System administrators are preoccupied with one major thing: security credentials over a Remote Desktop connection. This happens because the desktop connection can become a conduit for malware, which can affect other computers as well. This is exactly the reason why Windows developers warn users about trusting PCs, since an untrusted computer can bring lots of harm to your machine when you connect to a remote desktop.
Thankfully, Windows 10 v1607 includes a new feature called Remote Credential Guard which can help you protect the remote desktop credentials found on the Windows Server 2016 and Windows 10 Enterprise. It is designed to eliminate threats before they affect your machine and manages to do so by redirecting Kerberos requests back to the device that requested the connection.
Moreover, it can offer you easier sign-in experiences to Remote Desktop sessions. In case the target device is compromised, your credentials will not be exposed since both them and their derivatives wouldn’t be sent to the target device.
There are two ways in which you can use a Remote Credential Guard:
- Make sure that your credentials are protected. This tool doesn’t allow them to reach the target device.
- Helpdesk employees can use the tool in order to connect to the target device without letting malware gain access to their credentials.
Remember that this useful tool only works through the RDP protocol and that both the server and the client must authenticate through Kerberos. Moreover, both domains need to have a trusted relationship or they must have the same domain to join them. Also, the Remote Desktop Gateway is not compatible with the Remote Credential Guard, so keep all this in mind when you try this procedure.
RELATED STORIES TO CHECK OUT: