locked
Windows 7: how do I run Remote Desktop server with 3DES disabled? RRS feed

  • Question

  • Hi All,

        On Windows 7, how do I run a Remote Desktop (RDP, MSRSC) server with 3DES disabled?

    Many thanks, -T

    Thursday, February 2, 2017 2:34 AM

All replies

  • Hello,

    You can run gpedit.msc from Start menu to open Local Group Policy Editor, find Require use of specific security layer for remote(RDP) connections from the location below. Enable this policy, and set the Security Layer as SSL.

    Computer configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security



    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 3, 2017 6:31 AM
  • My screen shows : Security Layer SSL (TLS 1.0)

    Both the SSL (TLS 1.0) and the RDP setting fail my sweet32 scan. 

    warnings: 64-bit block cipher 3DES vulnerable to SWEET32 attack

    Saturday, February 4, 2017 6:15 AM
  • Hello,

    Please run regedit.exe from command prompt to open Registry Editor. Uner the location atHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\, create a DWORD value named Triple DES 168, and set the disable value data as 0.

    After that, please restart the computer.

    More information, please refer to the following article.

    https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protocols-in-schannel.dll

    Best regards

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 6, 2017 9:23 AM