You can just generate a certificate yourself. The client will then be warned that the cert cannot be verified and told not to connect. You will have to configure the client side or set expectations.
Better idea: Use a firewall in front of the Terminal Server. You should have a gateway firewall device that allows VPN tunneling. Then you don't have to publish RDP externally (something you should never do).
If you have a nice VPN then the RDP is as secure as the tunnel it travels through. You can get pretty strong encryption on the VPN.
Once connected the client will look like it is inside the network and RDP will act normally.
now when you say firewall, so i can understand better, a router has a firewall, and the terminal server or computer has a firewall, built in of coarse, is there something more specific your talking about, i hear alot of people say to put a firewall, but i've never asked what they meant.
i have cisco client vpn that i use for a ptp for 2 sites, i can have users connect the vpn and the use the local ip for login to the server. Essentially, this would be an extra step to connect correct.
Using a SSL VPN would be a good solution. I use an open source app known as OpenALS (also known as adito). This runs the RDP connection as a java applet....meaning you connect via a web browser and the RDP connection is a separate browser window. The Cisco ASA ssl vpn works the same way for more $$$.
Beware that there are many hacks for native Terminal Services, so if you want to connect over the Internet, a VPN would be much more secure. I see at least a half-dozen automated attacks aimed at the standard RDP port in my firewall logs every single day.
Collapse -
correction: the product i use is called OpenVPN ALS
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
What Is The Best Way To Secure Terminal Services?
Buy a certificate?, not really sure how that works, i have heard of 2X client, is that used for RDP, or other ways?
Thanks