Microsoft Remote Access

If you are using remote access, you need to set up a terminal server to use high-security access for Remote Desktop and it should be set to disconnect or lock the terminal after a period of inactivity. (PCI requirement 12.3)
This typically needs a copy of Windows STANDARD Server version or better (not the windows OFFICE server version). If you bought a standard server under the Techsoup donated software program, you will likely have two CAL licences for the terminal server and may need to add some additional licences.

 

Windows 2012/2016/2019/2022 Terminal Server

Terminal Server is a great way to allow access from any location to your office. It has the benefits of:

  • allowing restricted access to your internal LAN by only allowing access to specific services or programs for a user.
  • working in conditions where internet connection bandwidth is poor since it is a screen-scraper technology and optimizes only transmission of screen changes
  • allows report printing to ticket printers on LPT ports

When connecting from any workstation to the current versions of Terminal Server, the server defaults to high encryption. It is good practice to verify that the setting has not been lowered.

Step Purpose Installation instructions or link
1. Verify Terminal Server settings The following links detail the security settings in Windows Server 2003. Server 2003 defaults to High encryption, but it is a good practice to make sure it hasn't been lowered accidentally.

support.microsoft.com/kb/814590

Terminal Server 2008/2012/2016/2019 and 2022 should default to high encryption.

2. Verify RDP settings RDP should be set to always prompt for a password.