![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 60%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,622 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 97%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Hello,
In Microsoft Remote Desktop Services (RDS), security is implemented through various layers and encryption levels to ensure the protection of data and secure remote connections.
- Security Layer
This setting determines the security method used when clients connect to an RD Session Host server.
The three available security layers are:
- SSL (TLS 1.0) SSL (TLS 1.0) will be used for server authentication and for encrypting all data transferred between the server and the client.
- Negotiate The most secure layer that is supported by the client will be used. If supported, SSL (TLS 1.0) will be used. If the client does not support SSL (TLS 1.0), the RDP Security Layer will be used. This is the default setting.
- RDP Security Layer Communication between the server and the client will use native RDP encryption. If you select RDP Security Layer, you cannot use Network Level Authentication.
For more information, refer to: Secure RDS (Remote Desktop Services) Connections with SSL | Microsoft Learn
- Encryption Level
This setting determines the extent to which data sent between the client and server is encrypted.
Standard RDP Security supports four levels of encryption: Low, Client Compatible, High, and FIPS Compliant. The required Encryption Level is configured on the server.
- Low: All data sent from the client to the server is protected by encryption based on the maximum key strength supported by the client.
- Client Compatible: All data sent between the client and the server is protected by encryption based on the maximum key strength supported by the client.
- High: All data sent between the client and server is protected by encryption based on the server's maximum key strength.
- FIPS: All data sent between the client and server is protected using Federal Information Processing Standard 140-1 validated encryption methods.
Enhanced RDP Security supports a subset of the encryption levels used by Standard RDP Security. When a client connects to a server configured for Enhanced RDP Security, the selected encryption level returned to the client is ENCRYPTION_LEVEL_NONE (0). This is due to the fact that the encryption for the session is provided by an External Security Protocol and double-encryption of the RDP traffic (although possible) is not desirable from a performance standpoint.
Best regards
Jacen
———————————————————————————————————————
If the Answer is helpful, please click "Accept Answer" and upvote it.