Home

2 Questions about Window server 2019 RD Gateway and VDI VMs

%3CLINGO-SUB%20id%3D%22lingo-sub-820780%22%20slang%3D%22en-US%22%3ERe%3A%202%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820780%22%20slang%3D%22en-US%22%3EI'll%20let%20someone%20else%20pipe-in%20about%20the%20security%20portion%20of%20your%20question%2C%20but%20for%20the%20first%20part%2C%20this%20might%20help%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F231289%2Fusing-group-policy-objects-to-hide-specified-drives%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F231289%2Fusing-group-policy-objects-to-hide-specified-drives%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-820819%22%20slang%3D%22en-US%22%3ERe%3A%202%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820819%22%20slang%3D%22en-US%22%3EThanks%2C%20worked%20like%20a%20charm!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-820824%22%20slang%3D%22en-US%22%3ERe%3A%202%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820824%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310193%22%20target%3D%22_blank%22%3E%40HotCakeX%3C%2FA%3E%26nbsp%3B-%20Whoo%20Hooo!%20Glad%20to%20know.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-820751%22%20slang%3D%22en-US%22%3E2%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820751%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%2C%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F128281i0BC62A5998376AB2%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Annotation%202019-08-23%20235625.png%22%20title%3D%22Annotation%202019-08-23%20235625.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethat%20C%20drive%20belongs%20to%20the%20RD%20host%20server.%20how%20can%20I%20hide%20it%20from%20the%20RD%20VM%20clients%3F%20obviously%20they're%20not%20supposed%20to%20be%20seeing%20the%20server's%20files.%20I've%20setup%20VDI%20on%20Win%20server%202019%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecond%2C%20should%20I%20use%20RD%20gateway%20or%20VPN%20(IKEv2%20or%20SSTP)%20to%20provide%20access%20for%20clients%20that%20want%20to%20connect%20to%20the%20RD%20session%20(their%20VM%20on%20VDI%20server)%20from%20Internet%2C%20(like%20when%20they%20go%20home)%3F%20what%20are%20the%20pros%20and%20cons%20of%20VPN%20and%20RDG%20when%20there%20is%20a%20single%20vs%20multiple%20RDS%20hosts%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esecond%20and%20half%2C%20what%20if%20I%20use%20a%20VPN%20protocol%20like%20PPTP%20that%20doesn't%20require%20CA%20and%20certificates%3F%20I%20know%20that%20PPTP%20is%20literally%20a%20decrypted%20traffic%20on%20the%20internet%20but%20will%20it%20cause%20any%20security%20vulnerability%20when%20the%20RD%20session%20itself%20is%20HTTPS-SSL%20encrypted%20via%20the%20VDI%20server's%20self-singed%20certificate%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-820751%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHyper-V%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EManagement%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
HotCakeX
Respected Contributor

First,

Annotation 2019-08-23 235625.png

 

that C drive belongs to the RD host server. how can I hide it from the RD VM clients? obviously they're not supposed to be seeing the server's files. I've setup VDI on Win server 2019

 

 

Second, should I use RD gateway or VPN (IKEv2 or SSTP) to provide access for clients that want to connect to the RD session (their VM on VDI server) from Internet, (like when they go home)? what are the pros and cons of VPN and RDG when there is a single vs multiple RDS hosts?

 

second and half, what if I use a VPN protocol like PPTP that doesn't require CA and certificates? I know that PPTP is literally a decrypted traffic on the internet but will it cause any security vulnerability when the RD session itself is HTTPS-SSL encrypted via the VDI server's self-singed certificate?

 

Thanks in advance.

3 Replies
I'll let someone else pipe-in about the security portion of your question, but for the first part, this might help:

https://support.microsoft.com/en-us/help/231289/using-group-policy-objects-to-hide-specified-drives
Thanks, worked like a charm!

@HotCakeX - Whoo Hooo! Glad to know. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies