigation pane, expand Forest: ads.iu.edu> Domains>ads.iu.edu>Group Policy Objects. Right-click the group policy object (GPO) you want to modify, and then click Edit. The Group Policy Management Editor will appear.
  3. Navigate to Computer Configuration>Policies>Administrative Templates>Windows Components>Remote Desktop Services>Remote Desktop Session Host>Security.
  4. Double-click the Server Authentication Certificate Template policy.
  5. Enable the policy, type IU Remote Desktop Authentication or IU Remote Desktop Authentication with Subject Name in the "Certificate Template Name" box, and then click OK.
    Note:
    The "IU Remote Desktop Authentication with Subject Name" template was created to resolve compatibility issues with non-Windows clients. UITS recommends using this template if you experience RDP authentication issues with non-Windows clients.
  6. As soon as this policy is propagated to domain computers, every computer that has Remote Desktop Connection enabled will automatically request a certificate based on the template chosen above from the Certification Authority server and use it to authenticate to Remote Desktop clients.

This is document bess in the Knowledge Base.
Last modified on 2021-09-29 10:49:11.