Microsoft licensing terms being modified for dedicated hosting cloud services; Now is a great time to consider monthly MS licensing through the SPLA program

Starting October 1, 2019, Microsoft is modifying their licensing terms related to outsourcing rights and dedicated hosted cloud services.  Beginning October 1, 2019, on-premises Microsoft licenses purchased without Software Assurance cannot be deployed on dedicated hosted cloud services offered by the following “Listed Providers”: Microsoft, Alibaba, Amazon and Google.  Riptide Hosting is not one of […]

Avoiding Downtime – How Riptide Hosting helps keep your business server & applications running.

Power Failures – Our datacenters have redundant commercial power feeds, UPS systems and diesel generators. Compare this to a single power feed that is typical in an office building. Network / Internet / ISP Failures – Riptide Hosting uses premium bandwidth with multiple network providers blended together for maximum update. Compare this to a single […]

Windows Server 2008r2 and SQL Server 2008r2 End-of-Life End-of-Support coming soon

Windows Server 2008r2 and SQL Server 2008r2 will be END OF SUPPORT soon. This means no more security updates. SQL Server 2008/R2 supports ends July 2019 and Windows Server 2008R2 support ends January 2020. Contact us to migrate from Windows Server 2008r2 to 2016 at no charge!

Methods to Secure Windows Remote Desktop RDP

How To Secure Windows Remote Desktop In September 2018 the FBI issued a public service announcement regarding risks and hacking attempts again the RDP protocol.  See the announcement here which includes some suggestions (with additional considerations below) https://www.ic3.gov/media/2018/180927.aspx Considerations For Securing your Windows Server / RDP Terminal Server Here is a list of various actions to […]

RD Session Host Security settings in Windows Server 2016

RD Session Host Security settings in Windows Server 2016 (SSL, High encryption, etc.) Gpedit.msc, computer configuration, administrative templates, windows components, remote desktop services, remote desktop session host, security, see various options. “Require use of specific security layer for remote (RDP) connections” – Changing Security Layer to SSL is the recommendation listed in Windows 2016, “Client […]

Enable Group Policies to automatically logoff disconnected sessions or idle sessions after X minutes/hours

Enable Group Policies to automatically logoff disconnected sessions or idle sessions after X minutes/hours Not only does this reduce server resources (ram/cpu) that are used up by disconnected sessions and affecting the overall performance of the remote desktop server, automatically logging off disconnected and idle sessions may help lessen risk if vulnerabilities in Windows are […]

RD Gateway Role in RDS

RD Gateway Role in RDS Using the Remote Desktop Gateway Role (RDGW) provides additional security by forcing RDP traffic over https/port 443 (requires SSL certificate) instead of port 3389. General steps to install the RDGW role on Windows Server 2016: (we have a more detailed post on this too) Install RDGW role which will also […]

Windows Server Lockout Policies

Lockout Policies (based on username attempts, not IP addresses): To lock out an account for a period of time after a number of incorrect login attempts (to create delay with recurring failed logins), you can set up Account Lockout Policies in Windows.  It does NOT apply to the Administrator account (so you may want to […]

Limit users who can login via RDP

Limit users who can login via RDP By default, all users in the “Administrators group” have RDP access rights.  And, of course, all users in the “Remote Desktop Users group” have RDP access rights too.  If you only want some members of the Administrators group to have RDP access, you can adjust this in Local […]

Change RDP Listening Port

Change RDP Listening Port from default 3389 Changing the RDP listening port to a non-default port may not defeat a determined hacker but it should reduce attacks from automated bots.  **Remember to create new firewall rules to allow the new port number so you don’t accidently lock yourself out.  And remember that end-users will need […]

Windows Server 2016 VPN

VPN Using a VPN with RDP is more secure because it provides two steps to access your network.  You could require clients to connect with a VPN first before being able to RDP to the server.  Unless you are using our Dedicated Server Hosting offering where you can have a hardware vpn device, you will […]

Two-Factor / Dual-Factor Authentication

Two-Factor / Dual-Factor Authentication There are several third-party software products available that enable two-factor authentication.  One third party software option is Duo Security (www.duo.com) which provides two-factor authentication for RDP access (and more) where you have to enter a code during RDP login that you receive on your smartphone first.  Duo has a free personal […]

Disable built-in Administrator account

Disable built-in Administrator account (create alternative admin account) All Windows Servers come with the built-in Administrator account (SID 500) by default and all administrator accounts have RDP access by default (when RDP is enabled overall).  Therefore the Administrator account, if port 3389 is open, is frequently the target of repeated brute-force hack attempts against this […]