![microsoft rdc for mac gateway microsoft rdc for mac gateway](https://confluence.research.cchmc.org/download/attachments/109674625/mac_update.png)
Once a Group Poliy refresh occurs or on the next boot, the target Windows machines will autoenroll for the certificate and configure their RDP listener. Edit the policy and enable the following setting:Ĭomputer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security / Server authentication certificate templateĪdd the name of the certificate template and shown in the screenshot below: To configure autoenrollment, I’ve created a new GPO dedicated to the autoenrollment setting and linked it to the organisational units containing server and workstation computer account objects. In my case this is ‘RemoteDesktopComputerv2’ (the display name, minus the spaces). However, the important name to note for the next step is the actual template name, which can be found on the General tab of the template. Since my first template failed, it’s actually called ‘Remote Desktop Computer v2’.
![microsoft rdc for mac gateway microsoft rdc for mac gateway](https://devices.docs.cern.ch/pss/img/RemoteDesktopClientMac.png)
In my lab my certificate template display name ‘Remote Desktop Computer’. Save the template and configure your CA to issue the new template.
![microsoft rdc for mac gateway microsoft rdc for mac gateway](https://www.repairwin.com/wp-content/uploads/2019/03/image-36.png)
See below for the actual ‘Remote Desktop Authentication’ policy.Īdding the ‘Remote Desktop Authentication’ policy requires adding a new extension named ‘Remote Desktop Authentication’ (or similar) with an object value of “1.3.6.1.4.1.311.54.1.2” (excluding quotes).
![microsoft rdc for mac gateway microsoft rdc for mac gateway](https://tcsp360.com/wp-content/uploads/2020/12/Microsoft-Remote-Desktop-0x3000064-Unable-to-connect.png)
Navigate to the Extensions tab, edit the ‘Application Policies’ extension and remove ‘Client Authentication’ from the list.Īfter you added the ‘Remote Desktop Authentication’ policy, you should see the policies and see in the following dialog box. Use this template because it already has the Server Authentication policy enabled. To create the new template, open the Certificate Templates console and duplicate the Computer template. In my lab, I’ve created a ‘Remote Desktop Computer’ certificate template and enabled it to be autoenrolled via Group Policy. This article has a great walk-through of the entire process and more: RDP TLS Certificate Deployment Using GPO. Some articles will walk through this configuration and recommend removing the Server Authentication policy however, the certificates will then not work on non-Windows clients. This was key for OS X clients - both of these policies must exist. To configure a certificate for use with Remote Desktop Services (or RDP into any Windows PC), you’ll need to create a new certificate template and enable both the Server Authentication and the Remote Desktop Authentication application policies.
#Microsoft rdc for mac gateway Pc
When connecting to a Windows PC, unless certificates have been configured, the remote PC presents a self-signed certificate, which results in a warning prompt from the Remote Desktop client. Windows has supported TLS for server authentication with RDP going back to Windows Server 2003 SP1.