2 Questions about Window server 2019 RD Gateway and VDI VMs

%3CLINGO-SUB%20id%3D%22lingo-sub-820780%22%20slang%3D%22en-US%22%3ERe%3A%202%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820780%22%20slang%3D%22en-US%22%3EI'll%20let%20someone%20else%20pipe-in%20about%20the%20security%20portion%20of%20your%20question%2C%20but%20for%20the%20first%20part%2C%20this%20might%20help%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F231289%2Fusing-group-policy-objects-to-hide-specified-drives%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F231289%2Fusing-group-policy-objects-to-hide-specified-drives%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-820819%22%20slang%3D%22en-US%22%3ERe%3A%202%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820819%22%20slang%3D%22en-US%22%3EThanks%2C%20worked%20like%20a%20charm!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-820824%22%20slang%3D%22en-US%22%3ERe%3A%202%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820824%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310193%22%20target%3D%22_blank%22%3E%40HotCakeX%3C%2FA%3E%26nbsp%3B-%20Whoo%20Hooo!%20Glad%20to%20know.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-820751%22%20slang%3D%22en-US%22%3E2%20Questions%20about%20Window%20server%202019%20RD%20Gateway%20and%20VDI%20VMs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-820751%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%2C%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F128281i0BC62A5998376AB2%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Annotation%202019-08-23%20235625.png%22%20title%3D%22Annotation%202019-08-23%20235625.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethat%20C%20drive%20belongs%20to%20the%20RD%20host%20server.%20how%20can%20I%20hide%20it%20from%20the%20RD%20VM%20clients%3F%20obviously%20they're%20not%20supposed%20to%20be%20seeing%20the%20server's%20files.%20I've%20setup%20VDI%20on%20Win%20server%202019%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecond%2C%20should%20I%20use%20RD%20gateway%20or%20VPN%20(IKEv2%20or%20SSTP)%20to%20provide%20access%20for%20clients%20that%20want%20to%20connect%20to%20the%20RD%20session%20(their%20VM%20on%20VDI%20server)%20from%20Internet%2C%20(like%20when%20they%20go%20home)%3F%20what%20are%20the%20pros%20and%20cons%20of%20VPN%20and%20RDG%20when%20there%20is%20a%20single%20vs%20multiple%20RDS%20hosts%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esecond%20and%20half%2C%20what%20if%20I%20use%20a%20VPN%20protocol%20like%20PPTP%20that%20doesn't%20require%20CA%20and%20certificates%3F%20I%20know%20that%20PPTP%20is%20literally%20a%20decrypted%20traffic%20on%20the%20internet%20but%20will%20it%20cause%20any%20security%20vulnerability%20when%20the%20RD%20session%20itself%20is%20HTTPS-SSL%20encrypted%20via%20the%20VDI%20server's%20self-singed%20certificate%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-820751%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHyper-V%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EManagement%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Honored Contributor

First,

Annotation 2019-08-23 235625.png

 

that C drive belongs to the RD host server. how can I hide it from the RD VM clients? obviously they're not supposed to be seeing the server's files. I've setup VDI on Win server 2019

 

 

Second, should I use RD gateway or VPN (IKEv2 or SSTP) to provide access for clients that want to connect to the RD session (their VM on VDI server) from Internet, (like when they go home)? what are the pros and cons of VPN and RDG when there is a single vs multiple RDS hosts?

 

second and half, what if I use a VPN protocol like PPTP that doesn't require CA and certificates? I know that PPTP is literally a decrypted traffic on the internet but will it cause any security vulnerability when the RD session itself is HTTPS-SSL encrypted via the VDI server's self-singed certificate?

 

Thanks in advance.

3 Replies
Highlighted
I'll let someone else pipe-in about the security portion of your question, but for the first part, this might help:

https://support.microsoft.com/en-us/help/231289/using-group-policy-objects-to-hide-specified-drives
Highlighted
Thanks, worked like a charm!
Highlighted

@HotCakeX - Whoo Hooo! Glad to know.