New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
A lot depends on how true are 4 vCores allocated to the VPS.
My @Clouvider “2 vCores” VPS runs smoothly with Windows Server 2022 OS
Some way to optimize:
@Fubukibox Could always use Tiny11
https://archive.org/details/tiny-11-NTDEV/
https://archive.org/download/tiny-11-NTDEV/tiny11 23H2 x64.iso
But the base versions of Windows Server are pretty lightweight and using the built in RDP funny enough actually makes the experience seem better rather than using something like Teamviewer or Anydesk. (Not that they are bad programs. I use them both for when needed)
There are a few pointers for helping securing RDP that I've gathered.
Enable remote desktop
windows->run->secpol.msc
-Account Policies->Account Lockout Policy->Account lockout threshold ->3->Lockout duration->60 min->Reset account lockout counter after->60min
-local policies->user rights assignment->Allow log on throught remote desktop services->OK
-Remove all users/groups ->Add only assigned users->OK
windows->run->gpedit.msc
-Expand-> administrative templates-> windows components->remote desktop services->remote desktop session host->security
-set client connection encryption level->enable->high level->Apply-OK
-require secure rpc communication->enable->Apply->OK
-require use of specific security layer dfor remote rdp connections-> enable-> "Security Layer"->ssl->Apply-OK
-require user authentication for remote connections by using network level authentication->enable->Apply-OK
windows->run->regedit.exe
-hkey_local_machine->system->currentcontrolset->control->terminal server->winstations->rdp-tcp->portnumber
-portnumber->decimal->"whatever you want the number to be"->OK
windows->windows defender firewall->advanced settings->inbound rules->"new rule"
-port->next->specific remote ports: "Port number from regedit"->next->next->name: rdp Custom->finish
- to add Allowed IPs to list - > Double click on RDP -> Scope -> Remote IP address -> Add -> "Type in IP" -> OK -> Apply -> OK
Securing to your own IP address is always recommended if able.
Please note: There are more methods to securing RDP. This is just some tips to help.
Disclaimer: These steps are provided for general security guidance only. I am not responsible for any data loss, security breaches, system damage, or unauthorized access that may occur as a result of using or misconfiguring these settings, including but not limited to weak passwords, exposed services, or user error. You implement these changes at your own risk.
It's been a few days using Windows 2022 and i already have RDP locked to my CH vps. (Using the windows firewall) i usually already use the built-in RDP on windows 11. im not sure if tiny11 would even work on my vps since i have to manually install the drivers n such and since im stuck on a cellular network (Verizon) i usually be connected to my CH vps over wireguard. I have my phone connected to my pc over USB Tethering and normal tethering + TTL hack on windows since my cellular hotspot plan is ass (100GB) but it's stable-ish since i have "unlimited data" it's eh. i remember getting up to 400GB once
If you can install Windows 2012 R2, that would be the best choice.
In general, disabling automatic updates and checking, as well as disabling antivirus and using Chrome instead of Edge
Windows 2022 works fine for my use case atm since it's newer then 2012 R2. I mostly use Brave browser. I don't like edge anyways i don't use it
2012 R2 isn't supported anymore unless you have ESU, but it is faster than 2022, obviously.
Why disable Windows defender? It can still prevent some virus programs, especially when files interact.
I recommend webtop